### Opportunistic Algorithmic Double-Spending: How I learned to stop worrying and hedge the Fork

##### Abstract

In this paper, we outline a novel form of attack we refer to as Opportunistic Algorithmic Double-Spending (OpAl ). OpAl attacks avoid equivocation, i.e., do not require conflicting transactions, and are carried out automatically in case of a fork. Algorithmic double-spending is facilitated through transaction semantics that dynamically depend on the context and ledger state at the time of execution. Hence, OpAl evades common double-spending detection mechanisms and can opportunistically leverage forks, even if the malicious sender themselves is not responsible for, or even actively aware of, any fork. Forkable ledger designs with expressive transaction semantics, especially stateful EVM-based smart contract platforms such as Ethereum, are particularly vulnerable. Hereby, the cost of modifying a regular transaction to opportunistically perform an OpAl attack is low enough to consider it a viable default strategy. While Bitcoin’s stateless UTXO model, or Cardano’s EUTXO model, appear more robust against OpAl , we nevertheless demonstrate scenarios where transactions are semantically malleable and thus vulnerable. To determine whether OpAl -like semantics can be observed in practice, we analyze the execution traces of 922562 transactions on the Ethereum blockchain. Hereby, we are able to identify transactions, which may be associated with frontrunning and MEV bots, that exhibit some of the design patterns also employed as part of the herein presented attack.

Note: A condensed version of this paper is to appear at ESORICS 2022

Available format(s)
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
algorithmic double-spending cryptocurrency blockchain
Contact author(s)
nstifter @ sba-research org
History
2022-08-03: last of 2 revisions
See all versions
Short URL
https://ia.cr/2021/1182

CC BY

BibTeX

@misc{cryptoeprint:2021/1182,
author = {Nicholas Stifter and Aljosha Judmayer and Philipp Schindler and Edgar Weippl},
title = {Opportunistic Algorithmic Double-Spending: How I learned to stop worrying and hedge the Fork},
howpublished = {Cryptology ePrint Archive, Paper 2021/1182},
year = {2021},
note = {\url{https://eprint.iacr.org/2021/1182}},
url = {https://eprint.iacr.org/2021/1182}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.