Blockchain Amplification Attack

TL;DR

This paper introduces a novel Blockchain Amplification Attack exploiting modified nodes in Ethereum to amplify invalid transactions, posing security risks, and analyzes its feasibility, impact, and mitigation strategies.

Contribution

It identifies and models a new attack vector in Ethereum, empirically measures its effects, and evaluates trade-offs and defenses against this amplification attack.

Findings

Modified nodes can amplify invalid transactions by a factor of 3,600.

The attack can cause economic damages approximately 13,800 times the attack cost.

Aggressive latency reduction in nodes remains profitable despite security risks.

Abstract

Strategies related to the blockchain concept of Extractable Value (MEV/BEV), such as arbitrage, front-, or back-running create strong economic incentives for network nodes to reduce latency. Modified nodes, that minimize transaction validation time and neglect to filter invalid transactions in the Ethereum peer-to-peer (P2P) network, introduce a novel attack vector -- a Blockchain Amplification Attack. An attacker can exploit those modified nodes to amplify invalid transactions thousands of times, posing a security threat to the entire network. To illustrate attack feasibility and practicality in the current Ethereum network ("mainnet"), we 1) identify thousands of similar attacks in the wild, 2) mathematically model the propagation mechanism, 3) empirically measure model parameters from our monitoring nodes, and 4) compare the performance with other existing Denial-of-Service attacks through local simulation. We show that an attacker can amplify network traffic at modified nodes by a factor of 3,600, and cause economic damages of approximately 13,800 times the amount needed to carry out the attack. Despite these risks, aggressive latency reduction may still be profitable enough for various providers to justify the existence of modified nodes. To assess this trade-off, we 1) simulate the transaction validation process in a local network and 2) empirically measure the latency reduction by deploying our modified node in the Ethereum test network ("testnet"). We conclude with a cost-benefit analysis of skipping validation and provide mitigation strategies against the blockchain amplification attack.