_{Brought to you by:}

“David: Is this a game or is it real?

WOPR: What’s the difference?”

— WarGames

Thursday attacking mailbag

Q: What would it cost me to break Ethereum?

$376! 

On average, according to a paper recently published by a team of academics who appear to enjoy breaking things (but in the case of Ethereum, only on testnet).

Sometimes you could even do it for $0.

The cost would vary, and you’d only break it for 12 seconds, but that’s how little it might take to execute a denial-of-service attack that would force Ethereum to produce an empty or compromised block. 

Q: How does that work?

You’ll have to read the paper for a proper explanation — or better yet, attend next week’s presentation of the paper at the Princeton DeCenter, where “no prior knowledge of the subject” will be required to learn about how to break Ethereum.

But my no-prior-knowledge understanding is that there’s a structural flaw in Ethereum’s design that makes it unusually vulnerable to inexpensive DoS attacks.

The paper details three separate attack strategies, but the commonality appears to be that because fees are only charged on transactions that are included in blocks, an attacker can force block producers to do expensive computations that ultimately get thrown out and leave the block they produce empty or compromised.

“Adversaries can craft malicious transactions that decouple the work imposed on blockchain actors from the compensation offered in return,” as the paper puts it.

By making everyone do work without paying anything in fees, an attacker could force the Ethereum network to grind to a halt. 

Q: Why would someone do that?

Same reason why anyone does anything in crypto — to make money.

(I kid. Sort of.)

More specifically, the most likely motivation would be to force a liquidation event and then stop people from bidding on the collateral that comes for sale — if you’re the only one who can get a transaction into a block, you’d presumably be able to scoop the collateral at artificially low prices.

Q: Why hasn’t it happened already? 

I’m not sure. 

I asked one of the paper’s authors, Aviv Zohar, how profitable these strategies might be. He guesstimated that a malicious attacker could make hundreds of millions of dollars from them. 

(There’s no science behind that, he was simply guessing based on how profitable other, unrelated attack strategies have been.)

That’s a lot of money, even by crypto hacking standards, so it’s not clear to me why someone hasn’t tried it yet. 

Perhaps it’s because there’s lower-hanging fruit to be had or because if you don’t do it correctly, you might end up paying much more than the average cost without reaping any ill-gotten gains.

Flash loan attacks are earlier and safer, I’m told.

It might also be because a profit-making DoS attack would probably be illegal (market manipulation, I think).  

Or it might just be that the paper hasn’t been translated into the North Korean language yet.

I don't know. 

Q: Maybe crypto is a less adversarial place than it seems?

That’s the most hopeful explanation, yes — and it might even be correct.

Aviv Zohar told me that researchers are aware of many theoretical crypto attacks that never get executed.

Zohar himself found an attack on the Lightning Network that he expects would make money “pretty much for sure” — but even after publishing a paper explaining how to execute it way back in 2020, no one’s ever tried it.

Vulnerabilities in Bitcoin itself that have been known for even longer have also gone untested.

So maybe there just aren’t as many bad actors in crypto as everyone seems to think.

Still, though, if nothing else, I’m surprised a Solana partisan hasn’t yet DoS’d Ethereum just to stop their frenemies from trolling them when Solana occasionally goes down.

Less than 3 SOL to shut them up seems like a bargain.

Q: What would the price of ETH do?

The long history of attacks on other layer-1 blockchains shows that token prices don’t necessarily go down when a chain does, so maybe not — and the authors of the paper I spoke to didn’t seem to think empty Ethereum blocks would be particularly damaging for ETH.

But seeing as one of Ethereum's best selling points is that it never goes down, I would guess there’s considerable risk for ETH the first time it does (if it does). 

Temporarily, at least.

Q: So, this isn’t an existential threat to Ethereum?

Aviv Zohar assures me it’s not: “Ethereum would evolve around it.”

The biggest risk, he says, is to the “80% of validators that are censoring.” 

Q: What’s censoring have to do with it?

The easiest of the three attacks described in the paper takes advantage of the US sanctions list that most validators abide by.

Attackers can force validators to run computationally expensive operations to build a block without knowing that a sanctioned address is involved — they spend the money to run the operation only to find out they can’t include it in a block because of the sanctioned address — and therefore can’t get paid for it.

Another factor is that Ethereum’s new-ish separation of proposers and builders also makes these attacks easier — separating those roles means an attacker can more easily trick people into processing transactions that look valid to them but are not valid to others.

The bigger picture, though, is that the paper’s findings suggest allowing censorship on a Turing-complete blockchain like Ethereum introduces new attack vectors.

With the caveat that he has “no formal proof,” Aviv Zohar told me that it’s “not so simple to do both censorship and general computation.”

So maybe we shouldn’t?

Q: Is this just an Ethereum problem?

The DoS paper only describes attacks on Ethereum, but I think it would apply to any blockchain where transactions are sequenced and transactions are processed before execution (which might be all of them?)

Ethereum layer-two blockchains are certainly susceptible, but Zohar told me the team did not test that because the code for those chains is not all public source.

So, the only way to run a simulation would be to run a real attack. 

WOPR might not see the difference, but let’s hope we don’t find out. 

— Byron Gilliam

Catch your favorite newsletter author (Byron, of course!) IRL at Permissionless as he draws insights out of the greatest investment minds in the liquid token market. 

Atlas: Combining TradFi Performance with DeFi Transparency 

Frankie from Paradigm and Eugene from Ellipsis Labs discuss why Atlas is using the SVM to build an Ethereum L2. They talk design decisions made along the way and Atlas’ approach to handling MEV. 

Watch or listen to Bell Curve on YouTube, Spotify or Apple.

Blockworks Research is conducting a survey to gain insight into the institutional staking landscape. This data will help industry leaders adopt their strategies as the industry matures.

If you're an institutional staker, we want to hear from you (and if you’re new to Blockworks Research, get 20% off of our service while you’re at it!)