Paper 2023/1622
Max Attestation Matters: Making Honest Parties Lose Their Incentives in Ethereum PoS
Abstract
We present staircase attack, the first attack on the incentive mechanism of the Proof-of-Stake (PoS) protocol used in Ethereum 2.0 beacon chain. Our attack targets the penalty of the incentive mechanism that penalizes inactive participation. Our attack can make honest validators suffer from penalties, even if they strictly follow the specification of the protocol. We show both theoretically and experimentally that if the adversary controls 29.6% stake in a moderate-size system, the attack can be launched continuously, so eventually all honest validators will lose their incentives. In contrast, the adversarial validators can still receive incentives, and the stake owned by the adversary can eventually exceed the $1/3$ threshold (system assumption), posing a threat to the security properties of the system. In practice, the attack feasibility is directly related to two parameters: the number of validators and the parameter MAX_ATTESTATION, the maximum number of attestations (i.e., votes) that can be included in each block. We further modify our attack such that, with current system setup (850,000 validators and MAX_ATTESTATION=128), our attack can be launched continuously with a probability of 80.25%. As a result, the incentives any honest validator receives are only 28.9% of its fair share.
Metadata
- Available format(s)
- Category
- Attacks and cryptanalysis
- Publication info
- Published elsewhere. Minor revision. USENIX Security 2024
- Keywords
- blockchainPoSincentive mechanismattack
- Contact author(s)
-
mingfei zh @ outlook com
rujia @ tsinghua edu cn
duansisi @ tsinghua edu cn - History
- 2024-04-08: last of 3 revisions
- 2023-10-19: received
- See all versions
- Short URL
- https://ia.cr/2023/1622
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1622, author = {Mingfei Zhang and Rujia Li and Sisi Duan}, title = {Max Attestation Matters: Making Honest Parties Lose Their Incentives in Ethereum {PoS}}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/1622}, year = {2023}, url = {https://eprint.iacr.org/2023/1622} }