Push and Pull: Manipulating a Production Schedule and Maximizing Rewards on the EOSIO Blockchain

Proceedings of the Third ACM Workshop on Blockchains, Cryptocurrencies and Contracts Pub Date : 2019-07-02 DOI:10.1145/3327959.3329538

Dongsoo Lee, Dong Hoon Lee

{"title":"Push and Pull: Manipulating a Production Schedule and Maximizing Rewards on the EOSIO Blockchain","authors":"Dongsoo Lee, Dong Hoon Lee","doi":"10.1145/3327959.3329538","DOIUrl":null,"url":null,"abstract":"EOSIO is a blockchain platform utilizing a byzantine-fault-tolerance delegated-proof-of-stake (BFT-DPOS) consensus protocol to guarantee scalability. In EOSIO, a group of representatives called block producers (BPs) is elected by voting through a certain period, and is scheduled in an order to produce blocks. And new tokens are given to BPs every time they produce a block as a notion of reward. In this paper, we show that an attacker can disturb fairness of compensation policy by manipulating the production schedule of EOSIO. Such manipulation is possible through an attacker who has enough tokens to abuse the election process. In order to demonstrate the feasibility and the capability of our attack, we created a tool following EOSIO's voting and irreversible block generation procedure. Our simulation shows that an attacker can provide additional rewards or loss up to 3 BPs. Finally, we discuss the applicability of our attack against the real EOSIO mainnet, and at the same time, propose some countermeasures to prevent it.","PeriodicalId":302776,"journal":{"name":"Proceedings of the Third ACM Workshop on Blockchains, Cryptocurrencies and Contracts","volume":"40 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Third ACM Workshop on Blockchains, Cryptocurrencies and Contracts","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3327959.3329538","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

Abstract

EOSIO is a blockchain platform utilizing a byzantine-fault-tolerance delegated-proof-of-stake (BFT-DPOS) consensus protocol to guarantee scalability. In EOSIO, a group of representatives called block producers (BPs) is elected by voting through a certain period, and is scheduled in an order to produce blocks. And new tokens are given to BPs every time they produce a block as a notion of reward. In this paper, we show that an attacker can disturb fairness of compensation policy by manipulating the production schedule of EOSIO. Such manipulation is possible through an attacker who has enough tokens to abuse the election process. In order to demonstrate the feasibility and the capability of our attack, we created a tool following EOSIO's voting and irreversible block generation procedure. Our simulation shows that an attacker can provide additional rewards or loss up to 3 BPs. Finally, we discuss the applicability of our attack against the real EOSIO mainnet, and at the same time, propose some countermeasures to prevent it.

查看原文本刊更多论文

推与拉:在EOSIO平台上操纵生产计划和最大化奖励

EOSIO是一个区块链平台，利用拜占庭容错委托权益证明(BFT-DPOS)共识协议来保证可扩展性。在EOSIO中，一组被称为区块生产者(bp)的代表通过一段时间的投票选出，并按顺序安排生产区块。bp们每次生产出一个区块，就会获得新的代币作为奖励。在本文中，我们证明了攻击者可以通过操纵EOSIO的生产进度来扰乱补偿策略的公平性。如果攻击者拥有足够的令牌来滥用选举过程，就有可能进行这种操纵。为了证明我们攻击的可行性和能力，我们创建了一个遵循EOSIO投票和不可逆块生成程序的工具。我们的模拟表明，攻击者可以提供额外的奖励或损失高达3个bp。最后，我们讨论了我们的攻击对真实EOSIO主网的适用性，同时提出了一些防范措施。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the Third ACM Workshop on Blockchains, Cryptocurrencies and Contracts

自引率

0.00%

发文量