Paper 2023/956
Speculative Denial-of-Service Attacks in Ethereum
Abstract
Transaction fees compensate actors for resources expended on transactions and can only be charged from transactions included in blocks. But, the expressiveness of Turing-complete contracts implies that verifying if transactions can be included requires executing them on the current blockchain state. In this work, we show that adversaries can craft malicious transactions that decouple the work imposed on blockchain actors from the compensation offered in return. We introduce three attacks: (i) ConditionalExhaust, a conditional resource-exhaustion attack against blockchain actors. (ii) MemPurge, an attack for evicting transactions from actors' mempools. (iii) GhostTX, an attack on the reputation system used in Ethereum's proposer-builder separation ecosystem. We evaluate our attacks on an Ethereum testnet and find that by combining ConditionalExhaust and MemPurge, adversaries can simultaneously burden victims' computational resources and clog their mempools to the point where victims are unable to include transactions in blocks. Thus, victims create empty blocks, thereby hurting the system's liveness. The attack's expected cost is $376, but becomes cheaper if adversaries are validators. For other attackers, costs decrease if censorship is prevalent in the network. ConditionalExhaust and MemPurge are made possible by inherent features of Turing-complete blockchains, and potential mitigations may result in reducing a ledger's scalability.
Metadata
- Available format(s)
- Category
- Attacks and cryptanalysis
- Publication info
- Published elsewhere. Major revision. USENIX Security Symposium 2024
- Keywords
- Ethereumblockchaincryptocurrenciessecuritydenial-of-service
- Contact author(s)
-
aviv yaish @ mail huji ac il
kaihua qin @ imperial ac uk
liyi zhou @ imperial ac uk
avivz @ cs huji ac il
arthur @ gervais cc - History
- 2024-02-17: last of 3 revisions
- 2023-06-18: received
- See all versions
- Short URL
- https://ia.cr/2023/956
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/956, author = {Aviv Yaish and Kaihua Qin and Liyi Zhou and Aviv Zohar and Arthur Gervais}, title = {Speculative Denial-of-Service Attacks in Ethereum}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/956}, year = {2023}, url = {https://eprint.iacr.org/2023/956} }