Paper 2021/1182

Opportunistic Algorithmic Double-Spending: How I learned to stop worrying and hedge the Fork

Nicholas Stifter, University of Vienna, SBA Research
Aljosha Judmayer, University of Vienna, SBA Research
Philipp Schindler, University of Vienna, SBA Research
Edgar Weippl, University of Vienna, SBA Research
Abstract

In this paper, we outline a novel form of attack we refer to as Opportunistic Algorithmic Double-Spending (OpAl ). OpAl attacks avoid equivocation, i.e., do not require conflicting transactions, and are carried out automatically in case of a fork. Algorithmic double-spending is facilitated through transaction semantics that dynamically depend on the context and ledger state at the time of execution. Hence, OpAl evades common double-spending detection mechanisms and can opportunistically leverage forks, even if the malicious sender themselves is not responsible for, or even actively aware of, any fork. Forkable ledger designs with expressive transaction semantics, especially stateful EVM-based smart contract platforms such as Ethereum, are particularly vulnerable. Hereby, the cost of modifying a regular transaction to opportunistically perform an OpAl attack is low enough to consider it a viable default strategy. While Bitcoin’s stateless UTXO model, or Cardano’s EUTXO model, appear more robust against OpAl , we nevertheless demonstrate scenarios where transactions are semantically malleable and thus vulnerable. To determine whether OpAl -like semantics can be observed in practice, we analyze the execution traces of 922562 transactions on the Ethereum blockchain. Hereby, we are able to identify transactions, which may be associated with frontrunning and MEV bots, that exhibit some of the design patterns also employed as part of the herein presented attack.

Note: A condensed version of this paper is to appear at ESORICS 2022

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
algorithmic double-spending cryptocurrency blockchain
Contact author(s)
nstifter @ sba-research org
History
2022-08-03: last of 2 revisions
2021-09-14: received
See all versions
Short URL
https://ia.cr/2021/1182
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/1182,
      author = {Nicholas Stifter and Aljosha Judmayer and Philipp Schindler and Edgar Weippl},
      title = {Opportunistic Algorithmic Double-Spending: How I learned to stop worrying and hedge the Fork},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/1182},
      year = {2021},
      url = {https://eprint.iacr.org/2021/1182}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.