One Bad Apple Spoils the Bunch: Transaction DoS in MimbleWimble Blockchains

TL;DR

This paper reveals a new denial-of-service vulnerability in MimbleWimble blockchain systems caused by the combination of transaction relay and aggregation protocols, demonstrating that controlling 10% of nodes can significantly disrupt transactions.

Contribution

The paper identifies and evaluates a novel DoS attack specific to MimbleWimble, providing insights into its impact and potential mitigation strategies.

Findings

Controlling 10% of nodes can block over 45% of transactions.

The attack exploits the combination of Dandelion++ relay and aggregation.

Mitigation approaches are discussed for this vulnerability.

Abstract

As adoption of blockchain-based systems grows, more attention is being given to privacy of these systems. Early systems like BitCoin provided few privacy features. As a result, systems with strong privacy guarantees, including Monero, Zcash, and MimbleWimble have been developed. Compared to BitCoin, these cryptocurrencies are much less understood. In this paper, we focus on MimbleWimble, which uses the Dandelion++ protocol for private transaction relay and transaction aggregation to provide transaction content privacy. We find that in combination these two features make MimbleWimble susceptible to a new type of denial-of-service attacks. We design, prototype, and evaluate this attack on the Beam network using a private test network and a network simulator. We find that by controlling only 10% of the network nodes, the adversary can prevent over 45% of all transactions from ending up in the blockchain. We also discuss several potential approaches for mitigating this attack.