Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Commitment Attacks on Ethereum's Reward Mechanism

Roozbeh Sarenche, Ertem Nusret Tas, Barnabe Monnot, Caspar Schwarz-Schilling, Bart Preneel

TL;DR

The paper analyzes commitment attacks on Ethereum's LMD GHOST consensus, showing that payoff-maximizing validators can be steered by adversaries through credible threats to reorient votes and harvest rewards. It develops several attack models (Simple, Strong Simple, Extended) and demonstrates that, even with solo validators or staking pools, reorgs and liveness violations can be equilibrium outcomes under certain conditions. To mitigate these vulnerabilities, the authors propose a DAG-based DAG Votes reward mechanism that decentralizes attestor rewards and preserves incentives for honest voting; they also provide a practical deployment path with aggregators to bound overhead. The work includes theoretical SPNE analyses under mild assumptions and practical evaluations demonstrating manageable increases in block size and computation, arguing that DAG Votes strengthens reorg-resilience while remaining implementable in Ethereum. Overall, the paper highlights how commitment devices and MEV-driven incentives can destabilize reorg-resilience and offers a decentralized, implementable mitigation with quantified performance trade-offs.

Abstract

Validators in permissionless, large-scale blockchains, such as Ethereum, are typically payoff-maximizing, rational actors. Ethereum relies on in-protocol incentives, like rewards for correct and timely votes, to induce honest behavior and secure the blockchain. However, external incentives, such as the block proposer's opportunity to capture maximal extractable value (MEV), may tempt validators to deviate from honest protocol participation. We show a series of commitment attacks on LMD GHOST, a core part of Ethereum's consensus mechanism. We demonstrate how a single adversarial block proposer can orchestrate long-range chain reorganizations by manipulating Ethereum's reward system for timely votes. These attacks disrupt the intended balance of power between proposers and voters: by leveraging credible threats, the adversarial proposer can coerce voters from previous slots into supporting blocks that conflict with the honest chain, enabling a chain reorganization. In response, we introduce a novel reward mechanism that restores the voters' role as a check against proposer power. Our proposed mitigation is fairer and more decentralized, not only in the context of these attacks, but also practical for implementation in Ethereum.

Commitment Attacks on Ethereum's Reward Mechanism

TL;DR

The paper analyzes commitment attacks on Ethereum's LMD GHOST consensus, showing that payoff-maximizing validators can be steered by adversaries through credible threats to reorient votes and harvest rewards. It develops several attack models (Simple, Strong Simple, Extended) and demonstrates that, even with solo validators or staking pools, reorgs and liveness violations can be equilibrium outcomes under certain conditions. To mitigate these vulnerabilities, the authors propose a DAG-based DAG Votes reward mechanism that decentralizes attestor rewards and preserves incentives for honest voting; they also provide a practical deployment path with aggregators to bound overhead. The work includes theoretical SPNE analyses under mild assumptions and practical evaluations demonstrating manageable increases in block size and computation, arguing that DAG Votes strengthens reorg-resilience while remaining implementable in Ethereum. Overall, the paper highlights how commitment devices and MEV-driven incentives can destabilize reorg-resilience and offers a decentralized, implementable mitigation with quantified performance trade-offs.

Abstract

Validators in permissionless, large-scale blockchains, such as Ethereum, are typically payoff-maximizing, rational actors. Ethereum relies on in-protocol incentives, like rewards for correct and timely votes, to induce honest behavior and secure the blockchain. However, external incentives, such as the block proposer's opportunity to capture maximal extractable value (MEV), may tempt validators to deviate from honest protocol participation. We show a series of commitment attacks on LMD GHOST, a core part of Ethereum's consensus mechanism. We demonstrate how a single adversarial block proposer can orchestrate long-range chain reorganizations by manipulating Ethereum's reward system for timely votes. These attacks disrupt the intended balance of power between proposers and voters: by leveraging credible threats, the adversarial proposer can coerce voters from previous slots into supporting blocks that conflict with the honest chain, enabling a chain reorganization. In response, we introduce a novel reward mechanism that restores the voters' role as a check against proposer power. Our proposed mitigation is fairer and more decentralized, not only in the context of these attacks, but also practical for implementation in Ethereum.
Paper Structure (65 sections, 8 theorems, 8 figures, 9 tables, 1 algorithm)

This paper contains 65 sections, 8 theorems, 8 figures, 9 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Ethereum Consensus Security
  3. Incentives in Ethereum
  4. Commitment Attacks on LMD GHOST
  5. Simple Attack (Section \ref{['sec:solo-validators-simple']}, Figs. \ref{['fig:simple_game_unsuccessful']} and \ref{['fig:simple_game_successful']})
  6. Strong Simple Attack (Section \ref{['sec:solo-validators-strong-simple']})
  7. Extended Attack (Section \ref{['sec:solo-validators-extended']}, Fig. \ref{['fig:extended_attack_intro']})
  8. Staking Pools (Section \ref{['sec:staking-pools']})
  9. Attack Quantification (Appendix \ref{['sec:appendix_attack_quantification']})
  10. A New Reward Mechanism: DAG Votes
  11. DAG Votes Made Practical
  12. Related Work
  13. Attacks on Ethereum Consensus
  14. Analogous Attacks on PoW Blockchains
  15. Timing Games
  16. ...and 50 more sections

Key Result

Theorem 4.1

There exists a Nash equilibrium of the simple game in the presence of solo validators, where the attack succeeds.

Figures (8)

  • Figure 1: The simple game in the presence of non-colluding (solo) validators. As the adversary is committed to excluding the non-compliant votes, even when the attack is unsuccessful, non-compliant votes are not rewarded. $W_p$ denotes the proposer boost, equal to 40% of the slot committee size, that puts a temporary weight on new proposals.
  • Figure 2: The extended attack with $p=2$. $B_i$ and $V_i$ represent the block and votes for slot $i$, respectively. The votes and blocks in green are compliant.
  • Figure 3: The DAG votes reward mechanism. $V^t_i$ represents the $i^\text{th}$ vote (by the $i^\text{th}$ attestor) in slot $t$. Vote $V^t_1$ has received signatures from more than half of the slot $t+1$ attestors, i.e., it is timely. Vote $V^t_3$ has not received any signature from slot $t+1$ attestors and is not timely.
  • Figure 4: Compliant blocks and votes in the extended game. The extended game is successful if the chain of blocks $B_{-p+1}, \ldots, B_0$ gets reorged by the chain of empty blocks $B^e_{1}, \ldots, B^e_p$.
  • Figure 5: The payoff of a staking pool $P$ with a total stake share less than $W_\mathsf{p}$ in the simple game. $P$ controls $m$ votes in each slot, where $m \geq 1$. $r$ represents the reward for a single correct and timely vote. Let $C_P$ and $NC_P$ denote the events that the staking pool $P$ votes and does not vote for $B_{t-1}$ (acts compliantly and non-compliantly), respectively. Let $\texttt{Succeed}$ denote the event that less than $W_\mathsf{p}$ slot $t$ attestors vote for $B_t$ (the attack succeeds), and $\texttt{Fail}$ the event that $W_\mathsf{p}$ or more slot $t$ attestors vote for $B_t$ (the attack fails). The green (red) votes are compliant (non-compliant). The green tick and the red cross represent whether a vote receives or does not receive a reward, respectively. As can be seen, $C_P$ (compliance) weakly dominates $NC_P$ (non-compliance).
  • ...and 3 more figures

Theorems & Definitions (22)

  • Definition 4.1: Adversary's Strategy for the Simple Game
  • Theorem 4.1
  • proof : Proof of Theorem \ref{['thm:simple-game-theorem']}
  • Definition 5.1: Adversary's Strategy for the Strong Simple Game
  • Theorem 5.1
  • proof : Proof of Theorem \ref{['thm:strong-simple-game-theorem']}
  • Definition 6.1: Compliance
  • Definition 6.2: Adversary's Strategy for the Extended Game
  • Theorem 6.1
  • Theorem 7.1
  • ...and 12 more