You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
title={Breaking the Balance of Power: Commitment Attacks on Ethereum's Reward Mechanism},
48
-
author={Roozbeh Sarenche and Ertem Nusret Tas and Barnabe Monnot and Caspar Schwarz-Schilling and Bart Preneel},
49
-
year={2024},
50
-
eprint={2407.19479},
51
-
archivePrefix={arXiv},
52
-
primaryClass={cs.CR},
53
-
url={https://arxiv.org/abs/2407.19479},
54
-
}
55
-
56
-
57
-
58
-
@article{10.1145/3391195,
59
-
author = {Chen, Huashan and Pendleton, Marcus and Njilla, Laurent and Xu, Shouhuai},
60
-
title = {A Survey on Ethereum Systems Security: Vulnerabilities, Attacks, and Defenses},
61
-
year = {2020},
62
-
issue_date = {May 2021},
63
-
publisher = {Association for Computing Machinery},
64
-
address = {New York, NY, USA},
65
-
volume = {53},
66
-
number = {3},
67
-
issn = {0360-0300},
68
-
url = {https://doi.org/10.1145/3391195},
69
-
doi = {10.1145/3391195},
70
-
abstract = {Blockchain technology is believed by many to be a game changer in many application domains. While the first generation of blockchain technology (i.e., Blockchain 1.0) is almost exclusively used for cryptocurrency, the second generation (i.e., Blockchain 2.0), as represented by Ethereum, is an open and decentralized platform enabling a new paradigm of computing—Decentralized Applications (DApps) running on top of blockchains. The rich applications and semantics of DApps inevitably introduce many security vulnerabilities, which have no counterparts in pure cryptocurrency systems like Bitcoin. Since Ethereum is a new, yet complex, system, it is imperative to have a systematic and comprehensive understanding on its security from a holistic perspective, which was previously unavailable in the literature. To the best of our knowledge, the present survey, which can also be used as a tutorial, fills this void. We systematize three aspects of Ethereum systems security: vulnerabilities, attacks, and defenses. We draw insights into vulnerability root causes, attack consequences, and defense capabilities, which shed light on future research directions.},
author={Kabla, Arkan Hammoodi Hasan and Anbar, Mohammed and Manickam, Selvakumar and Al-Amiedy, Taief Alaa and Cruspe, Peterson Bernabe and Al-Ani, Ahmed K. and Karuppayah, Shankar},
80
-
journal={IEEE Access},
81
-
title={Applicability of Intrusion Detection System on Ethereum Attacks: A Comprehensive Review},
author = {Neu, Joachim and Tas, Ertem Nusret and Tse, David},
164
-
title = {Two More Attacks on Proof-of-Stake GHOST/Ethereum},
165
-
year = {2022},
166
-
isbn = {9781450398794},
167
-
publisher = {Association for Computing Machinery},
168
-
address = {New York, NY, USA},
169
-
url = {https://doi.org/10.1145/3560829.3563560},
170
-
doi = {10.1145/3560829.3563560},
171
-
abstract = {Ethereum, the world's second largest cryptocurrency with a market capitalization exceeding 120 billion USD as of this writing, aims to switch from Proof-of-Work (PoW) to Proof-of-Stake (PoS) based consensus later in the year 2022 (`the Merge'). Yet, so far, the proposed PoS consensus protocol lacks in rigorous security analysis. We present two new attack strategies targeting the PoS Ethereum consensus protocol. The first attack suggests a fundamental conceptual incompatibility between PoS and the Greedy Heaviest-Observed Sub-Tree (GHOST) fork choice paradigm employed by PoS Ethereum. In a nutshell, PoS allows an adversary with a vanishing amount of stake to produce an unlimited number of equivocating blocks. While most equivocating blocks will be orphaned, such orphaned 'uncle blocks' still influence fork choice under the GHOST paradigm, bestowing upon the adversary devastating control over the canonical chain. While the Latest Message Driven (LMD) aspect of current PoS Ethereum prevents a straightforward application of this attack, our second attack shows how LMD specifically can be exploited to obtain a new variant of the balancing attack that overcomes 'proposer boosting', a recent protocol addition that was intended to mitigate balancing-type attacks. Thus, in its current form, PoS Ethereum without and with LMD is vulnerable to our first and second attack, respectively.},
172
-
booktitle = {Proceedings of the 2022 ACM Workshop on Developments in Consensus},
booktitle="Financial Cryptography and Data Security",
191
-
year="2022",
192
-
publisher="Springer International Publishing",
193
-
address="Cham",
194
-
pages="560--576",
195
-
abstract="Recently, two attacks were presented against Proof-of-Stake (PoS) Ethereum: one where short-range reorganizations of the underlying consensus chain are used to increase individual validators' profits and delay consensus decisions, and one where adversarial network delay is leveraged to stall consensus decisions indefinitely. We provide refined variants of these attacks, considerably relaxing the requirements on adversarial stake and network timing, and thus rendering the attacks more severe. Combining techniques from both refined attacks, we obtain a third attack which allows an adversary with vanishingly small fraction of stake and no control over network message propagation (assuming instead probabilistic message propagation) to cause even long-range consensus chain reorganizations. Honest-but-rational or ideologically motivated validators could use this attack to increase their profits or stall the protocol, threatening incentive alignment and security of PoS Ethereum. The attack can also lead to destabilization of consensus from congestion in vote processing.",
196
-
isbn="978-3-031-18283-9"
197
-
}
198
-
199
-
@INPROCEEDINGS{10646904,
200
-
author={Pavloff, Ulysse and Amoussou-Guenou, Yackolley and Tucci-Piergiovanni, Sara},
201
-
booktitle={2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)},
202
-
title={Byzantine Attacks Exploiting Penalties in Ethereum PoS},
Ethereum prioritizes keeping the blockchain secure, and this will continue due to the large amount of money invested in the network.
4
-
One of the network's most central aspects is the validators, who are responsible for producing the blocks that make up the chain.
5
-
However, security and privacy are at risk as Heimbach et al. explore a vulnerability, enabling de-anonymizing validators and linking IP addresses to them.
6
-
This paper reproduces the de-anonymization on the Ethereum Holesky testnet, verifying the continued existence of the vulnerability.
7
-
The reproduction shows similar results, de-anonymizing close to the same portion of validators found through the experiment.
8
-
Differences from de-anonymization on a testnet contrary to the mainnet are discussed, showing, among other things, that nodes generally run more validators on the testnet.
9
-
The consequences of the validator de-anonymization are also explored, and a potential denial-of-service attack on block proposers is described.
10
-
The Denial-of-Service attack allows an adversary to halt de-anonymized block proposers, resulting in them missing their proposal opportunity and getting penalized.
3
+
This is the abstract~\gls{zkp}~\cite{greenwade1993}.
0 commit comments