The Attack of the Clones Against Proof-of-Authority
This identifies critical vulnerabilities in blockchain consensus mechanisms, impacting security for users and developers relying on proof-of-authority systems.
The paper formalizes proof-of-authority consensus algorithms (Aura and Clique) in Ethereum and introduces the Cloning Attack, which enables double spending with a single malicious node, showing it is always successful against Aura and about twice as fast and mostly successful against Clique.
In this paper, we explore vulnerabilities and countermeasures of the recently proposed blockchain consensus based on proof-of-authority. The proof-of-work blockchains, like Bitcoin and Ethereum, have been shown both theoretically and empirically vulnerable to double spending attacks. This is why Byzantine fault tolerant consensus algorithms have gained popularity in the blockchain context for their ability to tolerate a limited number t of attackers among n participants. We formalize the recently proposed proof-of-authority consensus algorithms that are Byzantine fault tolerant by describing the Aura and Clique protocols present in the two mainstream implementations of Ethereum. We then introduce the Cloning Attack and show how to apply it to double spend in each of these protocols with a single malicious node. Our results show that the Cloning Attack against Aura is always successful while the same attack against Clique is about twice as fast and succeeds in most cases.