Nurgle: Exacerbating Resource Consumption in Blockchain State Storage via MPT Manipulation

Zheyuan He,Zihao Li,Ao Qiao,Xiapu Luo,Xiaosong Zhang,Ting Chen,Shuwei Song,Dijun Liu,Weina Niu
DOI: https://doi.org/10.1109/SP54263.2024.00125
2024-06-16
Abstract:Blockchains, with intricate architectures, encompass various components, e.g., consensus network, smart contracts, decentralized applications, and auxiliary services. While offering numerous advantages, these components expose various attack surfaces, leading to severe threats to blockchains. In this study, we unveil a novel attack surface, i.e., the state storage, in blockchains. The state storage, based on the Merkle Patricia Trie, plays a crucial role in maintaining blockchain state. Besides, we design Nurgle, the first Denial-of-Service attack targeting the state storage. By proliferating intermediate nodes within the state storage, Nurgle forces blockchains to expend additional resources on state maintenance and verification, impairing their performance. We conduct a comprehensive and systematic evaluation of Nurgle, including the factors affecting it, its impact on blockchains, its financial cost, and practically demonstrating the resulting damage to blockchains. The implications of Nurgle extend beyond the performance degradation of blockchains, potentially reducing trust in them and the value of their cryptocurrencies. Additionally, we further discuss three feasible mitigations against Nurgle. At the time of writing, the vulnerability exploited by Nurgle has been confirmed by six mainstream blockchains, and we received thousands of USD bounty from them.
Cryptography and Security
What problem does this paper attempt to address?
The problem that this paper attempts to solve is that a new attack surface has been discovered in the blockchain, namely state storage, especially the state storage based on the Merkle Patricia Trie (MPT) structure. The paper proposes a new type of Denial - of - Service (DoS) attack named NURGLE. By proliferating intermediate nodes in the state storage, it forces the blockchain to consume additional resources to maintain and verify the state, thereby degrading the performance of the blockchain. Specifically, the goal of the NURGLE attack is to weaken the performance of the blockchain by increasing the time cost of interacting with the state storage. ### Main Contributions 1. **New Attack Surface**: Based on the new attack surface of blockchain state storage, a new DoS attack - NURGLE is proposed. By manipulating the MPT structure, NURGLE can continuously increase the resources consumed by the blockchain during the state modification process, including CPU, memory and disk resources. 2. **New Observations**: - **Heavy Burden of State Maintenance**: The time - intensive operations in the blockchain are divided into four categories, and it is revealed that the time cost of these operations is linearly related to the number of nodes involved in the MPT. - **Defects in the Gas Mechanism**: It is pointed out that the Gas mechanism fails to accurately reflect the actual resources consumed when making state modifications in the MPT, especially without considering the cost of updating intermediate nodes. 3. **New Understanding**: A comprehensive and systematic evaluation of NURGLE has been carried out, including influencing factors, attack effects, financial costs and effectiveness verification on two test networks. The experimental results show that NURGLE can widely utilize various mainstream blockchain platforms at a reasonable cost, resulting in a significant decline in blockchain performance. 4. **Mitigation Measures**: Three feasible mitigation measures are discussed to reduce the impact of NURGLE attacks, and their advantages and disadvantages are analyzed. ### Attack Design NURGLE achieves its attack goals through the following steps: 1. **Construct Data**: Construct specific payload data and submit it to the P2P network through transactions. 2. **Manipulate MPT**: Once the transaction is included in the blockchain, NURGLE can manipulate the MPT structure, increasing the number of intermediate nodes, thereby increasing the resources required to maintain these nodes. 3. **Persistent Threat**: Since the manipulated MPT structure will be permanently stored on the blockchain, the threat of NURGLE to subsequent blocks is persistent. ### Attack Scope Blockchain platforms that use the MPT structure to process state storage may be threatened by NURGLE. In practical applications, multiple mainstream blockchain platforms, including Ethereum, Binance Smart Chain, Polygon, Avalanche, Optimism and Polkadot, all use the MPT structure and are therefore all facing the threat of NURGLE. ### Evaluation The paper evaluates NURGLE from four aspects: 1. **Strategy Selection**: Considering the computing resources available to the attacker, a reasonable attack strategy is determined. 2. **Attack Effect**: The impact of NURGLE on Ethereum is evaluated. The results show that within 10,000 blocks, NURGLE can increase the state modification time cost of Ethereum by 111%. 3. **Financial Cost**: The financial cost of NURGLE on seven popular blockchains is evaluated, with the lowest cost being $39.64. 4. **Practical Verification**: The effectiveness of NURGLE is verified on the test networks of Ethereum and Binance Smart Chain. The results show that NURGLE can significantly increase the time cost of state modification. ### Conclusion The NURGLE attack reveals a new attack surface in blockchain state storage and provides detailed attack design and evaluation. The research results emphasize the importance of protecting blockchain state storage and provide more robust design suggestions for researchers and developers.