Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
158 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Asymmetric Mempool DoS Security: Formal Definitions and Provable Secure Designs (2407.03543v2)

Published 3 Jul 2024 in cs.CR

Abstract: The mempool plays a crucial role in blockchain systems as a buffer zone for pending transactions before they are executed and included in a block. However, existing works primarily focus on mitigating defenses against already identified real-world attacks. This paper introduces secure blockchain-mempool designs capable of defending against any form of asymmetric eviction DoS attacks. We establish formal security definitions for mempools under the eviction-based attack vector. Our proposed secure transaction admission algorithm, named \textsc{saferAd-CP}, ensures eviction-security by providing a provable lower bound on the cost of executing eviction DoS attacks. Through evaluation with real transaction trace replays, \textsc{saferAd-CP} demonstrates negligible latency and significantly high lower bounds against any eviction attack, highlighting its effectiveness and robustness in securing blockchain mempools.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (26)
  1. Geth: the go client for ethereum. https://www.ethereum.org/cli\#geth.
  2. Nethermind ethereum client. https://www.nethermind.io/nethermind-client.
  3. Fixing mempurge attacks in geth v1.12.2 (6 lines of code from line 887 to line 894 is added). https://github.com/fs3l/go-ethereum-TNX-defense/tree/eb9bfb43705c2ab94088bb21b5bbf0c257720034, Retrieved Sep, 2023.
  4. txpool_test.go in geth. https://github.com/ethereum/go-ethereum/blob/master/core/txpool/txpool_test.go, Retrieved Mar. 3, 2023.
  5. Known attacks - ethereum smart contract best practices. https://consensys.github.io/smart-contract-best-practices/known_attacks/\#dos-with-block-gas-limit, Retrieved May, 5, 2021.
  6. Geth v1.11.4 release note. https://github.com/ethereum/go-ethereum/releases/tag/v1.11.4, Retrieved July, 2023.
  7. Hyperledger besu. https://www.hyperledger.org/use/besu.
  8. Erigon. https://github.com/ledgerwatch/erigon.
  9. Reth: Modular, contributor-friendly and blazing-fast implementation of the ethereum protocol. https://github.com/paradigmxyz/reth.
  10. Flashbot builder. https://github.com/flashbots/builder, Retrieved April, 2023.
  11. Eigenphi builder. https://github.com/eigenphi/builder.
  12. bloxroute builder. https://github.com/bloXroute-Labs/builder-ws.
  13. Hijacking bitcoin: Routing attacks on cryptocurrencies. In IEEE Symposium on SP 2017, pages 375–392, 2017.
  14. Stressing out: Bitcoin ”stress testing”. In Jeremy Clark, Sarah Meiklejohn, Peter Y. A. Ryan, Dan S. Wallach, Michael Brenner, and Kurt Rohloff, editors, Financial Cryptography and Data Security - FC 2016 International Workshops, BITCOIN, VOTING, and WAHC, Christ Church, Barbados, February 26, 2016, Revised Selected Papers, volume 9604 of Lecture Notes in Computer Science, pages 3–18. Springer, 2016.
  15. Vitalik Buterin. Eip150: Gas cost changes for io-heavy operations.
  16. Nurgle: Exacerbating resource consumption in blockchain state storage via mpt manipulation. arXiv preprint arXiv:2406.10687, 2024.
  17. Eclipse attacks on bitcoin’s peer-to-peer network. In Jaeyeon Jung and Thorsten Holz, editors, USENIX Security 2015, Washington, D.C., USA, pages 129–144. USENIX Association, 2015.
  18. As strong as its weakest link: How to break blockchain dapps at RPC service. In 28th Annual Network and Distributed System Security Symposium, NDSS 2021, virtually, February 21-25, 2021. The Internet Society, 2021.
  19. DETER: denial of ethereum txpool services. In Yongdae Kim, Jong Kim, Giovanni Vigna, and Elaine Shi, editors, CCS ’21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15 - 19, 2021, pages 1645–1667. ACM, 2021.
  20. Low-resource eclipse attacks on ethereum’s peer-to-peer network. IACR Cryptology ePrint Archive, 2018:236, 2018.
  21. Bdos: Blockchain denial of service, 2019.
  22. Broken metre: Attacking resource metering in EVM. In 27th Annual Network and Distributed System Security Symposium, NDSS 2020, San Diego, California, USA, February 23-26, 2020. The Internet Society, 2020.
  23. Mempool optimization for defending against ddos attacks in pow-based blockchain systems. In IEEE International Conference on Blockchain and Cryptocurrency, ICBC 2019, Seoul, Korea (South), May 14-17, 2019, pages 285–292. IEEE, 2019.
  24. A Stealthier Partitioning Attack against Bitcoin Peer-to-Peer Network. In To appear in Proceedings of IEEE Symposium on Security and Privacy (IEEE S&P), 2020.
  25. Understanding ethereum mempool security under asymmetric dos by symbolic fuzzing, 2023.
  26. Speculative denial-of-service attacks in ethereum. Cryptology ePrint Archive, Paper 2023/956, 2023. https://eprint.iacr.org/2023/956.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now