Zero Gas Price Transactions — what they do, who creates them, and why they might impact Scalability

ChainSecurity
Jun 5, 2019 · 6 min read
Image for post
Image for post

From time to time it is important to question some fundamental assumptions about a system, especially as auditors. Today we look at the following assumption:

Every transaction on Ethereum costs some Ether

It turns out that this assumption is not completely true.

Source: http://gph.is/1MNW8he

A quick recap: On Ethereum, transactions cost Gas depending on their complexity. Transaction creators can set a Gas Price which, multiplied with the Gas needed, determines the Gas Cost which has to be paid in Ether. Why is paying for transactions important in Ethereum? It limits spam attacks as the originator of a transaction actually needs to pay for the transaction. It incentivizes miners to include transactions. A third benefit is a little more indirect: it prevents certain attacks against smart contracts as the attack cost is higher than the economic gain. As an example, integer rounding errors in dividend-emitting contracts can give attackers very small advantages, which in practice are made infeasible due to the much higher gas cost of those transactions.

So why is it not completely true? In 0.5% of all blocks of the Ethereum main chain in Q1 2019 there are transactions with an actual Gas Price of 0. We call these going forward “Zero Gas Price Transactions”.

What they do

In the following we will analyze three different Zero Gas Price Transactions and the purpose of these transactions.

First transaction — Minereum token mining

Let us start by looking at this transaction:

This transaction was signed by account 0x4554984fa368c745616bba60a28eb65b0976d38b which is one of the Minereum genesis addresses. The important thing to understand is that the private key of this address is publicly known. Minereum was designed to have people compete with high Gas Price transactions to be the first to withdraw newly minted tokens from this address. To transfer tokens from an address, that address needs to hold some Ether to pay for the gas. In the case of this address it is not possible as any Ether sent to it will immediately be transferred away by sweeper bots with very high Gas Price transactions, effectively making any other transaction, which all have higher Gas requirements, impossible. In this case the attackers succeeded because they managed to get a transaction included where they actually did not have to pay any Ether! There is a nice write-up of this activity here: A Christmas Mystery: sweepers and zero gas price transactions. The address used here to receive the tokens is 0xe386e3372e3d316ae063af50c38704ec6fba5149which is an address used in hacks of users.

Second Transaction — GasToken mining

Let us look at another similar transaction, but this time against the GasToken2 contract:

At first sight, this looks like someone creating GasTokens without paying anything, which can later be used to save gas cost, e.g. when gas prices are high. Why would a miner include this transaction? The first reason we though of is that there were not any pending transactions in the network at that time and the miner was simply optimizing their profits by mining GasTokens. But there are several question marks behind this assumption. A miner doesn’t have to use Zero Gas Price Transactions in the first place as they are receiving the mining fee anyways. Also, the following block was full and paid out roughly 5x in transaction fees, which might have been lucky, but is more likely to indicate that the miner didn’t include all transactions on purpose. Nevertheless, the biggest question mark by far is something else, the use of 0x00a329c0648769a73afac7f9381e08fb43dbea72 as the from-address which received the mined tokens. This address is another well-known address where the private key is publicly known: the “empty passphrase” parity address.
Why would a miner mine tokens to this address instead of a private one?

Third Transaction — Failing Token Transfer

Now let us look at a third type of transaction:

This transaction is failing. It turns out that a lot of transactions with a zero gas price are failing. In this case, a transfer of the well known Beauty Chain Token is attempted. This project was hacked in 2018 and has paused all trading activity since that day, causing all transfer calls to fail. It is also notable that the from-address used here is very likely another address with a known private key given that the account shows the usual sweeper bot activity whenever Ether is transferred into it.

Who creates them

Analyzing all of these different types of transactions leads us to the following assumption: this activity originates very likely from a single actor who is trying to transfer tokens away from compromised accounts. The script used is not very sophisticated as it tries again and again to transfer tokens which are permanently locked up. Mining tokens into these addresses might serve as a honeypot to incentivize others to try and steal those tokens, but given that there are easier ways it is not yet clear why the actor follows this strategy.

There is another important component. Zero Gas Price Transactions are usually not propagated in the network, and clients like geth and parity do not accept them by default. Even after we configured our nodes to accept all transactions including those with zero gas prices, we couldn’t find any such transactions being propagated on the Ethereum P2P network. The only way someone can include these transaction is by mining directly or by sending them to supportive mining pools without using the Ethereum P2P layer. If you know of a way to make a mining pool include only your transaction, please let us know in the comments.

Why it will impact scalability

So the big question is: what is the impact on the Ethereum network?

Currently, the absolute numbers of blocks containing these Zero Gas Price Transactions are relatively minor. Only 0.5% of all blocks mined in Q1 2019 on Ethereum Mainnet contain these types of transactions. More worrying is that the total mining power which colludes with this actor is, while still small at 4.3%,not negligible. Among the mining pools who include these transactions are well-known names like DwarfPool and uupool.

So why is this something to keep a close eye on? It is clear that miners can increase their profits by creating transactions and include them in their blocks, be it by design like in the case of GasTokens or Minereum or by activity like transferring tokens from addresses which are otherwise unusable. Currently most blocks in Ethereum are full and paid for by users with Gas, which in most cases gives the mining pools more profit than to include these transactions.

With higher maximal network throughput, which is the primary goal of Ethereum scalability, it is to be expected that in off-peak times half-full or even mostly empty blocks will become the norm. What would happen to the network if miners start to fill up these blocks with transactions e.g. mining for GasTokens to optimize their profits?

Compared to mostly empty blocks, full blocks greatly increase the load on all participants and have the potential to cause long-term harm.

The effects of this long-term harm can already be observed in the growing effective costs for SLOAD operations.

Is it enough to trust miners to not harm the network out of self-interest? How will that change if the mining rewards for new blocks go down even more and the transaction fees become a sizeable part of their income? Let us know what you think in the comments!

A short comment on EIP 1559

How will a new fee model like the one proposed by Vitalik Buterin and Eric Conner in EIP 1559 change this? It introduces a BASEFEEwhich gets burned, which can prevent Zero Gas Price Transactions on the network layer (as long as the BASEFEE is above zero) and by that prevent the attacks described here. While Zero Gas Price Transactions aren’t mentioned in the motivation for the EIP, a broad band of other attacks are:

[…] incentivizing mining “sister blocks” that steal transaction fees, opening up much stronger selfish mining attack vectors, and more.

ChainSecurity

From the world of secure smart contracts

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store