Paper 2019/775

Pay-To-Win: Incentive Attacks on Proof-of-Work Cryptocurrencies

Aljosha Judmayer and Nicholas Stifter and Alexei Zamyatin and Itay Tsabary and Ittay Eyal and Peter Gazi and Sarah Meiklejohn and Edgar Weippl

Abstract

The feasibility of bribing attacks on cryptocurrencies was first highlighted in 2016, with various new techniques and approaches having since been proposed. Recent reports of real world $ 51\% $ attacks on smaller cryptocurrencies underline the realistic threat bribing attacks present, in particular to permissionless cryptocurrencies. In this paper, bribing attacks and similar techniques, which we refer to as incentive attacks, are systematically analyzed and categorized.Thereby, we show that the problem space is not fully explored and present several new and improved incentive attacks. We identify no- and near-fork incentive attacks as a powerful, yet largely overlooked, category. In particular transaction ordering and exclusion attacks raise serious security concerns for stateful cryptocurrencies, such as smart contract platforms. Further, we propose the first trustless out-of-band bribing attack capable of facilitating double-spend collusion across different blockchains that reimburses collaborators in case of failure. Our attack is hereby rendered between $ 85 \% $ and $ 95 \% $ cheaper than comparable bribing techniques (e.g., the whale attack). We implement the basic building blocks of all our out-of-band attacks as Ethereum smart contracts to demonstrate their feasibility.