On the Effectiveness of Mempool-based Transaction Auditing

TL;DR

This paper evaluates mempool-based transaction auditing in major blockchains, revealing its limitations in accurately detecting malicious activities but also its potential to reliably audit certain transaction pairs under specific conditions.

Contribution

It provides the first detailed analysis of mempool auditing effectiveness against censorship and manipulation in Bitcoin and Ethereum.

Findings

Mempool auditing can mis-accuse miners with over 25% probability in some scenarios.

It can reliably audit two transactions with 99.9% probability if they are received consistently and spaced by at least 30 seconds.

Batch-order fair-ordering schemes offer limited fairness guarantees for only a subset of transactions.

Abstract

While the literature features a number of proposals to defend against transaction manipulation attacks, existing proposals are still not integrated within large blockchains, such as Bitcoin, Ethereum, and Cardano. Instead, the user community opted to rely on more practical but ad-hoc solutions (such as Mempool.space) that aim at detecting censorship and transaction displacement attacks by auditing discrepancies in the mempools of so-called observers. In this paper, we precisely analyze, for the first time, the interplay between mempool auditing and the ability to detect censorship and transaction displacement attacks by malicious miners in Bitcoin and Ethereum. Our analysis shows that mempool auditing can result in mis-accusations against miners with a probability larger than 25% in some settings. On a positive note, however, we show that mempool auditing schemes can successfully audit the execution of any two transactions (with an overwhelming probability of 99.9%) if they are consistently received by all observers and sent at least 30 seconds apart from each other. As a direct consequence, our findings show, for the first time, that batch-order fair-ordering schemes can offer only strong fairness guarantees for a limited subset of transactions in real-world deployments.