Three Attacks on Proof-of-Stake Ethereum
This work addresses critical security risks for Ethereum users and developers, presenting incremental but severe improvements to known attacks.
The paper tackles security vulnerabilities in Proof-of-Stake Ethereum by refining two existing attacks to require less adversarial stake and network control, and introduces a third attack enabling long-range reorganizations with minimal stake and probabilistic message propagation, threatening protocol security and stability.
Recently, two attacks were presented against Proof-of-Stake (PoS) Ethereum: one where short-range reorganizations of the underlying consensus chain are used to increase individual validators' profits and delay consensus decisions, and one where adversarial network delay is leveraged to stall consensus decisions indefinitely. We provide refined variants of these attacks, considerably relaxing the requirements on adversarial stake and network timing, and thus rendering the attacks more severe. Combining techniques from both refined attacks, we obtain a third attack which allows an adversary with vanishingly small fraction of stake and no control over network message propagation (assuming instead probabilistic message propagation) to cause even long-range consensus chain reorganizations. Honest-but-rational or ideologically motivated validators could use this attack to increase their profits or stall the protocol, threatening incentive alignment and security of PoS Ethereum. The attack can also lead to destabilization of consensus from congestion in vote processing.