Ethereum Protocol Fellowship 12th week update

Self Introduction

I’m a PhD student in Syracuse University in Blockchain security area, and now working on the Ethereum Mempool Attack Detection&Defence. Very excited joining in the fellowship and make some contribution to the Ethereum Portocol.

Progress

Attacks

For precvious attacks, we introduced four patterns ED1-4 to defence, here are other patterns.

Pattern LD1:

It locks the mempool by directly crafting future transactions. On an initially empty mempool, it sends the same transactions with Pattern ED1.

Pattern LD2:

It locks the mempool by directly crafting latent overdraft transactions. On an initially empty mempool, it sends transactions the same with E D2 except that
the transaction of nonce n = 1 is priced at p = 1 instead
of p = 4.
Unlike LD1 sending identical transactions with ED1, LD2 sends transactions with lower-price than those in ED2. Specifically, an LD2 attacker exploits a certain admission policy (PP3) to lock the mempool at a cost lower than ED2. For instance, in a 2-slot mempool, an ED2 trace is (f1, n1, p4), (f1, n2, p4), while an LD2 trace is (f1, n1, pl), (f1, n2, p4). With the mempool supporting PP3, while both traces can disable the mempool, LD2 incurs only of the Ether cost of ED2.

Pattern LD3:

It locks the mempool by crafting valid-turned-future transactions. On an initially empty mempool, it sends the same transactions with Pattern ED3.

Pattern LD4:

It locks the mempool by crafting valid-turned-latent-overdraft transactions. On an initially empty mempool, the pattern generates transactions similar to ED4 except that the nonce-1 transactions are first priced at p = 1 (instead of p = 4) and then the replacing/evicting transactions of nonce n = 1 are priced at p = 2.

Pattern LD5:

Unlike the previous patterns that exploit invalid transactions for extremely low costs (i.e., either one or zero transaction's fee per mempool), LD5 exploits only valid transactions that are harder to defend against. LD5 locks the mempool by crafting cheap valid transactions. The attacker sends a sequence of transactions from the same sender where the last transaction (i.e., the transaction with the largest nonce) has a higher price than normal transactions while all other transactions have the minimal price (e.g., p = 1). Note that exploiting valid transactions to lock may still incur lower costs as will be seen. By contrast, exploiting valid transactions to evict does not constitute a low-cost attack where the attacker pays higher fees than those of victim transactions.

Mitigation

According to the previous work, we can mitigate the ED1-4 by tx Priority (F1).
This mitigation policy also work on the LD1-4.

Security analysis

LD1 declines a low-price valid transaction tx that would have evicted a high-price future transaction tx'; this violates Policy F1. As a result, under F1, LD1's success rates become zero.

LD2 declines a low-price valid transaction tx that would have evicted a high-price latent-overdraft transaction tx'. The transaction rejection violates Policy F1. However, under F1, LD2 can still decline the valid tx that admissions would have evicted tx' if tx' is the parent of latent-overdralt transactions (this is due to Policy F1). In practice, with each parent transaction associated n latent-overdraft transactions, F1 can reduce LD2's success rate down to 1/n and keep the cost symmetric.

LD3 and LD4 both require turning valid transactions into invalid ones, which are mitigated by Policy F1 (as in ED3/ED4). Under F1, LD3 and LD4 become high-cost spamming attacks.