2 years ago
A research paper published by The Hebrew University successful Israel reports having discovered the “first grounds of a consensus-level onslaught connected a large cryptocurrency.” The insubstantial is presently awaiting adjacent reappraisal but utilizes publically disposable on-chain information and Ethereum’s unfastened root codebase to affirm its conclusions.
At its core, the insubstantial highlights an contented wherever miners tin alteration the timestamp related to a mined artifact to debar accrued trouble connected the network. On-chain information appears to enactment the assertion arsenic Aviv Yaish, 1 of the paper’s authors, highlighted F2Pool’s artifact timestamps being artificially altered to amended rewards.
(9/12) Whenever F2Pool's artifact timestamps scope the constituent wherever mining trouble is expected to decrease, they artificially acceptable them to beryllium 1 2nd earlier. F2Pool has been executing this onslaught implicit the past 2 years, and the grounds has been hiding successful plain sight! … pic.twitter.com/mDEG2UqXZh
— Aviv Yaish (@yaish_aviv) August 5, 2022
Uncle Maker
Ethereum is maintained done a proof-of-work statement mechanism, which volition beryllium moved to proof-of-stake this September. However, to this point, the web appears to beryllium susceptible to the onslaught identified successful by The Hebrew University.
The consensus-level onslaught is referred to arsenic an Uncle Maker onslaught wrong the insubstantial successful notation to the “uncle” blocks utilized successful the exploit. Blocks wrong the Ethereum blockchain enactment arsenic a acceptable of records that are checked, distributed, and verified crossed the full network. Uncle blocks are valid blocks that person been removed from the main concatenation but inactive person rewards.
“The onslaught allows an attacker to regenerate competitors’ main-chain blocks aft the information with a artifact of its own, frankincense causing the replaced block’s miner to suffer each transactions fees for the transactions contained wrong the block, which volition beryllium demoted from the main-chain.”
Miners tin acceptable a block’s timestamp wrong “a definite tenable bound,” typically wrong a fewer seconds. One mining excavation that was singled retired successful the probe was F2Pool, which “in the past 2 years, F2Pool didn’t person adjacent a azygous artifact with a timestamp” that matched the expected outcome. F2Pool is 1 of the largest Ethereum pools operating with a hashrate of 129 TH/s and generating astir 1.5K ETH successful regular rewards.
The insubstantial besides highlighted that F2Pool’s “founder has made a comparatively good publicized condemnation of competing mining pools, blaming them for attacking his ain mining pool” while, successful reality, “F2Pool are attacking different mining pools.”
The monetary interaction of the onslaught has not yet been officially identified, but CryptoSlate reached retired Yaish who told us,
“For each palmy lawsuit of the attack, F2Pool earned 14% much from artifact rewards, and successful summation earned each the transaction fees contained within.
We are presently attempting to springiness factual estimations for some of your questions utilizing real-world data, which volition beryllium published instantly erstwhile we person them!”
The Hebrew University has “concrete fixes for Ethereum’s protocol” and created a spot for consideration. Yaish stated successful a blog post that the accusation was “responsibly disclosed to the Ethereum Foundation” earlier publication.
The station Researchers accidental they discovered statement level onslaught connected Ethereum — miners cheating the strategy to gain more appeared archetypal connected CryptoSlate.
English (US) 