International Association for Cryptologic Research (IACR)
Abstract
We present an attack on Ethereum\u27s consensus mechanism which can be used by miners to obtain consistently higher mining rewards compared to the honest protocol. This attack is novel in that it does not entail withholding blocks or any behavior which has a non-zero probability of earning less than mining honestly, in contrast with the existing literature.
This risk-less attack relies instead on manipulating block timestamps, and carefully choosing whether and when to do so. We present this attack as an algorithm, which we then analyze to evaluate the revenue a miner obtains from it, and its effect on a miner\u27s absolute and relative share of the main-chain blocks.
The attack allows an attacker to replace competitors\u27 main-chain blocks after the fact with a block of its own, thus causing the replaced block\u27s miner to lose all transactions fees for the transactions contained within the block, which will be demoted from the main-chain. This block, although ``kicked-out\u27\u27 of the main-chain, will still be eligible to be referred to by other main-chain blocks, thus becoming what is commonly called in Ethereum an uncle.
We proceed by defining multiple variants of this attack, and assessing whether any of these attacks has been performed in the wild. Surprisingly, we find that this is indeed true, making this the first case of a confirmed consensus-level manipulation performed on a major cryptocurrency.
Additionally, we implement a variant of this attack as a patch for geth, Ethereum\u27s most popular client, making it the first consensus-level attack on Ethereum which is implemented as a patch.
Finally, we suggest concrete fixes for Ethereum\u27s protocol and implemented them as a patch for geth which can be adopted quickly and mitigate the attack and its variants
