Kaihua Qin,Liyi Zhou,Arthur Gervais

DOI: https://doi.org/10.48550/arXiv.2101.05511

2021-01-14

Cryptography and Security

Abstract:Permissionless blockchains such as Bitcoin have excelled at financial services. Yet, opportunistic traders extract monetary value from the mesh of decentralized finance (DeFi) smart contracts through so-called blockchain extractable value (BEV). The recent emergence of centralized BEV relayer portrays BEV as a positive additional revenue source. Because BEV was quantitatively shown to deteriorate the blockchain's consensus security, BEV relayers endanger the ledger security by incentivizing rational miners to fork the chain. For example, a rational miner with a 10% hashrate will fork Ethereum if a BEV opportunity exceeds 4x the block reward. However, related work is currently missing quantitative insights on past BEV extraction to assess the practical risks of BEV objectively. In this work, we allow to quantify the BEV danger by deriving the USD extracted from sandwich attacks, liquidations, and decentralized exchange arbitrage. We estimate that over 32 months, BEV yielded 540.54M USD in profit, divided among 11,289 addresses when capturing 49,691 cryptocurrencies and 60,830 on-chain markets. The highest BEV instance we find amounts to 4.1M USD, 616.6x the Ethereum block reward. Moreover, while the practitioner's community has discussed the existence of generalized trading bots, we are, to our knowledge, the first to provide a concrete algorithm. Our algorithm can replace unconfirmed transactions without the need to understand the victim transactions' underlying logic, which we estimate to have yielded a profit of 57,037.32 ETH (35.37M USD) over 32 months of past blockchain data. Finally, we formalize and analyze emerging BEV relay systems, where miners accept BEV transactions from a centralized relay server instead of the peer-to-peer (P2P) network. We find that such relay systems aggravate the consensus layer attacks and therefore further endanger blockchain security.

Roozbeh Sarenche,Ertem Nusret Tas,Barnabe Monnot,Caspar Schwarz-Schilling,Bart Preneel

2024-07-28

Abstract:Validators in permissionless, large-scale blockchains (e.g., Ethereum) are typically payoff-maximizing, rational actors. Ethereum relies on in-protocol incentives, like rewards for validators delivering correct and timely votes, to induce honest behavior and secure the blockchain. However, external incentives, such as the block proposer's opportunity to capture maximal extractable value (MEV), may tempt validators to deviate from honest protocol participation. We show a series of commitment attacks on LMD GHOST, a core part of Ethereum's consensus mechanism. We demonstrate how a single adversarial block proposer can orchestrate long-range chain reorganizations by manipulating Ethereum's reward system for timely votes. These attacks disrupt the intended balance of power between proposers and voters: by leveraging credible threats, the adversarial proposer can coerce voters from previous slots into supporting blocks that conflict with the honest chain, enabling a chain reorganization at no cost to the adversary. In response, we introduce a novel reward mechanism that restores the voters' role as a check against proposer power. Our proposed mitigation is fairer and more decentralized -- not only in the context of these attacks -- but also practical for implementation in Ethereum.

Cryptography and Security

Zeinab Alipanahloo,Abdelhakim Senhaji Hafid,Kaiwen Zhang

2024-07-29

Abstract:Maximal Extractable Value (MEV) represents a pivotal challenge within the Ethereum ecosystem; it impacts the fairness, security, and efficiency of both Layer 1 (L1) and Layer 2 (L2) networks. MEV arises when miners or validators manipulate transaction ordering to extract additional value, often at the expense of other network participants. This not only affects user experience by introducing unpredictability and potential financial losses but also threatens the underlying principles of decentralization and trust. Given the growing complexity of blockchain applications, particularly with the increase of Decentralized Finance (DeFi) protocols, addressing MEV is crucial. This paper presents a comprehensive survey of MEV mitigation techniques as applied to both Ethereums L1 and various L2 solutions. We provide a novel categorization of mitigation strategies; we also describe the challenges, ranging from transaction sequencing and cryptographic methods to reconfiguring decentralized applications (DApps) to reduce front-running opportunities. We investigate their effectiveness, implementation challenges, and impact on network performance. By synthesizing current research, real-world applications, and emerging trends, this paper aims to provide a detailed roadmap for researchers, developers, and policymakers to understand and combat MEV in an evolving blockchain landscape.

Cryptography and Security

Massimo Bartoletti,Roberto Zunino

DOI: https://doi.org/10.48550/arXiv.2302.02154

2023-05-17

Abstract:Extractable Value refers to a wide class of economic attacks to public blockchains, where adversaries with the power to reorder, drop or insert transactions in a block can "extract" value from smart contracts. Empirical research has shown that mainstream protocols, like e.g. decentralized exchanges, are massively targeted by these attacks, with detrimental effects on their users and on the blockchain network. Despite the growing impact of these attacks in the real world, theoretical foundations are still missing. We propose a formal theory of Extractable Value, based on a general, abstract model of blockchains and smart contracts. Our theory is the basis for proofs of security against Extractable Value attacks.

Cryptography and Security

Dev Churiwala,Bhaskar Krishnamachari

DOI: https://doi.org/10.48550/arXiv.2211.14985

2022-11-28

Cryptography and Security

Abstract:MEV attacks have been an omnipresent evil in the blockchain world, an implicit tax that uninformed users pay for using the service. The problem arises from the miners' ability to reorder and insert arbitrary transactions in the blocks they mine. This paper proposes a 2-phased transaction protocol to eliminate MEV attacks. The user requests an interaction token from the on-chain counter-party. This token serves as a blind preemption for the counter-party and prevents the reordering of transactions at lower levels in the blockchain framework. We prove the correctness of the CoMMA protocol and demonstrate its efficacy against MEV attacks.

Faisal Haque Bappy,Kamrul Hasan,Joon S. Park,Carlos Caicedo,Tariqul Islam

2024-07-31

Abstract:Conflicting transactions within blockchain networks not only pose performance challenges but also introduce security vulnerabilities, potentially facilitating malicious attacks. In this paper, we explore the impact of conflicting transactions on blockchain attack vectors. Through modeling and simulation, we delve into the dynamics of four pivotal attacks - block withholding, double spending, balance, and distributed denial of service (DDoS), all orchestrated using conflicting transactions. Our analysis not only focuses on the mechanisms through which these attacks exploit transaction conflicts but also underscores their potential impact on the integrity and reliability of blockchain networks. Additionally, we propose a set of countermeasures for mitigating these attacks. Through implementation and evaluation, we show their effectiveness in lowering attack rates and enhancing overall network performance seamlessly, without introducing additional overhead. Our findings emphasize the critical importance of actively managing conflicting transactions to reinforce blockchain security and performance.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

Caspar Schwarz-Schilling,Joachim Neu,Barnabé Monnot,Aditya Asgaonkar,Ertem Nusret Tas,David Tse

DOI: https://doi.org/10.48550/arXiv.2110.10086

2021-10-20

Abstract:Recently, two attacks were presented against Proof-of-Stake (PoS) Ethereum: one where short-range reorganizations of the underlying consensus chain are used to increase individual validators' profits and delay consensus decisions, and one where adversarial network delay is leveraged to stall consensus decisions indefinitely. We provide refined variants of these attacks, considerably relaxing the requirements on adversarial stake and network timing, and thus rendering the attacks more severe. Combining techniques from both refined attacks, we obtain a third attack which allows an adversary with vanishingly small fraction of stake and no control over network message propagation (assuming instead probabilistic message propagation) to cause even long-range consensus chain reorganizations. Honest-but-rational or ideologically motivated validators could use this attack to increase their profits or stall the protocol, threatening incentive alignment and security of PoS Ethereum. The attack can also lead to destabilization of consensus from congestion in vote processing.

Cryptography and Security

Nasser Alsalami,Bingsheng Zhang

DOI: https://doi.org/10.1109/iwqos49365.2020.9213064

2020-01-01

Abstract:Public blockchains can be abused to covertly store and disseminate potentially harmful digital content which poses a serious regulatory issue. In this work, we show the severity of the problem by demonstrating that blockchains can be exploited to surreptitiously distribute arbitrary content. More specifically, all major blockchain systems use randomized cryptographic primitives, such as digital signatures and non-interactive zero-knowledge proofs; we illustrate how the uncontrolled randomness in such primitives can be maliciously manipulated to enable covert communication and hidden persistent storage. To clarify the potential risk, we design, implement and evaluate our technique against the widely-used ECDSA signature scheme, the CryptoNote's ring signature scheme, and Monero's ring confidential transactions. Importantly, the significance of the demonstrated attacks stems from their undetectability, their adverse effect on the future of decentralized blockchains, and their serious repercussions on users' privacy and crypto funds. Finally, we present a generic framework to immunize blockchains against these attacks.

Sen Yang,Fan Zhang,Ken Huang,Xi Chen,Youwei Yang,Feng Zhu

2023-10-21

Abstract:Blockchains offer strong security guarantees, but they cannot protect the ordering of transactions. Powerful players, such as miners, sequencers, and sophisticated bots, can reap significant profits by selectively including, excluding, or re-ordering user transactions. Such profits are called Miner/Maximal Extractable Value or MEV. MEV bears profound implications for blockchain security and decentralization. While numerous countermeasures have been proposed, there is no agreement on the best solution. Moreover, solutions developed in academic literature differ quite drastically from what is widely adopted by practitioners. For these reasons, this paper systematizes the knowledge of the theory and practice of MEV countermeasures. The contribution is twofold. First, we present a comprehensive taxonomy of 30 proposed MEV countermeasures, covering four different technical directions. Secondly, we empirically studied the most popular MEV-auction-based solution with rich blockchain and mempool data. We also present the Mempool Guru system, a public service system that collects, persists, and analyzes the Ethereum mempool data for research. In addition to gaining insights into MEV auction platforms' real-world operations, our study shed light on the prevalent censorship by MEV auction platforms as a result of the recent OFAC sanction, and its implication on blockchain properties.

Cryptography and Security

Jehyuk Jang,Heung-No Lee

DOI: https://doi.org/10.48550/arXiv.1903.01711

2020-10-14

Abstract:Our aim in this paper is to investigate the profitability of double-spending (DS) attacks that manipulate an a priori mined transaction in a blockchain. It was well understood that a successful DS attack is established when the proportion of computing power an attacker possesses is higher than that the honest network does. What is not yet well understood is how threatening a DS attack with less than 50% computing power used can be. Namely, DS attacks at any proportion can be of a threat as long as the chance to making a good profit exists. Profit is obtained when the revenue from making a successful DS attack is greater than the cost of carrying out one. We have developed a novel probability theory for calculating a finite time attack probability. This can be used to size up attack resources needed to obtain the profit. The results enable us to derive a sufficient and necessary condition on the value of a transaction targeted by a DS attack. Our result is quite surprising: we theoretically show that DS attacks at any proportion of computing power can be made profitable. Given one's transaction size, the results can also be used to assess the risk of a DS attack. An example of the attack resources is provided for the BitcoinCash network.

Cryptography and Security

Tianyang Chi,Ningyu He,Xiaohui Hu,Haoyu Wang

2024-10-10

Abstract:Maximal Extractable Value (MEV) drives the prosperity of the blockchain ecosystem. By strategically including, excluding, or reordering transactions within blocks, block producers can extract additional value, which in turn incentivizes them to keep the decentralization of the whole blockchain platform. Before September 2022, around $675M was extracted in terms of MEV in Ethereum. Despite its importance, current work on identifying MEV activities suffers from two limitations. On the one hand, current methods heavily rely on clumsy heuristic rule-based patterns, leading to numerous false negatives or positives. On the other hand, the observations and conclusions are drawn from the early stage of Ethereum, which cannot be used as effective guiding principles after The Merge. To address these challenges, in this work, we innovatively proposed a profitability identification algorithm. Based on this, we designed two robust algorithms to identify MEV activities on our collected largest-ever dataset. Based on the identified results, we have characterized the overall landscape of the Ethereum MEV ecosystem, the impact the private transaction architectures bring in, and the adoption of back-running mechanisms. Our research sheds light on future MEV-related work.

Cryptography and Security

Matthew Willetts,Christian Harrington

2024-04-26

Abstract:Maximal Extractable Value (MEV) in Constant Function Market Making is fairly well understood. Does having dynamic weights, as found in liquidity boostrap pools (LBPs), Temporal-function market makers (TFMMs), and Replicating market makers (RMMs), introduce new attack vectors? In this paper we explore how inter-block weight changes can be analogous to trades, and can potentially lead to a multi-block MEV attack. New inter-block protections required to guard against this new attack vector are analysed. We also carry our a raft of numerical simulations, more than 450 million potential attack scenarios, showing both successful attacks and successful defense.

Trading and Market Microstructure

Quan Yuan,Puwen Wei,Keting Jia,Haiyang Xue

DOI: https://doi.org/10.1007/s11432-019-9916-5

2020-01-01

Science China Information Sciences

Abstract:Bitcoin, which was initially introduced by Nakamoto, is the most disruptive and impactive cryptocurrency. The core Bitcoin technology is the so-called blockchain protocol. In recent years, several studies have focused on rigorous analyses of the security of Nakamoto’s blockchain protocol in an asynchronous network where network delay must be considered. Wei, Yuan, and Zheng investigated the effect of a long delay attack against Nakamoto’s blockchain protocol. However, their proof only holds in the honest miner setting. In this study, we improve Wei, Yuan and Zheng’s result using a stronger model where the adversary can perform long delay attacks and corrupt a certain fraction of the miners. We propose a method to analyze the converge event and demonstrate that the properties of chain growth, common prefix, and chain quality still hold with reasonable parameters in our stronger model.

Zheyuan He,Zihao Li,Ao Qiao,Xiapu Luo,Xiaosong Zhang,Ting Chen,Shuwei Song,Dijun Liu,Weina Niu

DOI: https://doi.org/10.1109/SP54263.2024.00125

2024-06-16

Abstract:Blockchains, with intricate architectures, encompass various components, e.g., consensus network, smart contracts, decentralized applications, and auxiliary services. While offering numerous advantages, these components expose various attack surfaces, leading to severe threats to blockchains. In this study, we unveil a novel attack surface, i.e., the state storage, in blockchains. The state storage, based on the Merkle Patricia Trie, plays a crucial role in maintaining blockchain state. Besides, we design Nurgle, the first Denial-of-Service attack targeting the state storage. By proliferating intermediate nodes within the state storage, Nurgle forces blockchains to expend additional resources on state maintenance and verification, impairing their performance. We conduct a comprehensive and systematic evaluation of Nurgle, including the factors affecting it, its impact on blockchains, its financial cost, and practically demonstrating the resulting damage to blockchains. The implications of Nurgle extend beyond the performance degradation of blockchains, potentially reducing trust in them and the value of their cryptocurrencies. Additionally, we further discuss three feasible mitigations against Nurgle. At the time of writing, the vulnerability exploited by Nurgle has been confirmed by six mainstream blockchains, and we received thousands of USD bounty from them.

Cryptography and Security

Bulat Nasrulin,Georgy Ishmaev,Jérémie Decouchant,Johan Pouwelse

2023-07-05

Abstract:Possible manipulation of user transactions by miners in a permissionless blockchain systems is a growing concern. This problem is a pervasive and systemic issue, known as Miner Extractable Value (MEV), incurs highs costs on users of decentralised applications. Furthermore, transaction manipulations create other issues in blockchain systems such as congestion, higher fees, and system instability. Detecting transaction manipulations is difficult, even though it is known that they originate from the pre-consensus phase of transaction selection for a block building, at the base layer of blockchain protocols. In this paper we summarize known transaction manipulation attacks. We then present LØ, an accountable base layer protocol specifically designed to detect and mitigate transaction manipulations. LØ is built around accurate detection of transaction manipulations and assignment of blame at the granularity of a single mining node. LØ forces miners to log all the transactions they receive into a secure mempool data structure and to process them in a verifiable manner. Overall, LØ quickly and efficiently detects reordering, injection or censorship attempts. Our performance evaluation shows that LØ is also practical and only introduces a marginal performance overhead.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Ulysse Pavloff,Yackolley Amoussou-Genou,Sara Tucci-Piergiovanni

2024-06-07

Abstract:In May 2023, the Ethereum blockchain experienced its first inactivity leak, a mechanism designed to reinstate chain finalization amid persistent network disruptions. This mechanism aims to reduce the voting power of validators who are unreachable within the network, reallocating this power to active validators. This paper investigates the implications of the inactivity leak on safety within the Ethereum blockchain. Our theoretical analysis reveals scenarios where actions by Byzantine validators expedite the finalization of two conflicting branches, and instances where Byzantine validators reach a voting power exceeding the critical safety threshold of one-third. Additionally, we revisit the probabilistic bouncing attack, illustrating how the inactivity leak can result in a probabilistic breach of safety, potentially allowing Byzantine validators to exceed the one-third safety threshold. Our findings uncover how penalizing inactive nodes can compromise blockchain properties, particularly in the presence of Byzantine validators capable of coordinating actions.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Nihar Ranjan Pradhan,Akhilendra Pratap Singh,S. V. Sudha,K Hemanth Kumar Reddy,Diptendu Sinha Roy

DOI: https://doi.org/10.3390/s23020670

IF: 3.9

2023-01-07

Sensors

Abstract:With the electric power grid experiencing a rapid shift to the smart grid paradigm over a deregulated energy market, Internet of Things (IoT)-based solutions are gaining prominence, and innovative peer-to-peer (P2P) energy trading at a micro level is being deployed. Such advancement, however, leaves traditional security models vulnerable and paves the path for blockchain, a distributed ledger technology (DLT), with its decentralized, open, and transparency characteristics as a viable alternative. However, due to deregulation in energy trading markets, most of the prototype resilience regarding cybersecurity attack, performance and scalability of transaction broadcasting, and its direct impact on overall performances and attacks are required to be supported, which becomes a performance bottleneck with existing blockchain solutions such as Hyperledger, Ethereum, and so on. In this paper, we design a novel permissioned Corda framework for P2P energy trading peers that not only mitigates a new class of cyberattacks, i.e., delay trading (or discard), but also disseminates the transactions in a optimized propagation time, resulting in a fair transaction distribution. Sharing transactions in a permissioned R3 Corda blockchain framework is handled by the Advanced Message Queuing Protocol (AMQP) and transport layer security (TLS). The unique contribution of this paper lies in the use of an optimized CPU and JVM heap memory scenario analysis with P2P metric in addition to a far more realistic multihosted testbed for the performance analysis. The average latencies measured are 22 ms and 51 ms for sending and receiving messages. We compare the throughput by varying different types of flow such as energy request, request + pay, transfer, multiple notary, sender, receiver, and single notary. In the proposed framework, request is an energy asset that is based on payment state and contract in the P2P energy trading module, so in request flow, only one node with no notary appears on the vault of the node.Energy request + pay flow interaction deals with two nodes, such as producer and consumer, to deal with request and transfer of asset ownership with the help of a notary. Request + repeated pay flow request, on node A and repeatedly transfers a fraction of energy asset state to another node, B, through a notary.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Joshua S. Gans,Hanna Halaburda

2023-08-12

Abstract:The core premise of permissionless blockchains is their reliable and secure operation without the need to trust any individual agent. At the heart of blockchain consensus mechanisms is an explicit cost (whether work or stake) for participation in the network and the opportunity to add blocks to the blockchain. A key rationale for that cost is to make attacks on the network, which could be theoretically carried out if a majority of nodes were controlled by a single entity, too expensive to be worthwhile. We demonstrate that a majority attacker can successfully attack with a {\em negative cost}, which shows that the protocol mechanisms are insufficient to create a secure network, and emphasizes the importance of socially driven mechanisms external to the protocol. At the same time, negative cost enables a new type of majority attack that is more likely to elude external scrutiny.

Cryptography and Security,Computer Science and Game Theory,General Economics

Cosimo Sguanci,Anastasios Sidiropoulos

DOI: https://doi.org/10.1109/ICBC56567.2023.10174926

2024-02-07

Abstract:The Lightning Network (LN) has enjoyed rapid growth over recent years, and has become the most popular scaling solution for the Bitcoin blockchain. The security of the LN relies on the ability of the nodes to close a channel by settling their balances, which requires confirming a transaction on the Bitcoin blockchain within a pre-agreed time period. We study the susceptibility of the LN to mass exit attacks in case of high transaction congestion, in the presence of a small coalition of adversarial nodes that forces a large set of honest users to interact with the blockchain. We focus on two types of attacks: (i) The first is a zombie attack, where a set of k nodes become unresponsive with the goal of locking the funds of many channels for a period of time longer than what the LN protocol dictates. (ii) The second is a mass double-spend attack, where a set of k nodes attempt to steal funds by submitting many closing transactions that settle channels using expired protocol states; this causes many honest nodes to have to quickly respond by submitting invalidating transactions. We show via simulations that, under historically plausible congestion conditions, with mild statistical assumptions on channel balances, both attacks can be performed by a very small coalition. To perform our simulations, we formulate the problem of finding a worst-case coalition of k adversarial nodes as a graph cut problem. Our experimental findings are supported by theoretical justifications based on the scale-free topology of the LN.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Jianhuan Wang,Jichen Li,Zecheng Li,Xiaotie Deng,Bin Xiao

DOI: https://doi.org/10.1007/978-3-031-51479-1_19

2024-01-01

Abstract:Decentralized finance (DeFi) is a global and open financial system built on the blockchain technology, typically using Ethereum smart contracts. Decentralized exchanges (DEXs) are very important sectors in the DeFi ecosystem, with billions of USD trading volume daily. Unfortunately, the transparency of pending pools can be exploited by attackers and DEXs are vulnerable to transaction reordering attacks, allowing attackers to gain miner extracted value (MEV). Previous transaction reordering attacks aim at exploiting the vulnerability of a single victim transaction, such as sandwich attack and dagwood sandwich attack. In this paper, we propose a novel transaction reordering attack named n-multiple-victim-transaction-layer (n-MVTL) attack to exploit the overall vulnerability among multiple victim transactions. Such advanced design can significantly expand the victim transaction search space and bring more profits to attackers. Given a set of ordered victim transactions, we propose an optimal algorithm to identify the optimal solution for n-MVTL attacks, which aims to maximize the profit of the attack strategy. This algorithm supports a trade-off between time efficiency and attack profit, making the attack algorithm more practical. Our simulations show that the n-MVTL attack can yield an average extra daily profit of 940 USD from the top 2 most popular liquidity pools in Uniswap V2 from Mar. 2021 to Apr. 2023, compared with the sandwich attack.