Paper 2025/1610
BunnyFinder: Finding Incentive Flaws for Ethereum Consensus
Abstract
Ethereum, a leading blockchain platform, relies on incentive mechanisms to improve its stability. Recently, several attacks targeting the incentive mechanisms have been proposed. Examples include the so-called reorganization attacks that cause blocks proposed by honest validators to be discarded to gain more rewards. Finding these attacks, however, heavily relies on expert knowledge and may involve substantial manual effort. We present BunnyFinder, a semi-automated framework for finding incentive flaws in Ethereum. BunnyFinder is inspired by failure injection, a technique commonly used in software testing for finding implementation vulnerabilities. Instead of finding implementation vulnerabilities, we aim to find design flaws. Our main technical contributions involve a carefully designed strategy generator that generates a large pool of attack instances, an automatic workflow that launches attacks and analyzes the results, and a workflow that integrates reinforcement learning to fine-tune the attack parameters and identify the most profitable attacks. We simulate a total of 9,354 attack instances using our framework and find the following results. First, our framework reproduces five known incentive attacks that were previously found manually. Second, we find three new attacks that can be identified as incentive flaws. Finally and surprisingly, one of our experiments also identified two implementation flaws.
Note: This is the full version of the paper accepted at the Network and Distributed System Security (NDSS) Symposium 2026
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Published elsewhere. Minor revision. Network and Distributed System Security (NDSS) Symposium 2026
- DOI
- https://dx.doi.org/10.14722/ndss.2026.230022
- Keywords
- Ethereum ConsensusIncentive FlawsBlockchain
- Contact author(s)
-
rujia @ tsinghua edu cn
mingfei zh @ outlook com
xueqian lu @ bitheart org
xuwenbo xwb @ antgroup com
fuying yy @ antgroup com
duansisi @ tsinghua edu cn - History
- 2025-09-11: approved
- 2025-09-08: received
- See all versions
- Short URL
- https://ia.cr/2025/1610
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2025/1610,
author = {Rujia Li and Mingfei Zhang and Xueqian Lu and Wenbo Xu and Ying Yan and Sisi Duan},
title = {{BunnyFinder}: Finding Incentive Flaws for Ethereum Consensus},
howpublished = {Cryptology {ePrint} Archive, Paper 2025/1610},
year = {2025},
doi = {https://dx.doi.org/10.14722/ndss.2026.230022},
url = {https://eprint.iacr.org/2025/1610}
}