Speculative Denial of Service Attacks in Ethereum

Block proposers may opportunistically execute transactions when creating blocks to maximize their profits. This article presents three attack methods that utilize opportunistic execution to cheaply launch DoS attacks on the network by creating transactions that cannot be included in blocks, including their implementation principles and potential consequences.

There are three types of attacks that can be carried out on the PBS ecosystem. The first attack, ConditionalExhaust, creates “double-sided” transactions that are only computationally intensive when executed by a builder who cannot include them in a block. In other cases, they are very simple and have low transaction fees. For example, if the block proposer is known to review transactions to ensure compliance with the law, an attacker can send a ConditionalExhaust transaction to eventually interact with a sanctioned entity, which the proposer cannot legally include in the block. Testing on a local test network showed that with only 140 transactions and maximum cost of $770, the attacker can exhaust the victim’s resources, severely damaging system activity.

The second attack, MemPurge, allows honest transactions to be evicted from the memory pool. Blockchain nodes store transactions in the memory pool, which has a limited size. When it reaches the limit, existing transactions may be evicted in favor of newer and better-paying transactions. MemPurge can evict higher-paying transactions from the memory pool by creating seemingly valid but actually invalid transactions. MemPurge allows attackers to send a chain of up to 65 transactions, but in the worst case, they only need to pay for a single transaction, making eviction very cheap. Additionally, MemPurge and ConditionalExhaust can be combined to exhaust the victim’s computational resources and clog their memory pool.

The last attack, GhostTX, exploits inconsistencies in transaction verification to create transactions that force searchers and builders to include them in bundles and blocks, even if it violates their review policies. For example, the victim may review Tornado Cash, but GhostTX can “trick” them into including TC transactions in their blocks. In the PBS ecosystem, the reputation of a searcher depends on the final transaction volume that lands on the chain they sent, so GhostTX damages reputation. Testing shows that searchers with reputation ranks higher than 86% can fall below 40% by executing GhostTX attacks that cost less than $1,000.

Reference: https://www.researchgate.net/publication/371641235_Speculative_Denial-of-Service_Attacks_in_Ethereum

Like what you're reading? Subscribe to our top stories.

We will continue to update Gambling Chain; if you have any questions or suggestions, please contact us!

Follow us on Twitter, Facebook, YouTube, and TikTok.


Was this article helpful?

93 out of 132 found this helpful

Gambling Chain Logo
Digital Asset Investment
Real world, Metaverse and Network.
Build Daos that bring Decentralized finance to more and more persons Who love Web3.
Website and other Media Daos

Products used

GC Wallet

Send targeted currencies to the right people at the right time.