Paper 2025/1610

BunnyFinder: Finding Incentive Flaws for Ethereum Consensus

Rujia Li, Tsinghua University
Mingfei Zhang, Shandong University
Xueqian Lu, Independent Reseacher
Wenbo Xu, AntChain Platform Division, Ant Group
Ying Yan, Blockchain Platform Division, Ant Group
Sisi Duan, Tsinghua University
Abstract

Ethereum, a leading blockchain platform, relies on incentive mechanisms to improve its stability. Recently, several attacks targeting the incentive mechanisms have been proposed. Examples include the so-called reorganization attacks that cause blocks proposed by honest validators to be discarded to gain more rewards. Finding these attacks, however, heavily relies on expert knowledge and may involve substantial manual effort. We present BunnyFinder, a semi-automated framework for finding incentive flaws in Ethereum. BunnyFinder is inspired by failure injection, a technique commonly used in software testing for finding implementation vulnerabilities. Instead of finding implementation vulnerabilities, we aim to find design flaws. Our main technical contributions involve a carefully designed strategy generator that generates a large pool of attack instances, an automatic workflow that launches attacks and analyzes the results, and a workflow that integrates reinforcement learning to fine-tune the attack parameters and identify the most profitable attacks. We simulate a total of 9,354 attack instances using our framework and find the following results. First, our framework reproduces five known incentive attacks that were previously found manually. Second, we find three new attacks that can be identified as incentive flaws. Finally and surprisingly, one of our experiments also identified two implementation flaws.

Note: This is the full version of the paper accepted at the Network and Distributed System Security (NDSS) Symposium 2026

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published elsewhere. Minor revision. Network and Distributed System Security (NDSS) Symposium 2026
DOI
https://dx.doi.org/10.14722/ndss.2026.230022
Keywords
Ethereum ConsensusIncentive FlawsBlockchain
Contact author(s)
rujia @ tsinghua edu cn
mingfei zh @ outlook com
xueqian lu @ bitheart org
xuwenbo xwb @ antgroup com
fuying yy @ antgroup com
duansisi @ tsinghua edu cn
History
2025-09-11: approved
2025-09-08: received
See all versions
Short URL
https://ia.cr/2025/1610
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2025/1610,
      author = {Rujia Li and Mingfei Zhang and Xueqian Lu and Wenbo Xu and Ying Yan and Sisi Duan},
      title = {{BunnyFinder}: Finding Incentive Flaws for Ethereum Consensus},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/1610},
      year = {2025},
      doi = {https://dx.doi.org/10.14722/ndss.2026.230022},
      url = {https://eprint.iacr.org/2025/1610}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.