443 research outputs found
Smart contracts for bribing miners
We present three smart contracts that allow a briber to fairly
exchange bribes to miners who pursue a mining strategy benefiting the
briber. The first contract, CensorshipCon, highlights that Ethereum’s
uncle block reward policy can directly subsidise the cost of bribing miners.
The second contract, HistoryRevisionCon, rewards miners via an
in-band payment for reversing transactions or enforcing a new state of
another contract. The third contract, GoldfingerCon, rewards miners
in one cryptocurrency for reducing the utility of another cryptocurrency.
This work is motivated by the need to understand the extent
to which smart contracts can impact the incentive mechanisms involved
in Nakamoto-style consensus protocols
Bribes to Miners: Evidence from Ethereum
Though blockchain aims to alleviate bribing attacks, users can collude with
miners by directly sending bribes. This paper focuses on empirical evidence of
bribes to miners, and the detected behaviour implies that mining power could be
exploited. By scanning transactions on Ethereum, transactions for potential
direct bribes are filtered, and we find that the potential bribers and bribees
are centralized in a small group. After constructing proxies of active level of
potential bribing, we find that potential bribes can affect the status of
Ethereum and other mainstream blockchains, and network adoption of blockchain
can be influenced as well. Besides, direct bribes can be related to stock
markets, e.g., S&P 500 and Nasdaq
Pay To Win: Cheap, Crowdfundable, Cross-chain Algorithmic Incentive Manipulation Attacks on PoW Cryptocurrencies
In this paper we extend the attack landscape of bribing attacks on cryptocurrencies by presenting a new method, which we call
Pay-To-Win (P2W). To the best of our knowledge, it is the first approach capable of facilitating double-spend collusion across different blockchains. Moreover, our technique can also be used to specifically incentivize transaction exclusion or (re)ordering. For our construction we rely on smart contracts to render the payment and receipt of bribes trustless for the briber as well as the bribee. Attacks using our approach are operated and financed out-of-band i.e., on a funding cryptocurrency, while the consequences are induced in a different target cryptocurrency. Hereby, the main requirement is that smart contracts on the funding cryptocurrency are able to verify consensus rules of the target. For a concrete instantiation of our P2W method, we choose Bitcoin as a target and Ethereum as a funding cryptocurrency. Our P2W method is designed in a way that reimburses collaborators even in the case of an unsuccessful attack. Interestingly, this actually renders our approach approximately one order of magnitude cheaper than comparable bribing techniques (e.g., the whale attack). We demonstrate the technical feasibility of P2W attacks through publishing all relevant artifacts of this paper, ranging from calculations of success probabilities to a fully functional proof-of-concept implementation, consisting of an Ethereum smart contract and a Python client
Timelocked Bribing
A Hashed Time Lock Contract (HTLC) is a central concept in cryptocurrencies where some value can be spent either with the preimage of a public hash by one party (Bob) or after a timelock expires by another party (Alice). We present a bribery attack on HTLC\u27s where Bob\u27s hash-protected transaction is censored by Alice\u27s timelocked transaction. Alice incentivizes miners to censor Bob\u27s transaction by leaving almost all her value to miners in general. Miners follow (or refuse) this bribe if their expected payoff is better (or worse). We explore conditions under which this attack is possible, and how HTLC participants can protect themselves against the attack. Applications like Lightning Network payment channels and Cross-Chain Atomic Swaps use HTLC\u27s as building blocks and are vulnerable to this attack. Our proposed solution uses the hashpower share of the weakest known miner to derive parameters that make these applications robust against this bribing attack
SoK: Algorithmic Incentive Manipulation Attacks on Permissionless PoW Cryptocurrencies
A long standing question in the context of cryptocurrencies based on Nakamoto consensus is whether such constructions are
incentive compatible, i.e., the intended properties of the system emerge from the appropriate utility model for participants. Bribing and other related attacks, such as front-running or Goldfinger attacks, aim to directly influence the incentives of actors within (or outside) of the targeted cryptocurrency system. The theoretical possibility of bribing at tacks on cryptocurrencies was discussed early on in the cryptocurrency community and various different techniques and approaches have since been proposed. Some of these attacks are designed to gain in-band profits, while others intend to break the mechanism design and render the cryptocurrency worthless. In this paper, we systematically expose the large but scattered body of research in this area which has accumulated over the years. We summarize these bribing attacks and similar techniques that leverage on programmatic execution and verification under the term algorithmic incentive manipulation (AIM) attacks, and show that the problem space is not yet fully explored. Based on our analysis we present several research gaps and opportunities that warrant further investigation. In particular, we highlight no- and near-fork attacks as a powerful, yet largely underestimated, AIM category that raises serious security concerns not only for smart contract platforms
Impact of Geo-distribution and Mining Pools on Blockchains: A Study of Ethereum
Given the large adoption and economical impact of permissionless blockchains,
the complexity of the underlying systems and the adversarial environment in
which they operate, it is fundamental to properly study and understand the
emergent behavior and properties of these systems. We describe our experience
on a detailed, one-month study of the Ethereum network from several
geographically dispersed observation points. We leverage multiple geographic
vantage points to assess the key pillars of Ethereum, namely geographical
dispersion, network efficiency, blockchain efficiency and security, and the
impact of mining pools. Among other new findings, we identify previously
undocumented forms of selfish behavior and show that the prevalence of powerful
mining pools exacerbates the geographical impact on block propagation delays.
Furthermore, we provide a set of open measurement and processing tools, as well
as the data set of the collected measurements, in order to promote further
research on understanding permissionless blockchains.Comment: To appear in 50th IEEE/IFIP International Conference on Dependable
Systems and Networks (DSN), 202
- …