On-Spend Attacks: Analysis & Defenses
- On-spend attacks are adversarial strategies that allow spending the same digital asset twice by exploiting protocol, network, and implementation weaknesses.
- Mathematical models and empirical studies quantify success probabilities and profitability, emphasizing the roles of confirmation depth and resource distribution.
- Defense strategies involve increasing confirmation thresholds, robust network monitoring, and economic incentive engineering to mitigate double-spend vulnerabilities.
On-spend attacks, also known as double-spend attacks, constitute a class of adversarial strategies that allow an attacker to spend the same digital asset more than once in a distributed ledger or payment protocol. These attacks exploit synchrony gaps, consensus protocol weaknesses, implementation defects, or economic misalignments to subvert the intended invariants of asset transfer and settlement. The following review synthesizes theoretical and empirical results from state-of-the-art academic research, emphasizing mathematical characterization, attack methodologies, and defense strategies across PoW, PoS, BFT, and cross-layer/web payment protocols.
1. Models and Fundamental Mechanisms
The canonical on-spend attack in Proof-of-Work (PoW) blockchains is the private double-spend, in which an attacker with hash power fraction secretly mines a competing chain that reverses a transaction after its apparent confirmation. The probability of success and profitability are tied to -confirmation security (where is the number of confirmations merchants wait), attacker resources, and protocol dynamics.
Mathematically, the probability that an attacker overtakes confirmation blocks is given by the infinite-sum Poisson-Gambler’s ruin formula: where is the attacker’s hash-fraction and the honest hash-fraction (Ozisik et al., 2017). More detailed models incorporate finite cut-off times, explicit cost structures, and synchronization delays (Jang et al., 2019, Grunspan et al., 2019, Bissias et al., 2016).
On-spend attacks also exploit network partitioning, as in the Balance Attack, where an adversary controlling fraction induces temporary network splits and leverages the resulting consistency split to reorder or remove on-chain transactions with high probability (Natoli et al., 2016, Ekparinya et al., 2018). Non-consensus-plane attacks, such as web-layer timing mismatches and VM non-determinism, create equivalent semantics at the boundary between web APIs and async on-chain settlement (Li et al., 12 May 2026, Peng et al., 2018).
2. Variants and Attack Methodologies
2.1 Blockchain Consensus-Level Attacks
- Classic private double-spend: Attacker withholds blocks, waits for a transaction to achieve confirmations, and then publishes a longer branch excluding the transaction, invalidating the recipient’s payment (Ozisik et al., 2017, Bissias et al., 2016).
- Balance Attack: Network is partitioned into subgroups of miners with near-equal hash-rate; the attacker delays inter-subgraph communication for 0 seconds and mines on both sides. Upon reconnection, by exceeding the block-gap 1 between subgroups, the attacker replaces the canonical chain with a privately-constructed one, triggering reorg and triggering a double-spend (Natoli et al., 2016, Ekparinya et al., 2018).
- Stubborn/selfish double-spend: Mining pools use “stubbornness” strategies—matching or withholding blocks to optimize the probability and profitability of both double-spending and mining rewards, parameterized by the stubbornness level 2 and confirmation rule 3 (Doger et al., 6 Jan 2025).
2.2 Byzantine and BFT-Related Double-Spend
Proof-of-Stake and BFT-based protocols are exposed to reorg and equivocation attacks below classical “Byzantine” threshold (e.g., sub-1/3 in ETH 2.0). In Ethereum 2.0, withholding blocks and attestations enables sub-1/3 attackers to induce short-range reorgs and delay finality, directly enabling profitable double-spends or deterministic front-running (Neuder et al., 2021).
2.3 Layer/Implementation and Web-Surface On-Spend Attacks
Several attacks exploit implementation or integration flaws:
- VM divergence: Smart contract interpreters with differing memory safety, uninitialized reads, or inconsistent standard-library semantics enable forks that are exploitable for double-spend (Peng et al., 2018).
- HTTP–chain boundary and web-layer attacks: Payment protocols such as x402 reveal cross-layer TOCTTOU vulnerabilities (e.g., granting resource access on mempool inclusion, failing to bind HTTP headers to on-chain settlement), replay attacks (idempotency failures), and cache leaks that all allow on-spend scenarios in web payments and API clients (Li et al., 12 May 2026).
3. Success Probability, Profitability, and Risk Quantification
3.1 Success Probability
- Classic PoW (Nakamoto): 4. For 5, 6, success probability falls to 7, rationalizing “six confirmations” as a standard (Ozisik et al., 2017).
- Balance Attack (PoW with partition): Chernoff bound (for 8 partitions)
9
Required partition time falls steeply with 0; in R3 consortium (Ethereum-private) with 1, success probability approaches 2 after 3 minutes (Natoli et al., 2016, Ekparinya et al., 2018).
- Finite-time Poisson model: The attack remains profitable for 4 if and only if the expected reward (including block rewards and stolen value) exceeds the expected cost within finite attempt duration 5 (Jang et al., 2019). For sub-majority adversaries, as 6, 7 and the attack becomes unprofitable.
3.2 Profit Maximization
Attackers weigh expected revenue from blocked funds, mining rewards, and transaction value against the rental or operational cost of mining. The point of profitability is when
8
Solving for the break-even spend 9 yields formulae in terms of attacker hash-rate, block-reward, and confirmation depth (Grunspan et al., 2019, Bissias et al., 2016, Jang et al., 2019).
- Attack optimization: The threshold at which an attacker can double-spend at zero mining cost corresponds to maximizing their stubbornness 0 such that 1. Merchant-set confirmation rules must satisfy 2 to preclude risk-free attacks (Doger et al., 6 Jan 2025).
3.3 Empirical Characterization
- Private/Public/Consortium Chains: BGP hijacking enables efficient partitions in consortium blockchains, while ARP spoofing attacks local/private setups—leading to 3 double-spend success in 4 minutes for both (Ekparinya et al., 2018).
- Web-layer Protocols: In x402, revert-grant attacks yield unpaid service rates up to 5 under 6, and 100% under a Byzantine facilitator (Li et al., 12 May 2026).
4. Defenses and Protocol Mitigations
4.1 Protocol and Network-Level
- Increasing confirmation depth 7: Secure against larger attackers and higher-value transactions.
- Delayed response/Two-phase commit: Deny service granting until transaction confirmation finality (8) at the settlement layer (Li et al., 12 May 2026).
- Network monitoring and peer-diversity: Detect and respond to partitioning, BGP hijacks, or ARP spoofing (Ekparinya et al., 2018).
4.2 Incentive and Reward Engineering
- Adversary-aware block assembly: Miners compute the adversary’s break-even point for double-spend profit 9 and cap transaction-value per block at 0, neutralizing the economic incentive for sub-majority adversaries (Georghiades et al., 2023). This approach is shown to succeed at 1 attacker hash-rate for 2-confirmation Bitcoin workloads.
- On-demand counterattack: If merchants or exchanges can credibly commit to rent 3 worth of hash-power (with 4 the value at risk, 5 rental price per share), the threat of counter-reorg provably deters any initial double-spend attempt (Moroz et al., 2020).
4.3 Implementation Fixes and Cross-Layer Hygiene
- Deterministic VM execution/log hashing: Record and hash the sequence of database writes in each block header; full node replay checks for divergence, preventing all non-determinism-induced double-spends (Peng et al., 2018).
- Memory safety and library unification: Harden runtime environments, enforce all cryptographic parameter checks, and prevent function/library drift between node implementations.
- HTTP-chain atomicity: Bind crucial grant decisions (idempotency, resource, facilitator) atomically to settlement events, avoid cache-based content leaks, require authenticated discovery, and validate input metadata in web protocols (Li et al., 12 May 2026).
5. Taxonomy and Cross-Disciplinary Synthesis
Attack Classifications
| Root Cause | Example Exploits | Mitigation Direction |
|---|---|---|
| Insufficient verification/binding | Merkle-leaf duplication (NEO) | Bind all data, no duplicated leaves |
| VM execution non-determinism | EOS grow_memory bug | Log-hash writes, standardized runtimes |
| Consensus protocol-level forks | PoW reorg, stake-based reorgs | Raise 6, BFT checkpointing, fines |
| Web/protocol surface inconsistencies | x402 TOCTTOU, replay, cache leak | Two-phase commit, binding, header hygiene |
Design Principles
- Disallow any unseeded non-deterministic or system-dependent behavior in contract execution.
- Bind every bit of transaction and authorization data in the hash committed to consensus.
- Require explicit atomicity at all cross-layer security boundaries.
- Monitor and restrict attacks at the discovery, network, and consensus layers, not just at settlement.
- Incentivize or enforce adversary-aware behavior in block construction, shifting economic defense from merchants to protocol-level consensus (Georghiades et al., 2023).
6. Emerging Directions and Case Studies
Numerous results confirm the relevance and sophistication of modern on-spend attacks:
- In proof-of-work, attackers with even 7 can achieve 8 success on small consortium chains for modest partition times, while large public networks like Bitcoin require prohibitive delay durations for comparable risk (Natoli et al., 2016, Ekparinya et al., 2018).
- Sub-majority attackers are profitable in Bitcoin at 6 confirmations only if they control at least 9 of hash power given actual block-value turnover (Georghiades et al., 2023).
- In distributed agentic payment protocols (e.g., x402), the attack surface includes cross-layer, web-API, and semantic inconsistencies absent from blockchain-only protocols, with measured attack success rates exceeding 0 in realistic adverse settings (Li et al., 12 May 2026).
- The optimal level of stubbornness for selfish/double-spending mining derives from explicit stochastic analysis and can substantially increase attacker reward and risk per attack cycle if confirmation parameters are too small (Doger et al., 6 Jan 2025).
7. Conclusions and Protocol Recommendations
On-spend attacks span a wide spectrum, from protocol-level mining reorgs and consensus mechanism exploits, through virtual machine non-determinism, to cross-layer web payment protocol attacks. Mathematical models and empirical studies consistently demonstrate that double-spend risk cannot be eliminated by confirmation depth alone; attackers with sub-majority resources can profit under poor protocol or ecosystem discipline.
Robust defense must combine:
- Proper parameterization (1 scaling with transaction value and network structure),
- Network-level monitoring of partitions and routing anomalies,
- Implementation-level deterministic processing and cross-version unification,
- Incentive-aligned mining, where adversary-aware reward functions cap the transaction value to neutralize double-spend profit,
- Secure-by-design web and agentic payment protocols, where all grants and settlements are atomic and precisely bound.
Failure to engineer these mitigations exposes both permissionless and permissioned ledgers—and emerging web-native payment applications—to persistent on-spend risk. Adopting adversary-aware protocols and disseminating economic security responsibility to the protocol and miner ecosystem, rather than delegating confirmation thresholds to end-users, represents a forward-secure design principle substantiated by recent literature (Georghiades et al., 2023, Doger et al., 6 Jan 2025, Natoli et al., 2016, Ekparinya et al., 2018, Li et al., 12 May 2026).