An Empirical Study on Ethereum Private Transactions and the Security Implications
Authors: Xingyu Lyu, Mengya Zhang, Xiaokuan Zhang, Jianyu Niu, Yinqian Zhang, and Zhiqiang Lin
Recently, Decentralized Finance (DeFi) platforms on Ethereum are booming, and numerous traders are trying to capitalize on the opportunity for maximizing their benefits by launching front-running attacks and extracting Miner Extractable Values (MEVs) based on information in the public mempool. To protect end users from being harmed and hide transactions from the mempool, private transactions, a special type of transactions that are sent directly to miners, were invented. Private transactions have a high probability of being packed to the front positions of a block and being added to the blockchain by the target miner, without going through the public mempool, thus reducing the risk of being attacked by malicious entities.
Despite the good intention of inventing private transactions, due to their stealthy nature, private transactions have also been used by attackers to launch attacks, which has a negative impact on the Ethereum ecosystem. However, existing works only touch upon private transactions as by-products when studying MEV, while a systematic study on private transactions is still missing. To fill this gap and paint a complete picture of private transactions, we take the first step towards investigating the private transactions on Ethereum. In particular, we collect largescale private transaction datasets and perform analysis on their characteristics, transaction costs and miner profits, as well as security impacts. This work provides deep insights on different aspects of private transactions.
- Privacy is once again at the forefront of industry discussions given the recent enforcement actions against Tornado Cash developers and users.
- This paper provides an evaluation of the most predominant type of private transactions in Ethereum: a simple schema where transactions are obfuscated via intermediary smart contracts and sent to miners directly.
- The authors find that there is increasing demand for this transaction type, especially for Maximal Extractable Value (MEV), and provide interesting data on this transaction type.
Mass Exit Attacks on the Lightning Network
Authors: Cosimo Sguanci and Anastasios Sidiropoulos
The Lightning Network (LN) has enjoyed rapid growth over recent years, and has become the most popular scaling solution for the Bitcoin blockchain. The network consists of payment channels that hold different amounts of BTC in their capacity. The security of the LN hinges on the ability of the nodes to close a channel by settling their balances, which requires confirming a transaction on the Bitcoin blockchain within a pre-agreed time period. This inherent timing restriction that the LN must satisfy, make it susceptible to attacks that seek to increase the congestion on the Bitcoin blockchain, thus preventing correct protocol execution.
We study the susceptibility of the LN to mass exit attacks, in the presence of a small coalition of adversarial nodes. This is a scenario where an adversary forces a large set of honest protocol participants to interact with the blockchain. We focus on two types of attacks: (i) The first is a zombie attack, where a set of 𝑘 nodes become unresponsive with the goal to lock the funds of many channels for a period of time longer than what the LN protocol dictates. (ii) The second is a mass double-spend attack, where a set of 𝑘 nodes attempt to steal funds by submitting many closing transactions that settle channels using expired protocol states; this causes many honest nodes to have to quickly respond by submitting invalidating transactions.
We show via simulations that, under historically-plausible congestion conditions, with mild statistical assumptions on channel balances, both of the attacks can be performed by a very small coalition. For example, a coalition of just 30 nodes could lock the funds of 31% of the channels for about 2 months via a zombie attack, and could steal more than 750 BTC via a mass double-spend attack, if the watchtowers algorithms do not make use of sophisticated strategies.
To perform our simulations, we formulate the problem of finding a worst-case coalition of 𝑘 adversarial nodes as a graph cut problem. Our experimental findings are supported by a theoretical justification based on the scale-free topology of the LN. We emphasize that the proposed attacks should not be considered as an issue of the protocol design, but rather as an inherent issue of payment channels network without general computability on layer-1.
- The Lightning Network is the most popular implementation of a Payment Channel Network (PCN) with millions of dollars worth of Bitcoin locked up in its public channels.
- As a relatively new technology, there are still many poorly understood security vectors that may impact the uptime and safety of Lightning.
- This paper sheds light on a new attack vector whereby a set of users can trigger a liquidity freeze, which would be very disruptive to Lightning’s capacity and functionality.
A New Look at Blockchain Leader Election: Simple, Efficient, Sustainable and Post-Quantum
Authors: Muhammed F. Esgin, Oguzhan Ersoy, Veronika Kuchta, Julian Loss, Amin Sakzad, Ron Steinfeld, Wayne Yang, and Raymond K. Zhao
In this work, we study the blockchain leader election problem. The purpose of such protocols is to elect a leader who decides on the next block to be appended to the blockchain, for each block proposal round. Solutions to this problem are vital for the security of blockchain systems. We introduce an efficient blockchain leader election method with security based solely on standard assumptions for cryptographic hash functions (rather than public-key cryptographic assumptions) and that does not involve a racing condition as in Proof-of-Work based approaches. Thanks to the former feature, our solution provides the highest confidence in security, even in the post-quantum era. A particularly scalable application of our solution is in the Proof-of-Stake setting, and we investigate our solution in the Algorand blockchain system. We believe our leader election approach can be easily adapted to a range of other blockchain settings.
At the core of Algorand’s leader election is a verifiable random function (VRF). Our approach is based on introducing a simpler primitive which still suffices for the blockchain leader election problem. In particular, we analyze the concrete requirements in an Algorand-like blockchain setting to accomplish leader election, which leads to the introduction of indexed VRF (iVRF). An iVRF satisfies modified uniqueness and pseudorandomness properties (versus a full-fledged VRF) that enable an efficient instantiation based on a hash function without requiring any complicated zero-knowledge proofs of correct PRF evaluation. We further extend iVRF to an authenticated iVRF with forward-security, which meets all the requirements to establish an Algorand-like consensus. Our solution is simple, flexible and incurs only a 32-byte additional overhead when combined with the current best solution to constructing a forward-secure signature (in the post-quantum setting).
We implemented our (authenticated) iVRF proposal in C language on a standard computer and show that our proposal significantly outperforms other quantum-safe VRF proposals in almost all metrics. Particularly, iVRF evaluation and verification can be executed in 0.02 ms, which is even faster than ECVRF used in Algorand.
- “Leader Selection” is a process in Proof-of-Stake protocols whereby the validators (or block producers) of future blocks are selected.
- The selection process is one of the most critical aspects of a PoS system because if an attacker can exploit it, the entire network might be highjacked.
- This paper evaluates the use of Verifiable Delay Functions (VDFs) in Leader Selection, which is believed to make it substantially harder for an attacker to exploit, or otherwise manipulate, this process.
Uncle Maker: (Time)Stamping Out The Competition in Ethereum
Authors: Aviv Yaish, Gilad Stern, and Aviv Zohar
We present an attack on Ethereum’s consensus mechanism which can be used by miners to obtain consistently higher mining rewards compared to the honest protocol. This attack is novel in that it does not entail withholding blocks or any behavior which has a non-zero probability of earning less than mining honestly, in contrast with the existing literature. This risk-less attack relies instead on manipulating block timestamps, and carefully choosing whether and when to do so. We present this attack as an algorithm, which we then analyze to evaluate the revenue a miner obtains from it, and its effect on a miner’s absolute and relative share of the main-chain blocks. The attack allows an attacker to replace competitors’ main-chain blocks after the fact with a block of its own, thus causing the replaced block’s miner to lose all transactions fees for the transactions contained within the block, which will be demoted from the main-chain. This block, although “kicked-out” of the main-chain, will still be eligible to be referred to by other main-chain blocks, thus becoming what is commonly called in Ethereum an uncle. We proceed by defining multiple variants of this attack, and assessing whether any of these attacks has been performed in the wild. Surprisingly, we find that this is indeed true, making this the first case of a confirmed consensus-level manipulation performed on a major cryptocurrency. Additionally, we implement a variant of this attack as a patch for Go Ethereum (geth), Ethereum’s most popular client, making it the first consensus-level attack on Ethereum which is implemented as a patch. Finally, we suggest concrete fixes for Ethereum’s protocol and implemented them as a patch for geth which can be adopted quickly and mitigate the attack and its variants.
- Mining Pools have a lot of power in Proof-of-Work systems where competition for block rewards increased considerably over the past few years.
- Accordingly, several Mining Pools have begun employing sophisticated techniques to increase their revenues, such as accepting transactions directly from traders as a way to extract MEV.
- This paper evaluates the use of a novel timestamp manipulation attack to increase a Pool’s mining revenue. Put simply, the attack consists of manipulating the timestamp of a block and making a competitor’s block at the same height an uncle, whereby the pool with the manipulated timestamp gets the majority of that block’s fees.
Delta Hedging Liquidity Positions on Automated Market Makers
Authors: Akhilesh (Adam) Khakhar and Xi Chen
Liquidity Providers on Automated Market Makers generate millions of USD in transaction fees daily. However, the net value of a Liquidity Position is vulnerable to price changes in the underlying assets in the pool. The dominant measure of loss in a Liquidity Position is Impermanent Loss. Impermanent Loss for Constant Function Market Makers has been widely studied. We propose a new metric to measure Liquidity Position PNL based on price movement from the underlying assets. We show how this new metric more appropriately measures the change in the net value of a Liquidity Position as a function of price movement in the underlying assets. Our second contribution is an algorithm to delta hedge arbitrary Liquidity Positions on both uniform liquidity Automated Market Makers (such as Uniswap v2) and concentrated liquidity Automated Market Makers (such as Uniswap v3) via a combination of derivatives.
- Liquidity Providers (LPs) in DeFi face unique risks due to volatility, such as Impermanent Loss (IL), among many other factors that can negatively the Profit & Loss (PNL) of an LP’s portfolio.
- This paper introduces a new metric to measure PNL and techniques that LPs can use to diminish such risks.
- The authors introduce a Proof-of-Concept algorithm that enables LPs to Delta Hedge their positions in popular DEX types. This technique is critical in volatile markets such as DeFi as it can reduce the impact of volatility on an LP’s PNL.