Opportunistic Algorithmic Double-Spending: How I learned to Stop Worrying and Love the Fork

Nicholas Stifter (Korresp. Autor*in), Aljosha Judmayer, Philipp Schindler, Edgar Weippl

Veröffentlichungen: Beitrag in BuchBeitrag in KonferenzbandPeer Reviewed

Abstract

In this paper, we outline a novel form of attack we refer to as Opportunistic Algorithmic Double-Spending (OpAl). OpAl attacks avoid equivocation, i.e., do not require conflicting transactions, and are carried out automatically in case of a fork. Algorithmic double-spending is facilitated through transaction semantics that dynamically depend on the context and ledger state at the time of execution. Hence, OpAl evades common double-spending detection mechanisms and can opportunistically leverage forks, even if the malicious sender themselves is not responsible for, or even actively aware of, any fork. Forkable ledger designs with expressive transaction semantics, especially stateful EVM-based smart contract platforms such as Ethereum, are particularly vulnerable. Hereby, the cost of modifying a regular transaction to opportunistically perform an OpAl attack is low enough to consider it a viable default strategy. While Bitcoin’s stateless UTXO model, or Cardano’s EUTXO model, appear more robust against OpAl, we nevertheless demonstrate scenarios where transactions are semantically malleable and thus vulnerable. To determine whether OpAl-like semantics can be observed in practice, we analyze the execution traces of 922562 transactions on the Ethereum blockchain. Hereby, we are able to identify transactions, which may be associated with frontrunning and MEV bots, that exhibit some of the design patterns also employed as part of the herein presented attack.
OriginalspracheEnglisch
TitelComputer Security – ESORICS 2022
Untertitel27th European Symposium on Research in Computer Security, Proceedings
Redakteure*innenVijayalakshmi Atluri, Roberto Di Pietro, Christian D. Jensen, Weizhi Meng
ErscheinungsortCham
Herausgeber (Verlag)Springer
Seiten46-66
Seitenumfang21
ISBN (elektronisch)978-3-031-17140-6
ISBN (Print)978-3-031-17139-0
DOIs
PublikationsstatusVeröffentlicht - 1 Sep. 2022

Publikationsreihe

ReiheLecture Notes in Computer Science
Band13554
ISSN0302-9743

ÖFOS 2012

  • 102015 Informationssysteme
  • 102016 IT-Sicherheit

Zitationsweisen