Researchers say they discovered consensus level attack on Ethereum — miners cheating the system to earn more

Please fol­low and like us:
Pin Share

A research paper pub­lished by The Hebrew Uni­ver­si­ty in Israel reports hav­ing dis­cov­ered the “first evi­dence of a con­sen­sus-lev­el attack on a major cryp­tocur­ren­cy.” The paper is cur­rent­ly await­ing peer review but uti­lizes pub­licly avail­able on-chain data and Ethereum’s open source code­base to affirm its conclusions.

At its core, the paper high­lights an issue where min­ers can change the time­stamp relat­ed to a mined block to avoid increased dif­fi­cul­ty on the net­work. On-chain data appears to sup­port the claim as Aviv Yaish, one of the paper’s authors, high­light­ed F2Pool’s block time­stamps being arti­fi­cial­ly altered to improve rewards.

Uncle Maker

Ethereum is main­tained through a proof-of-work con­sen­sus mech­a­nism, which will be moved to proof-of-stake this Sep­tem­ber. How­ev­er, to this point, the net­work appears to be sus­cep­ti­ble to the attack iden­ti­fied in by The Hebrew University.

The con­sen­sus-lev­el attack is referred to as an Uncle Mak­er attack with­in the paper in ref­er­ence to the “uncle” blocks used in the exploit. Blocks with­in the Ethereum blockchain act as a set of records that are checked, dis­trib­uted, and ver­i­fied across the entire net­work. Uncle blocks are valid blocks that have been removed from the main chain but still receive rewards.

“The attack allows an attack­er to replace com­peti­tors’ main-chain blocks after the fact with a block of its own, thus caus­ing the replaced block’s min­er to lose all trans­ac­tions fees for the trans­ac­tions con­tained with­in the block, which will be demot­ed from the main-chain.”

Min­ers can set a block’s time­stamp with­in “a cer­tain rea­son­able bound,” typ­i­cal­ly with­in a few sec­onds. One min­ing pool that was sin­gled out in the research was F2Pool, which “in the past two years, F2Pool didn’t have even a sin­gle block with a time­stamp” that matched the expect­ed out­come. F2Pool is one of the largest Ethereum pools oper­at­ing with a hashrate of 129 TH/s and gen­er­at­ing rough­ly 1.5K ETH in dai­ly rewards.

The paper also high­light­ed that F2Pool’s “founder has made a rel­a­tive­ly well pub­li­cized con­dem­na­tion of com­pet­ing min­ing pools, blam­ing them for attack­ing his own min­ing pool” while, in real­i­ty, “F2Pool are attack­ing oth­er min­ing pools.”

The mon­e­tary impact of the attack has not yet been offi­cial­ly iden­ti­fied, but Cryp­toSlate reached out Yaish who told us,

“For each suc­cess­ful instance of the attack, F2Pool earned 14% more from block rewards, and in addi­tion earned all the trans­ac­tion fees con­tained within.

We are cur­rent­ly attempt­ing to give con­crete esti­ma­tions for both of your ques­tions using real-world data, which will be pub­lished imme­di­ate­ly when we have them!”

The Hebrew Uni­ver­si­ty has “con­crete fix­es for Ethereum’s pro­to­col” and cre­at­ed a patch for con­sid­er­a­tion. Yaish stat­ed in a blog post that the infor­ma­tion was “respon­si­bly dis­closed to the Ethereum Foun­da­tion” before publication.

Source link

Please fol­low and like us:
Pin Share

Leave a Reply

Your email address will not be published.