Paper 2023/1622

Max Attestation Matters: Making Honest Parties Lose Their Incentives in Ethereum PoS

Mingfei Zhang, Shandong University
Rujia Li, Tsinghua University
Sisi Duan, Tsinghua University

We present staircase attack, the first attack on the incentive mechanism of the Proof-of-Stake (PoS) protocol used in Ethereum 2.0 beacon chain. Our attack targets the penalty of the incentive mechanism that penalizes inactive participation. Our attack can make honest validators suffer from penalties, even if they strictly follow the specification of the protocol. We show both theoretically and experimentally that if the adversary controls 29.6% stake in a moderate-size system, the attack can be launched continuously, so eventually all honest validators will lose their incentives. In contrast, the adversarial validators can still receive incentives, and the stake owned by the adversary can eventually exceed the $1/3$ threshold (system assumption), posing a threat to the security properties of the system. In practice, the attack feasibility is directly related to two parameters: the number of validators and the parameter MAX_ATTESTATION, the maximum number of attestations (i.e., votes) that can be included in each block. We further modify our attack such that, with current system setup (850,000 validators and MAX_ATTESTATION=128), our attack can be launched continuously with a probability of 80.25%. As a result, the incentives any honest validator receives are only 28.9% of its fair share.

Available format(s)
Attacks and cryptanalysis
Publication info
Published elsewhere. Minor revision. USENIX Security 2024
blockchainPoSincentive mechanismattack
Contact author(s)
mingfei zh @ outlook com
rujia @ tsinghua edu cn
duansisi @ tsinghua edu cn
2024-04-08: last of 3 revisions
2023-10-19: received
See all versions
Short URL
Creative Commons Attribution


      author = {Mingfei Zhang and Rujia Li and Sisi Duan},
      title = {Max Attestation Matters: Making Honest Parties Lose Their Incentives in Ethereum PoS},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1622},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.