Frontrunning Block Attack in PoA Clique: A Case Study

TL;DR

This paper identifies a frontrunning attack on Clique-based PoA blockchains, demonstrating how malicious actors can manipulate leader selection to produce advantageous blocks, with experimental validation and proposed fixes.

Contribution

It introduces a novel frontrunning attack on Clique PoA algorithms, showing how falsifying priority parameters can compromise blockchain fairness and proposing effective countermeasures.

Findings

Attack successfully manipulates leader selection in Clique PoA.

Experimental validation on HPB blockchain confirms attack feasibility.

Proposed fixes improve identity verification and security.

Abstract

As a fundamental technology of decentralized finance (DeFi), blockchain's ability to maintain a distributed fair ledger is threatened by manipulation of block/transaction order. In this paper, we propose a frontrunning block attack against the Clique-based Proof of Authority (PoA) algorithms. Our attack can frontrun blocks from honest in-turn sealers by breaking the proper order of leader selection. By falsifying the priority parameters (both \textit{difficulty} and \textit{delay time}), a malicious out-of-turn sealer can always successfully occupy the leader position and produce advantageous blocks that may contain profitable transactions. As a typical instance, we apply our attack to a mature Clique-engined project, HPB (\$3,058,901, as of April 2022). Experimental results demonstrate the effectiveness and feasibility. Then, we further recommend fixes that make identity checks effective. Our investigation and suggestion have been submitted to its official team and got their approval. We believe this work can act as, at least, a warning case for Clique variants to avoid repeating these design mistakes.