Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Byzantine Attacks Exploiting Penalties in Ethereum PoS

Ulysse Pavloff, Yackolley Amoussou-Genou, Sara Tucci-Piergiovanni

TL;DR

The paper formalizes Ethereum PoS inactivity leak and analyzes its impact on safety under partial synchrony and Byzantine coordination. It develops a mathematical model of inactivity scores and stake evolution, and examines scenarios with and without slashing, deriving GST upper bounds and times to conflicting finalization under network partitions and synchronous periods. Key contributions include (i) a precise dynamic model for inactivity penalties, (ii) a GST-based analysis showing how the leak can hasten safety violations, and (iii) a revisitation of the Probabilistic Bouncing Attack under the leak, revealing conditions under which Byzantine stake can exceed the $1/3$ safety threshold. The findings highlight that penalty mechanisms, while aimed at restoring liveness, can undermine safety in adversarial settings, with practical implications for the design of PoS protocols and incentive structures.

Abstract

In May 2023, the Ethereum blockchain experienced its first inactivity leak, a mechanism designed to reinstate chain finalization amid persistent network disruptions. This mechanism aims to reduce the voting power of validators who are unreachable within the network, reallocating this power to active validators. This paper investigates the implications of the inactivity leak on safety within the Ethereum blockchain. Our theoretical analysis reveals scenarios where actions by Byzantine validators expedite the finalization of two conflicting branches, and instances where Byzantine validators reach a voting power exceeding the critical safety threshold of one-third. Additionally, we revisit the probabilistic bouncing attack, illustrating how the inactivity leak can result in a probabilistic breach of safety, potentially allowing Byzantine validators to exceed the one-third safety threshold. Our findings uncover how penalizing inactive nodes can compromise blockchain properties, particularly in the presence of Byzantine validators capable of coordinating actions.

Byzantine Attacks Exploiting Penalties in Ethereum PoS

TL;DR

The paper formalizes Ethereum PoS inactivity leak and analyzes its impact on safety under partial synchrony and Byzantine coordination. It develops a mathematical model of inactivity scores and stake evolution, and examines scenarios with and without slashing, deriving GST upper bounds and times to conflicting finalization under network partitions and synchronous periods. Key contributions include (i) a precise dynamic model for inactivity penalties, (ii) a GST-based analysis showing how the leak can hasten safety violations, and (iii) a revisitation of the Probabilistic Bouncing Attack under the leak, revealing conditions under which Byzantine stake can exceed the safety threshold. The findings highlight that penalty mechanisms, while aimed at restoring liveness, can undermine safety in adversarial settings, with practical implications for the design of PoS protocols and incentive structures.

Abstract

In May 2023, the Ethereum blockchain experienced its first inactivity leak, a mechanism designed to reinstate chain finalization amid persistent network disruptions. This mechanism aims to reduce the voting power of validators who are unreachable within the network, reallocating this power to active validators. This paper investigates the implications of the inactivity leak on safety within the Ethereum blockchain. Our theoretical analysis reveals scenarios where actions by Byzantine validators expedite the finalization of two conflicting branches, and instances where Byzantine validators reach a voting power exceeding the critical safety threshold of one-third. Additionally, we revisit the probabilistic bouncing attack, illustrating how the inactivity leak can result in a probabilistic breach of safety, potentially allowing Byzantine validators to exceed the one-third safety threshold. Our findings uncover how penalizing inactive nodes can compromise blockchain properties, particularly in the presence of Byzantine validators capable of coordinating actions.
Paper Structure (21 sections, 24 equations, 10 figures, 3 tables)

This paper contains 21 sections, 24 equations, 10 figures, 3 tables.

Table of Contents

  1. Introduction
  2. System Model & Blockchain Properties
  3. Ethereum protocol
  4. Structure
  5. Consensus
  6. Incentives
  7. Inactivity Leak
  8. Inactivity Score
  9. Inactivity penalties
  10. Stake's functions during an inactivity leak
  11. Analysis
  12. GST upper bound for Safety
  13. Two finalized chains
  14. Upper bound decrease due to Byzantine validators
  15. With slashing
  16. ...and 6 more sections

Figures (10)

  • Figure 1: Ethereum protocol Structure
  • Figure 2: This figure shows 3 different stake's trajectories in the event of an inactivity leak: the stake of a validator active every epoch, the stake of a validator active every other epoch (semi-active) and an inactive validator. The inactive validators get ejected at epoch $t=4685$. The semi-active validators get ejected at $t=7652$. For reference, 5000 epochs is about 3 weeks.
  • Figure 3: Evolution of the ratio of active validators depending on the proportion $p_0$ of active validators on the branch. This follows the ratio given in \ref{['eq:honestActiveRatio']} before regaining 2/3 of active validators or the expulsion of inactive validators at epoch $t=4685$.
  • Figure 4: Byzantine validators active on both chains of a fork at the same time during asynchronous times.
  • Figure 5: Byzantine validators active on both branches of a fork alternatively during asynchronous times.
  • ...and 5 more figures

Theorems & Definitions (3)

  • Definition 1: Candidate chain
  • Definition 2: Finalized block
  • Definition 3: Finalized chain