Three Attacks on Proof-of-Stake Ethereum (2110.10086v1)

Abstract: Recently, two attacks were presented against Proof-of-Stake (PoS) Ethereum: one where short-range reorganizations of the underlying consensus chain are used to increase individual validators' profits and delay consensus decisions, and one where adversarial network delay is leveraged to stall consensus decisions indefinitely. We provide refined variants of these attacks, considerably relaxing the requirements on adversarial stake and network timing, and thus rendering the attacks more severe. Combining techniques from both refined attacks, we obtain a third attack which allows an adversary with vanishingly small fraction of stake and no control over network message propagation (assuming instead probabilistic message propagation) to cause even long-range consensus chain reorganizations. Honest-but-rational or ideologically motivated validators could use this attack to increase their profits or stall the protocol, threatening incentive alignment and security of PoS Ethereum. The attack can also lead to destabilization of consensus from congestion in vote processing.

• The paper demonstrates that minimal adversarial stake can successfully execute chain reorganization attacks, replacing segments of the blockchain.
• It identifies liveness attacks that exploit network latency and probabilistic delays to indefinitely stall consensus without full control.
• The combined attack strategy undermines both GHOST and finality mechanisms, raising concerns about overall protocol stability.

An Analysis of Proof-of-Stake Ethereum Attacks

The paper "Three Attacks on Proof-of-Stake Ethereum" authored by Schwarz-Schilling, Neu, Monnot, Asgaonkar, Tas, and Tse presents a technical evaluation of vulnerabilities in Proof-of-Stake (PoS) Ethereum. The research delineates three refined attack vectors that exploit specific characteristics and assumptions within the Ethereum Gasper consensus protocol.

Attack Overview

The authors identify two primary attack vectors against the PoS Ethereum consensus mechanism: (1) chain reorganization attacks and (2) liveness attacks. In addition, they combine these strategies to introduce a new class of attacks that significantly threaten network stability with minimal adversarial stake.

1. Chain Reorganization Attacks: The research elaborates on the feasibility of executing short-range and long-range reorgs within the Ethereum blockchain. These attacks take advantage of specific timing and voting strategies to replace segments of the chain. Notably, through refined techniques, the authors demonstrate that minimal adversarial stake is needed to mount reorg attacks successfully, reducing requirements from a linear stake in validators to as little as a single adversarial validator for short reorgs. Previously, executing such attacks required more significant control over validators, but the refined strategies assert potential feasibility even with small fractions of control.
2. Liveness Attacks: This vector focuses on stalling the blockchain protocol without requiring adversarial network control. By leveraging inherent network latency and strategic timing of releases ("balancing attacks"), an adversary can delay consensus decisions indefinitely. The paper's notable contribution in this context is showing that deterministic control over network delays is unnecessary. Instead, probabilistic network models, which are more representative of real-world conditions, suffice to sustain these attacks.
3. Combined Attack Strategy: By synthesizing the mechanics of the reorg and liveness attacks, the paper presents an attack with even broader implications. This strategy allows an adversary to extend reorganization efforts beyond temporary partitions, destabilizing both the Greedy Heaviest-Observed Sub-Tree (GHOST) and finality mechanisms of Casper FFG. As such, even minor stakeholders could manipulate voting dynamics to reconfigure the chain significantly.

Implications and Future Directions

This paper's findings have considerable relevance for both theoretical blockchain security and practical protocol design. The implication is clear: even marginal adversarial influence poses potential risks to the assumption of consensus safety and liveness in PoS systems. Specific outcomes include:

• Reorg Feasibility: The paper accentuates the risks of reorg attacks, emphasizing the importance of considering both large-scale and subtle attack vectors during protocol development.
• Network Liveness: It underscores the challenge of maintaining liveness in the presence of strategic adversaries, stressing the need for mechanisms that can tolerate probabilistic yet non-determinable delays in message propagation.
• Incentivization and MEV: The potential to extract increased MEV through these attack vectors raises questions about the protocol's economic incentives and their alignment with network security.

Moving forward, these insights drive the conversation toward refining PoS mechanisms to improve resiliency without over-reliance on assumptions concerning network behavior and validator honesty. Enhancing protocol adaptability to handle the illustrative variants of disruptions outlined will be critical, ensuring that PoS systems can meet the robust decentralization and security goals envisioned within blockchain ecosystems.