Attacking Casper at Ethereal Hackathon
On the weekend of October 21st, Consensys and Blockchain at Berkeley co-hosted the very first Ethereal Blockchain hackathon. A group of students from Blockchain at Berkeley — Aparna Krishnan, Maaz Uddin, Gloria Wang, Zubin Koticha, and Vishesh Mehta — came together to form the zk-sharks team. We decided to come up with an idea that was truly innovative and unique, as we recognized that if most of the use cases of blockchain have to come into existence, the underlying technology itself must first be secure and scalable. So, rather than simply “hacking” something together as expected at hackathons, we decided to take a different approach: research.
Ethereum’s Consensus Algorithms
We looked into Ethereum’s move from Proof-of-Work (PoW) to Proof-of-Stake (PoS). For those who don’t know, both PoW and PoS are algorithms which enable a group of participants to reach consensus on the valid transactions happening in a network. The idea is that PoW requires you to solve a computationally rigorous puzzle that has high fixed and variable costs, resulting in a waste of tremendous amounts of electricity and other resources every year. Thus, we need a more efficient, long-term solution — enter PoS.
PoS, on the other hand, requires people to “stake” (or in a sense, invest) a certain amount of the native currency in the system in order to validate transactions on the network. The idea here is that someone who stakes a certain amount of currency is unlikely to act maliciously towards the network because they stand to lose that staked money if they are found guilty of being malicious. Therefore, the more you stake, the less likely you are to be malicious, and the more likely you are to get rewarded. While attractive on the surface, this led us to the hypothesis that in PoS, those who have a lot of money to stake will stake it, and will receive more money as time goes on. This was the basis of our research.
Do Only the Rich Get Richer in Proof of Stake?
We wanted to see whether this hypothesis (or the “rich get richer” problem) really does pan out. We modeled this problem mathematically then ran simulations to test our hypothesis. We found that with a randomized reward scheme, any staked player in the network will not veer too far off of their initial staked proportion, ceteris paribus. However, it still allows staked players to receive rewards from mining whilst non-staked players do not receive rewards and have to pay transaction fees. So even though the stakers’ percentages of total staked value does not change drastically, their actual wealth does accrue over time if they do not spend it.
Moreover, whilst looking into these possible threats, we came upon a completely new attack vector, the External Rewards Attack (ERA). The premise of ERA is that mining rewards will be received at some rate r, where risk-free rate < r < high-risk rate. What this means, is that it is possible to actually aggregate money faster by investing in high-risk assets outside of the current network and use those capital gains to re-stake in the network and potentially buy up 33%+ of stake all at once. This type of attack can be conducted much faster than the previous one and is more unforeseeable as it is almost impossible to track the malicious actor’s investments off network.
Both these attacks are very real threats to any PoS implementation. It is up to the designers of any specific PoS implementation to keep them in mind when considering ways to mitigate these attacks, and we hope that our research can help clarify a path forward. Bringing it back home, Casper has yet to finalize on many specifics of how rewards are dealt. Some of these are key to ensuring that the network is kept safe from malicious attackers. We are currently working on furthering our crypto-economic analysis of Casper and plan to formulate it into a whitepaper.