Paper 2022/1020

Uncle Maker: (Time)Stamping Out The Competition in Ethereum

Aviv Yaish, Hebrew University of Jerusalem
Gilad Stern, Hebrew University of Jerusalem
Aviv Zohar, Hebrew University of Jerusalem
Abstract

We present an attack on Ethereum's consensus mechanism which can be used by miners to obtain consistently higher mining rewards compared to the honest protocol. This attack is novel in that it does not entail withholding blocks or any behavior which has a non-zero probability of earning less than mining honestly, in contrast with the existing literature. This risk-less attack relies instead on manipulating block timestamps, and carefully choosing whether and when to do so. We present this attack as an algorithm, which we then analyze to evaluate the revenue a miner obtains from it, and its effect on a miner's absolute and relative share of the main-chain blocks. The attack allows an attacker to replace competitors' main-chain blocks after the fact with a block of its own, thus causing the replaced block's miner to lose all transactions fees for the transactions contained within the block, which will be demoted from the main-chain. This block, although ``kicked-out'' of the main-chain, will still be eligible to be referred to by other main-chain blocks, thus becoming what is commonly called in Ethereum an uncle. We proceed by defining multiple variants of this attack, and assessing whether any of these attacks has been performed in the wild. Surprisingly, we find that this is indeed true, making this the first case of a confirmed consensus-level manipulation performed on a major cryptocurrency. Additionally, we implement a variant of this attack as a patch for geth, Ethereum's most popular client, making it the first consensus-level attack on Ethereum which is implemented as a patch. Finally, we suggest concrete fixes for Ethereum's protocol and implemented them as a patch for geth which can be adopted quickly and mitigate the attack and its variants.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published elsewhere. Major revision. ACM Conference on Computer and Communications Security (CCS) 2023
DOI
10.1145/3576915.3616674
Keywords
blockchaincryptocurrencyblockchainscryptocurrenciesethereumproof-of-workpow
Contact author(s)
aviv yaish @ mail huji ac il
Gilad Stern @ mail huji ac il
avivz @ cs huji ac il
History
2024-02-17: last of 3 revisions
2022-08-07: received
See all versions
Short URL
https://ia.cr/2022/1020
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/1020,
      author = {Aviv Yaish and Gilad Stern and Aviv Zohar},
      title = {Uncle Maker: (Time)Stamping Out The Competition in Ethereum},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/1020},
      year = {2022},
      doi = {10.1145/3576915.3616674},
      url = {https://eprint.iacr.org/2022/1020}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.