Ethereum Developers Uncover Vulnerability in EIP-1559

Ethereum developers identified a vulnerability in the EIP-1559 proposal that could lead to network congestion, Tim Beiko of the Ethereum Foundation said.

We started with a lot of action as @mhswende identified an issue in EIP-1559 yesterday where the new fields introduced in transactions (maxFee & maxPriorityFee) did not have an explicit cap. This meant that an attacker could create arbitrarily large transactions.

— Tim Beiko | timbeiko.eth 🦇🔊 (@TimBeiko) May 28, 2021

The EIP-1559, introduced in 2018, describes changes to burning part of transaction fees and helps reduce volatility in gas prices. The proposal also allows users to pay miners tips to speed up transaction confirmations.

Developer Martin Holst Svende found that EIP-1559 does not impose any cap on the maximum amount of such payments. This could allow an attacker to introduce an absurdly large sum to overwhelm the network, even if they have no funds to pay.

“Before EIP-1559 this was not possible, because if you want to create a transaction with a huge gas price, you effectively need to hold the specified amount of ETH. If your transaction is included in a block, you will pay that amount,” Beiko explained.

Developers fixed the vulnerability by adding code proposed by Svende. Some clients have already implemented the solution.

Luckily, the fix for this is quite simple, as suggested by Martin here: https://t.co/x3W62DVcsi pic.twitter.com/OhNS6tLqQH

— Tim Beiko | timbeiko.eth 🦇🔊 (@TimBeiko) May 28, 2021

The controversial EIP-1559 has gained support from developers and users, but divided miners into two camps.

Opponents of the proposal, including the mining pools SparkPool and Ethermine, which jointly control 44.8% of the network’s hashrate, sought to concentrate more than 51% of computing power in the latter. However, their attempt failed.

EIP-1559 will become part of the London hard fork, scheduled for July 2021.

In May, developers disclosed information about a vulnerability that allowed a DoS attack on the Ethereum blockchain. The bug was discovered in March 2019, but could only be fixed in April 2021.

Subscribe to ForkLog updates on VK!