The Victory of “a Deal”
If you ask me what attacks are inevitable on the blockchain, I will answer: blocking attacks and 51% attacks. We will talk about the 51% attack next time, and today we will discuss the blocking attack.
The so-called blocking attack is to occupy the block with transactions, so that the transactions of others cannot be packaged.
Some people compare the blocking attack to DDoS attack on the blockchain — instead of looking for system vulnerabilities, they take resources “in compliance” and shuts down the system. The two do have similarities. In a nutshell, one similarity is “compliance”, meaning the attack is allowed by the system. The other is non-vulnerability, meaning any system can be attacked, even it is perfect. The third is that the attackers occupy the system resources. Others are passively excluded.
Take a close look at these characteristics. It does not seem to be a pure technical issue, nor a pure security issue. Blocking attacks is an economic or a game issue. Taking the Ethereum network as an example. We first study the best logic of a blocking attack, and secondly, we study the idea of countering a blocking attack.
Assuming that the upper limit of the gas limit of a block is 10 million and the smallest single transaction is 20,000, there are two ways to clog a block. The first is to clog the block with a large number of small transactions with high gas price. The second is to use one large transactions with a high gas price. Here large and small are measured by gas limit. Large transactions are ones that fill the entire block as much as possible, such as a gas limit of 10 million. For example, if gas prices are all 1000 (in the case of 312 Ethereum network congestion, the gas price required for the block to be packaged quickly is also within 1000 times), then the gas costs of the two ways are the same, which is the result of calculation from its own position.
But from the perspective of miners and competitors, the two are different.
Let me talk about competitors first. They are traders who want to break through the blocking attack. If it is a small transaction, the competitor can use a higher gas price to pack the block before the attacker does. For example, to compete with a gas price of 2000. In principle, it must be ranked in front of many small transactions with a gas price of 1000.
But for a large transaction, because the miner considers maximizing the combination of gas instead of packaging the transaction with the highest gas price, the competitor may be blocked. This is because the total gas of large transactions is 10 million * 1000. And the gas including small transactions is 20,000 * 2000 + the other transactions, where the other transactions are alternative third-party transactions. Generally the gas price is lower.
In these two transaction combinations, the rational miners will choose a combination of large transactions, so that even if the competitor has a higher gas price, he/she will be excluded because of the lower gas price of a single transaction. Therefore, large-scale transactions with high gas price have advantages in terms of effectiveness.
According to the current transaction situation of the Ethereum network, the gas fee for a large transaction of 1000 times gas price is 1000w * 1000 = 10 ETH. To clog a block, the cost of blocking for 10 minutes is 500 ETH. If the external incentives are large enough (external incentives are rewards other than the current behavior), it is worth 3000 ETH to block for 1 hour. Note that 1000 times the gas price is only based on the assumption of a statistical data, and is not based on an on-chain application to analyze.
Consider an on-chain application, such as DeFi, whose economy depends on blocks, that is, within N blocks, a transaction needs to be completed, otherwise it will cause the loss of X ETH. If the application does not make any design, according to the previous assumption, a 10 * N ETH blocking attack can cause the loss of X ETH.
There are several situations here: 1. The loss of X ETH can become the gain of the attacker, then when X> 10N, the attack is a completely rational incentive. 2. The loss of X ETH cannot be turned into an attacker’s gain, then this situation is the same as X <10N. It becomes a malicious act. By destroying the validity of the application, the assets of the application will be lost.
The two situations should be considered separately, but in either case, the core is how to disable the blocking attack — there is always a transaction that can be completed before the critical condition is triggered. This is what we call “the victory of a transaction.”
For the first case, the application needs to make two designs. First, it should increase the size of N according to economic scale or some abnormal conditions, and become N1. Second, increase the incentive of completing a transaction. For example, the incentive for completing a transaction is increased from a ETH to b ETH, where b> a and b> 10 ETH. Then, the cost of clogging a block becomes b ETH, and the total cost changes from 10 * N ETH to b * N1 ETH. As long as b * N1 ETH> X, then the external incentive of the attack fails.
For the second case, the best way to deal with a malicious attack is to set up a shutdown mechanism, which implies two things. First, the cost of the attack is increased geometrically, so that the attacker cannot achieve the goal and the attack is abandoned. For example, the beta coefficient design of the NEST system is the first built-in shutdown system in the current blockchain industry. We can learn from it, such as allowing the number of critical blocks N to be increased in series.
Second, automatically adjust the applicability of the application according to the difficulty of “a victory of a transaction”. When completing the “victory of a transaction” becomes very urgent, the application can be temporarily unable to execute, causing the attacker to lose the attack target. Since these two methods are open, more in-depth classification studies of boundary conditions are needed.
Of course, the above analysis assumes that miners are completely rational and only consider the profits of packaged gas, without considering possible blacklists, voluntary sacrifice of some interests to resist blocking attacks, and other behaviors. Through these humanized methods, it is also possible to indirectly achieve anti-attack purpose, but we prefer to design on the application side.
Since the current on-chain application is still in exploration, no one has seriously thought about the attack and defense of the blocking attack. This is very unfavorable for the development of future applications. Think about the ending of FOMO3D , I hope it will not happen in the DeFi industry. We write this article to remind the industry to be cautious about blocking attacks. When developing application contracts, use as many clever schemes as possible to fight for “the victory of a transaction”.
Author signature: NestFans
NEST website: https://nestprotocol.org
NEST oracle docs: https://docs.nestprotocol.org
Telegram: https://t.me/nest_chat(NEST Fans chat group)
Twitter: https://twitter.com/BruceYang_NEST(active NEST fan)
NEST Fans: https://nestfans.com(NEST Fans chinese forum)
