A group of computer experts made up of members of the Ethereum Foundation and scientists from Stanford University recently explained how to attack the Ethereum 2.0 network in three different ways. Ethereum version 2.0 will be used when they complete their transition from proof of work (PoW) to proof of stake (PoS).
On October 19, the computer scientists Caspar Schwarz-Schilling, Joachim Neu, Bernabé Monnot, Aditya Asgaonkar, Ertem Nusret Tas and David Tse published a document in which they specify certain vulnerabilities present in the PoS version of Ethereum.
The weaknesses exposed in the report titled: Three Attacks on Proof-of-Stake Ethereum (Three Attacks on Ethereum with Proof of Stake, translated into Spanish) would allow users of said network to carry out block reorganization attacks and cause delays in consensus.
Of the three types of attack mentioned in the post, the first two had already been exposed before. However, this team of researchers claims to have found “refined variants” of such attacks.
The third type of attack consists of the combination of strategies of the first two models in the Ethereum 2.0 network and their proof of stake.
The forms of attack used by computer scientists in Ethereum 2.0
The first attack outlined would involve the reorganization of blocks on a short scale. In this type of attack, the perpetrator is a mining entity that generates blocks, but in secret; that is, without adding said blocks to the chain.
To be able to execute this action effectively, the attacker needs to have enough resources to produce blocks faster than the rest of the network. When it manages to add more blocks than the original chain and reaches a certain point, the perpetrator of the attack publishes the mined blocks. In this way, those who were already in the chain are reorganized or orphaned.
The transactions that contained the discarded or reordered blocks, consequently, also undergo changes. This makes it possible for a cryptocurrency to be spent twice. It’s like traveling back in time and paying again with the same ticket in several stores.
The second attack mentioned in the post is that of vivacity. This seeks to take advantage of delays in the network to stop the consensus process. It is important to emphasize that, to be able to implement it effectively, it is necessary to have an ideal scenario in the blockchain where it is carried out; which is why they are usually not practical at all.
The specialists who conducted the tests for this report claim to have obtained a formula not to depend so much on network delays. In fact, as explained in the document, only a 15% stake in the Ethereum PoS network would be needed to stop its advance.
The third type of attack is a hybrid between the improved versions of the first two, where, in addition to taking advantage of network delays, it is possible to cause large-scale block reorganizations.
Ethereum 2.0 and its announced, but slow, arrival
Ethereum’s consensus algorithm change is a promise that has kept Ethereum miners on their toes for years. The transition from proof-of-work to proof-of-stake use on this network has been complicated and has been rescheduled on more than one occasion. However, progress in that direction continues to be seen.
The most recent update that came to Ethereum, which they called Altair, went into effect on October 27. The expectations it aroused were such that the network’s native cryptocurrency, ether (ETH), reached two all-time highs in price later with which it surpassed USD 4,400 per unit.