TL;DR
This paper introduces Nurgle, a novel DoS attack targeting blockchain state storage based on Merkle Patricia Trie, which significantly degrades performance and increases resource consumption, confirmed by real-world blockchain vulnerabilities.
Contribution
The paper uncovers a new attack surface in blockchain state storage and presents Nurgle, the first DoS attack exploiting this, with comprehensive evaluation and mitigation strategies.
Findings
Nurgle causes substantial resource exhaustion in blockchain state storage.
The attack has been confirmed by six mainstream blockchains.
Mitigations can effectively reduce the impact of Nurgle.
Abstract
Blockchains, with intricate architectures, encompass various components, e.g., consensus network, smart contracts, decentralized applications, and auxiliary services. While offering numerous advantages, these components expose various attack surfaces, leading to severe threats to blockchains. In this study, we unveil a novel attack surface, i.e., the state storage, in blockchains. The state storage, based on the Merkle Patricia Trie, plays a crucial role in maintaining blockchain state. Besides, we design Nurgle, the first Denial-of-Service attack targeting the state storage. By proliferating intermediate nodes within the state storage, Nurgle forces blockchains to expend additional resources on state maintenance and verification, impairing their performance. We conduct a comprehensive and systematic evaluation of Nurgle, including the factors affecting it, its impact on blockchains,…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
