Broken Metre: Attacking Resource Metering in EVM

TL;DR

This paper uncovers a new DoS attack on Ethereum's metering system, exploiting inconsistencies and inaccuracies to generate low-throughput contracts, threatening network stability and security.

Contribution

It identifies vulnerabilities in Ethereum's metering, introduces a novel Resource Exhaustion Attack, and proposes potential fixes to enhance security.

Findings

Ethereum metering has significant inconsistencies and inaccuracies.

The attack can slow contract throughput by 200 times.

All major Ethereum clients are vulnerable to this attack.

Abstract

Blockchain systems, such as Ethereum, use an approach called "metering" to assign a cost to smart contract execution, an approach which is designed to incentivise miners to operate the network and protect it against DoS attacks. In the past, the imperfections of Ethereum metering allowed several DoS attacks which were countered through modification of the metering mechanism. This paper presents a new DoS attack on Ethereum which systematically exploits its metering mechanism. We first replay and analyse several months of transactions, during which we discover a number of discrepancies in the metering model, such as significant inconsistencies in the pricing of the instructions. We further demonstrate that there is very little correlation between the execution cost and the utilised resources, such as CPU and memory. Based on these observations, we present a new type of DoS attack we call Resource Exhaustion Attack, which uses these imperfections to generate low-throughput contracts. To do this, we design a genetic algorithm that generates contracts with a throughput on average 200 times slower than typical contracts. We then show that all major Ethereum client implementations are vulnerable and, if running on commodity hardware, would be unable to stay in sync with the network when under attack. We argue that such an attack could be financially attractive not only for Ethereum competitors and speculators, but also for Ethereum miners. Finally, we discuss short-term and potential long-term fixes against such attacks. Our attack has been responsibly disclosed to the Ethereum Foundation and awarded a bug bounty reward of 5,000 USD.