Paper 2023/956

Speculative Denial-of-Service Attacks in Ethereum

Aviv Yaish, Hebrew University of Jerusalem
Kaihua Qin, Imperial College London
Liyi Zhou, Imperial College London
Aviv Zohar, Hebrew University of Jerusalem
Arthur Gervais, University College London
Abstract

Transaction fees compensate actors for resources expended on transactions and can only be charged from transactions included in blocks. But, the expressiveness of Turing-complete contracts implies that verifying if transactions can be included requires executing them on the current blockchain state. In this work, we show that adversaries can craft malicious transactions that decouple the work imposed on blockchain actors from the compensation offered in return. We introduce three attacks: (i) ConditionalExhaust, a conditional resource-exhaustion attack against blockchain actors. (ii) MemPurge, an attack for evicting transactions from actors' mempools. (iii) GhostTX, an attack on the reputation system used in Ethereum's proposer-builder separation ecosystem. We evaluate our attacks on an Ethereum testnet and find that by combining ConditionalExhaust and MemPurge, adversaries can simultaneously burden victims' computational resources and clog their mempools to the point where victims are unable to include transactions in blocks. Thus, victims create empty blocks, thereby hurting the system's liveness. The attack's expected cost is $376, but becomes cheaper if adversaries are validators. For other attackers, costs decrease if censorship is prevalent in the network. ConditionalExhaust and MemPurge are made possible by inherent features of Turing-complete blockchains, and potential mitigations may result in reducing a ledger's scalability.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published elsewhere. Major revision. USENIX Security Symposium 2024
Keywords
Ethereumblockchaincryptocurrenciessecuritydenial-of-service
Contact author(s)
aviv yaish @ mail huji ac il
kaihua qin @ imperial ac uk
liyi zhou @ imperial ac uk
avivz @ cs huji ac il
arthur @ gervais cc
History
2024-02-17: last of 3 revisions
2023-06-18: received
See all versions
Short URL
https://ia.cr/2023/956
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2023/956,
      author = {Aviv Yaish and Kaihua Qin and Liyi Zhou and Aviv Zohar and Arthur Gervais},
      title = {Speculative Denial-of-Service Attacks in Ethereum},
      howpublished = {Cryptology ePrint Archive, Paper 2023/956},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/956}},
      url = {https://eprint.iacr.org/2023/956}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.