TY - GEN
T1 - DETER
T2 - 27th ACM Annual Conference on Computer and Communication Security, CCS 2021
AU - Li, Kai
AU - Wang, Yibo
AU - Tang, Yuzhe
N1 - Publisher Copyright:
© 2021 ACM.
PY - 2021/11/13
Y1 - 2021/11/13
N2 - On an Ethereum node, txpool (a.k.a. mempool) is a buffer storing unconfirmed transactions and controls what downstream services can see, such as mining and transaction propagation. This work presents the first security study on Ethereum txpool designs. We discover flawed transaction handling in all known Ethereum clients (e.g., Geth), and by exploiting it, design a series of low-cost denial-of-service attacks named DETER. A DETER attacker can disable a remote Ethereum node's txpool and deny the critical downstream services in mining, transaction propagation, Gas station, etc. By design, DETER attacks incur zero or low Ether cost. The attack can be amplified to cause global disruption to an Ethereum network by targeting centralized network services there (e.g., mining pools and transaction relay services). By evaluating local nodes, we verify the effectiveness and low cost of DETER attacks on all known Ethereum clients and in major testnets. We design non-trivial measurement methods against blackbox mainnet nodes and conduct light probes to confirm that popular mainnet services are exploitable under DETER attacks. We propose mitigation schemes that reduce a DETER attack's success rate down to zero while preserving the miners' revenue.
AB - On an Ethereum node, txpool (a.k.a. mempool) is a buffer storing unconfirmed transactions and controls what downstream services can see, such as mining and transaction propagation. This work presents the first security study on Ethereum txpool designs. We discover flawed transaction handling in all known Ethereum clients (e.g., Geth), and by exploiting it, design a series of low-cost denial-of-service attacks named DETER. A DETER attacker can disable a remote Ethereum node's txpool and deny the critical downstream services in mining, transaction propagation, Gas station, etc. By design, DETER attacks incur zero or low Ether cost. The attack can be amplified to cause global disruption to an Ethereum network by targeting centralized network services there (e.g., mining pools and transaction relay services). By evaluating local nodes, we verify the effectiveness and low cost of DETER attacks on all known Ethereum clients and in major testnets. We design non-trivial measurement methods against blackbox mainnet nodes and conduct light probes to confirm that popular mainnet services are exploitable under DETER attacks. We propose mitigation schemes that reduce a DETER attack's success rate down to zero while preserving the miners' revenue.
KW - blockchains
KW - design flaws
KW - ethereum
KW - mempool/txpool
KW - unconfirmed transactions
UR - https://www.scopus.com/pages/publications/85119022328
UR - https://www.scopus.com/pages/publications/85119022328#tab=citedBy
U2 - 10.1145/3460120.3485369
DO - 10.1145/3460120.3485369
M3 - Conference contribution
AN - SCOPUS:85119022328
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 1645
EP - 1667
BT - CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security
Y2 - 15 November 2021 through 19 November 2021
ER -