Commitment Attacks on Ethereum's Reward Mechanism

TL;DR

This paper identifies commitment attacks on Ethereum's consensus mechanism that exploit reward incentives to manipulate chain reorganization, and proposes a new reward system to mitigate these vulnerabilities.

Contribution

The paper reveals specific commitment attacks on Ethereum's LMD GHOST protocol and introduces a novel reward mechanism to enhance security and decentralization.

Findings

Single adversarial proposer can orchestrate long-range reorganizations.

Attacks manipulate reward incentives to coerce voters.

Proposed reward mechanism mitigates attacks and improves fairness.

Abstract

Validators in permissionless, large-scale blockchains, such as Ethereum, are typically payoff-maximizing, rational actors. Ethereum relies on in-protocol incentives, like rewards for correct and timely votes, to induce honest behavior and secure the blockchain. However, external incentives, such as the block proposer's opportunity to capture maximal extractable value (MEV), may tempt validators to deviate from honest protocol participation. We show a series of commitment attacks on LMD GHOST, a core part of Ethereum's consensus mechanism. We demonstrate how a single adversarial block proposer can orchestrate long-range chain reorganizations by manipulating Ethereum's reward system for timely votes. These attacks disrupt the intended balance of power between proposers and voters: by leveraging credible threats, the adversarial proposer can coerce voters from previous slots into supporting blocks that conflict with the honest chain, enabling a chain reorganization. In response, we introduce a novel reward mechanism that restores the voters' role as a check against proposer power. Our proposed mitigation is fairer and more decentralized, not only in the context of these attacks, but also practical for implementation in Ethereum.