Paper Info
Title
DETER: Denial of Ethereum Txpool sERvices
Abstract
ABSTRACTOn an Ethereum node, txpool (a.k.a. mempool) is a buffer storing unconfirmed transactions and controls what downstream services can see, such as mining and transaction propagation. This work presents the first security study on Ethereum txpool designs. We discover flawed transaction handling in all known Ethereum clients (e.g., Geth), and by exploiting it, design a series of low-cost denial-of-service attacks named DETER. A DETER attacker can disable a remote Ethereum node's txpool and deny the critical downstream services in mining, transaction propagation, Gas station, etc. By design, DETER attacks incur zero or low Ether cost. The attack can be amplified to cause global disruption to an Ethereum network by targeting centralized network services there (e.g., mining pools and transaction relay services). By evaluating local nodes, we verify the effectiveness and low cost of DETER attacks on all known Ethereum clients and in major testnets. We design non-trivial measurement methods against blackbox mainnet nodes and conduct light probes to confirm that popular mainnet services are exploitable under DETER attacks. We propose mitigation schemes that reduce a DETER attack's success rate down to zero while preserving the miners' revenue.
Year
DOI
Venue
2021
10.1145/3460120.3485369
Computer and Communications Security
Keywords
DocType
Citations 
Blockchains, Ethereum, Mempool/Txpool, Design flaws, Unconfirmed transactions
Conference
0
PageRank 
References 
Authors
0.34
0
3
Name
Order
Citations
PageRank
Kai Li113.06
Yibo Wang211.71
Yuzhe Tang314721.06