Any future Proof-of-Stake (PoS) Ethereum blockchain would be vulnerable to three different types of attack, according to a new paper from Stanford University and the Ethereum Foundation.
Ethereum now runs on a Proof-of-Work (PoW) consensus algorithm but plans to make the leap to PoS sometime next year. This is nearly a half-decade since lead brain Vitalik Buterin first floated the idea.
But according to the report, titled Three Attacks on Proof-of-Stake Ethereum, the long-awaited ETH 2.0 may not be quite as secure as previously thought.
The paper was originally published on October 19, Bitcoin News noted, but gained wider attention when it was shared on Twitter last weekend.
According to the paper, scientists from Stanford and the Ethereum Foundation combined two already-outlined attacks.
They refined the techniques used to create what they call a “particularly severe” third potential exploit.
“Combining techniques from both refined attacks, we obtain a third attack which allows an adversary with vanishingly small fraction of stake and no control over network message propagation (assuming instead probabilistic message propagation) to cause even long-range consensus chain reorganizations,” said the researchers.
Most glaringly, the paper suggests that one bad actor would only need to control 19 validating nodes to exact a “re-organization attack” on the blockchain. This would allow transaction rollbacks and censorship.
Ethereum’s Proof-of-Stake still a work-in-progress
This third attack is particularly dangerous for PoS Ethereum for three reasons, according to the paper’s authors.
- So-called “honest-but-rational” validators could use attacks like this to boost their MEV payouts and transaction fees.
- They could delay block confirmation, affect the user experience, and decrease trust in the protocol.
- Attacks like this can reduce the throughput of the consensus layer to the point where not enough votes can be processed.
Overall, this reduces resilience against adversarial validators and jeopardizes the proper functioning of PoS-powered Ethereum.
The authors then detail how an “ideologically motivated” validator could use this attack to increase profits or stall the protocol. This would compromise Ethereum’s overall security.
Ethereum’s jump to PoS is still in preparation — and no blockchain is entirely resistant to potential attack.
However, this paper clearly shows that ditching Proof-of-Work brings about unique challenges for the Ethereum ecosystem, as well as Buterin and his team.
Follow us on Twitter for more informed crypto news.