Paper 2023/956
Speculative Denial-of-Service Attacks in Ethereum
Abstract
The expressiveness of Turing-complete blockchains implies that verifying a transaction's validity requires executing it on the current blockchain state. Transaction fees are designed to compensate actors for resources expended on transactions, but can only be charged from transactions included in blocks. In this work, we show that adversaries can craft malicious transactions that decouple the work imposed on blockchain actors from the compensation offered in return. We introduce three attacks: (i) ConditionalExhaust, the first conditional Resource Exhaustion Attack (REA) against blockchain actors. (ii) MemPurge, an attack for evicting transactions from victims' mempools. (iii) These attack are augmented by GhostTX, the first attack on the reputation system used in Ethereum's Proposer-Builder Separation ecosystem. We empirically evaluate the attacks on an Ethereum testnet. The worst-case result we find is that by combining ConditionalExhaust and MemPurge, an adversary can simultaneously burden victims' computational resources and clog their mempools, to the point where victims are unable to include transactions in their blocks. Thus, victims create empty blocks, thereby hurting the system's liveness. The expected cost of a one-shot combined attack is $376, but becomes much cheaper if the adversary is a validator. For other attackers, costs decrease if censorship is prevalent in the network. ConditionalExhaust and MemPurge are made possible by inherent features of Turing-complete blockchains. Potential mitigations may result in reducing a ledger's scalability, an undesirable outcome likely harming its competitiveness.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- Ethereumblockchaincryptocurrenciessecuritydenial-of-service
- Contact author(s)
-
aviv yaish @ mail huji ac il
kaihua qin @ imperial ac uk
liyi zhou @ imperial ac uk
avivz @ cs huji ac il
arthur @ gervais cc - History
- 2023-06-19: revised
- 2023-06-18: received
- See all versions
- Short URL
- https://ia.cr/2023/956
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/956, author = {Aviv Yaish and Kaihua Qin and Liyi Zhou and Aviv Zohar and Arthur Gervais}, title = {Speculative Denial-of-Service Attacks in Ethereum}, howpublished = {Cryptology ePrint Archive, Paper 2023/956}, year = {2023}, note = {\url{https://eprint.iacr.org/2023/956}}, url = {https://eprint.iacr.org/2023/956} }