Paper 2023/956

Speculative Denial-of-Service Attacks in Ethereum

Aviv Yaish, Hebrew University of Jerusalem
Kaihua Qin, Imperial College London
Liyi Zhou, Imperial College London
Aviv Zohar, Hebrew University of Jerusalem
Arthur Gervais, University College London

The expressiveness of Turing-complete blockchains implies that verifying a transaction's validity requires executing it on the current blockchain state. Transaction fees are designed to compensate actors for resources expended on transactions, but can only be charged from transactions included in blocks. In this work, we show that adversaries can craft malicious transactions that decouple the work imposed on blockchain actors from the compensation offered in return. We introduce three attacks: (i) ConditionalExhaust, the first conditional Resource Exhaustion Attack (REA) against blockchain actors. (ii) MemPurge, an attack for evicting transactions from victims' mempools. (iii) These attack are augmented by GhostTX, the first attack on the reputation system used in Ethereum's Proposer-Builder Separation ecosystem. We empirically evaluate the attacks on an Ethereum testnet. The worst-case result we find is that by combining ConditionalExhaust and MemPurge, an adversary can simultaneously burden victims' computational resources and clog their mempools, to the point where victims are unable to include transactions in their blocks. Thus, victims create empty blocks, thereby hurting the system's liveness. The expected cost of a one-shot combined attack is $376, but becomes much cheaper if the adversary is a validator. For other attackers, costs decrease if censorship is prevalent in the network. ConditionalExhaust and MemPurge are made possible by inherent features of Turing-complete blockchains. Potential mitigations may result in reducing a ledger's scalability, an undesirable outcome likely harming its competitiveness.

Available format(s)
Attacks and cryptanalysis
Publication info
Contact author(s)
aviv yaish @ mail huji ac il
kaihua qin @ imperial ac uk
liyi zhou @ imperial ac uk
avivz @ cs huji ac il
arthur @ gervais cc
2023-06-19: revised
2023-06-18: received
See all versions
Short URL
Creative Commons Attribution


      author = {Aviv Yaish and Kaihua Qin and Liyi Zhou and Aviv Zohar and Arthur Gervais},
      title = {Speculative Denial-of-Service Attacks in Ethereum},
      howpublished = {Cryptology ePrint Archive, Paper 2023/956},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.