With the transition to Ethereum 2.0, blockchain reorganisations intended to front-run profitable trades by users in DeFi protocols will prove difficult. The evidence was presented by Vitalik Buterin, co-founder of the second-largest cryptocurrency, in partnership with Paradigm partner Georgios Konstantopoulos.
During the last few weeks there has been a lot of discussion around the possibility of miners running custom software that accepts bribes to reorg the chain.@gakonst and I explain how this will become harder after the proof of stake merge:https://t.co/ghwikceVBr
— vitalik.eth (@VitalikButerin) July 20, 2021
In a new paper, Buterin responded to the discussion surrounding the emergence of a modified Ethereum client. Its developers are reportedly considering the possibility of ‘bribes’ to alter the history in the last few blocks.
At present, Ethereum relies on the Nakamoto consensus, in which the rule of the longest chain applies. It posits that a client should prefer the version of the block sequence with the greatest total difficulty.
Buterin illustrated, schematically, a reorganisation of two blocks — chain 2b3c with a total difficulty of 320 ultimately became the main chain, while on competing chains 2a3a (difficulty 300) and 2a3b (310) miners managed to create two additional blocks.
The founder explained that such short reorganisations do not pose a threat and occur from time to time due to delays. If two miners find a block simultaneously and broadcast it to the network, one portion will see one version of the blockchain first, the other the other.
If the two chains have equal difficulty to resolve the situation, a third miner, in arbitrary order, adds their block to one of the chains, which then becomes the main chain. In adverse conditions, reorganisations of two to five blocks can occur, but large reorganisations are almost always the result of a network fault, client bugs, or malicious attacks, Buterin explained.
Short reorganisations may increase costs for node operators, degrade user experience, increase uncertainty in transaction finality, and to some extent raise vulnerability to a a 51% attack. However they are not fatal if they do not occur with worrying frequency, Buterin said.
Frequent reorganisations create an incentive for miners to add blocks to the competing rather than the broadly recognised or canonical chain within the framework of the Maximal Extracted Value (MEV) arbitrage strategy.
In the illustration below, three miners, instead of extending chain 2a, proposed alternative options. Buterin characterised such behaviour as ‘short-sightedly rational’.
In the long run, it undermines users’ trust in the network and in the miners themselves, which outweighs any potential short-term profit.
Unlike Nakamoto consensus, Ethereum 2.0 uses the fork-choice rule LMD-GHOST. It divides participants into two categories: proposers and attesters. The former propose a block, and the latter vote on which continuation of the canonical network they deem correct. The votes of the attestations are called attestations, and they confer “weight” to a block.
Every 12 seconds in Ethereum 2.0 a new slot is created, giving the right to propose a new block. For each slot a pseudo-random algorithm selects about 1/32 of the validators, one of whom becomes the proposer, and the rest — the attesters. In such a system a potential attacker would have negligible chances of concentrating the dominant portion of validators in a single slot.
“Today the Beacon Chain has 196,000 validators. In other words, for each slot 6,125 are selected. As a result, reorganising even a single block would be very difficult. An attacker controlling only a few validators would not be able to defeat the honest majority of thousands of attestators,”, — Buterin explained.
197,951 with 6,349,634 ETH deposited. (12.5B @ 1983 USD, 5.4% of ETH supply)
Active Validators: 195,508
Queue: 2,443
Daily new validators (7d avg): ~400— The # of ETH2 Validators are: 🦇🔊 (@eth2validators) July 18, 2021
To perform a direct reorganisation, the attacker would effectively need to control at least half of all validators, added the Ethereum co-founder. Deploying software for reorganisation is useless unless a very large number of other validators are using it simultaneously.
Long reorgs become effectively impossible also because all blocks deeper than two epochs are considered “finalised”. In other words, technically the transaction history cannot be changed beyond them.
In a hypothetical scenario where an attacker succeeds in issuing two finalised conflicting blocks (requiring control of 67% of all ETH staked), the system would require a “public intervention” to revert to the original state.
Buterin concluded that the most effective response to potential miner reorganisations will be to accelerate the transition to Ethereum 2.0.
He acknowledged that a rushed merge between the existing network and the new one would entail additional risks. The commitment to implement it under any circumstances would deprive miners of incentives to follow such a path.
According to the Ethereum co-founder, the time to the merge represents the greatest risk. The reason is that miners still control the blockchain, but their time horizons are shortening. As the merge approaches, the difficulty, cost and risks of an immediate merge also decline, Buterin added.
“A merge emergency a few months before the planned date would be highly disruptive. If it happened two weeks before the scheduled date, it would simply require setting the appropriate parameters in the clients, as validators would have downloaded them by then,” — he concluded.
As of June 1, users sent over 5 million ETH to the Ethereum 2.0 deposit contract. By July 18 the figure had reached 6.36 million ETH (5.44% of the market supply of the second-largest cryptocurrency).
In March the Ethermine pool launched in beta software for implementing the Maximal Extracted Value arbitrage strategy to support revenues after EIP-1559, which will be activated after the London hard fork presumably on August 4.
Subscribe to ForkLog’s channel on YouTube!