Balancing incentives in committee-based blockchains

TL;DR

This paper presents a framework to quantify and analyze denial of profit attacks in committee-based blockchains, revealing imbalances in existing reward mechanisms and proposing improvements for better security.

Contribution

It introduces a game-theoretic framework to measure attacker costs and victim losses, analyzing real-world blockchain reward mechanisms for balance and security.

Findings

Cosmos rewards can incentivize harmful attacks.

Ethereum's reward system offers stronger protections but is still incomplete.

Adjusting parameters can improve attack balance and system security.

Abstract

Blockchain protocols incentivize participation through monetary rewards, assuming rational actors behave honestly to maximize their gains. However, attackers may attempt to harm others even at personal cost. These denial of profit attacks aim to reduce the rewards of honest participants, potentially forcing them out of the system. While existing work has largely focused on the profitability of attacks, they often neglect the potential harm inflicted on the victim, which can be significant even when the attacker gains little or nothing. This paper introduces a framework to quantify denial of profit attacks by measuring both attacker cost and victim loss. We model these attacks as a game and introduce relevant metrics to quantify these attacks. We then focus on committee-based blockchains and model vote collection as a game. We show that in the vote collection game, disincentivizing one denial of profit attack will make another attack more appealing, and therefore, attacks have to be balanced. We apply our framework to analyze real-world reward mechanisms in Ethereum and Cosmos. Our framework reveals imbalances in Cosmos that can make correct behavior suboptimal in practice. While Ethereum provides stronger protections, our framework shows that it is also not complete, and we propose alternative parameter settings to improve the balance between attacks. Our findings highlight the need for better-balanced reward designs to defend against denial of profit attacks.