Exploring Unfairness on Proof of Authority: Order Manipulation Attacks and Remedies

TL;DR

This paper investigates fairness issues in Proof of Authority (PoA) consensus algorithms, demonstrating order manipulation attacks on real-world projects and proposing remedies to address potential unfairness and market impact.

Contribution

It is the first study to explore and identify order manipulation attacks in PoA systems, analyzing their scope and proposing fixes based on source code analysis.

Findings

Order manipulation attacks can compromise fairness in PoA networks.

Potential market impact of affected PoA projects exceeds $680 billion USD.

Proposed remedies aim to mitigate fairness issues in PoA implementations.

Abstract

Proof of Authority (PoA) is a type of permissioned consensus algorithm with a fixed committee. PoA has been widely adopted by communities and industries due to its better performance and faster finality. In this paper, we explore the \textit{unfairness} issue existing in the current PoA implementations. We have investigated 2,500+ \textit{in the wild} projects and selected 10+ as our main focus (covering Ethereum, Binance smart chain, etc.). We have identified two types of order manipulation attacks to separately break the transaction-level (a.k.a. transaction ordering) and the block-level (sealer position ordering) fairness. Both of them merely rely on honest-but-\textit{profitable} sealer assumption without modifying original settings. We launch these attacks on the forked branches under an isolated environment and carefully evaluate the attacking scope towards different implementations. To date (as of Nov 2021), the potentially affected PoA market cap can reach up to $681,087$ million USD. Besides, we further dive into the source code of selected projects, and accordingly, propose our recommendation for the fix. To the best of knowledge, this work provides the first exploration of the \textit{unfairness} issue in PoA algorithms.