Nurgle: Exacerbating Resource Consumption in Blockchain State Storage via MPT Manipulation

• URL: http://arxiv.org/abs/2406.10687v1
• Date: Sat, 15 Jun 2024 16:47:39 GMT
• Title: Nurgle: Exacerbating Resource Consumption in Blockchain State Storage via MPT Manipulation
• Authors: Zheyuan He, Zihao Li, Ao Qiao, Xiapu Luo, Xiaosong Zhang, Ting Chen, Shuwei Song, Dijun Liu, Weina Niu,
• Abstract summary: We unveil a novel attack surface, i.e., the state storage, in blockchains. Nurgle is the first Denial-of-Service attack targeting the state storage. Nurgle forces blockchains to expend additional resources on state maintenance and verification, impairing their performance.
• Score: 27.384225875585805
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Blockchains, with intricate architectures, encompass various components, e.g., consensus network, smart contracts, decentralized applications, and auxiliary services. While offering numerous advantages, these components expose various attack surfaces, leading to severe threats to blockchains. In this study, we unveil a novel attack surface, i.e., the state storage, in blockchains. The state storage, based on the Merkle Patricia Trie, plays a crucial role in maintaining blockchain state. Besides, we design Nurgle, the first Denial-of-Service attack targeting the state storage. By proliferating intermediate nodes within the state storage, Nurgle forces blockchains to expend additional resources on state maintenance and verification, impairing their performance. We conduct a comprehensive and systematic evaluation of Nurgle, including the factors affecting it, its impact on blockchains, its financial cost, and practically demonstrating the resulting damage to blockchains. The implications of Nurgle extend beyond the performance degradation of blockchains, potentially reducing trust in them and the value of their cryptocurrencies. Additionally, we further discuss three feasible mitigations against Nurgle. At the time of writing, the vulnerability exploited by Nurgle has been confirmed by six mainstream blockchains, and we received thousands of USD bounty from them.

Related papers

• Towards the Blockchain Massive Adoption with Permissionless Storage [0.0]
  In my thesis, new approaches are applied to solve the issues above. The key contribution is the discovery of the useful PoW. Based on this theory, a permissionless storage network is proposed as the new security engine for the blockchain.
  arXiv  Detail & Related papers  (2024-07-25T04:28:52Z)
• The Latency Price of Threshold Cryptosystem in Blockchains [52.359230560289745]
  We study the interplay between threshold cryptography and a class of blockchains that use Byzantine-fault tolerant (BFT) consensus protocols. Existing approaches for threshold cryptosystems introduce a latency overhead of at least one message delay for running the threshold cryptographic protocol. We propose a mechanism to eliminate this overhead for blockchain-native threshold cryptosystems with tight thresholds.
  arXiv  Detail & Related papers  (2024-07-16T20:53:04Z)
• Aegis: A Decentralized Expansion Blockchain [9.499962065972483]
  We present Aegis, an expansion chain based on primary-chain stake, assuming a bounded primary-chain write time. Aegis uses references from Aegis blocks to primary blocks to define committees, checkpoints on the primary chain to perpetuate decisions, and resets on the primary chain to establish a new committee if the previous one becomes obsolete.
  arXiv  Detail & Related papers  (2024-06-09T19:53:48Z)
• SoK: Public Blockchain Sharding [19.82054462793622]
  This study provides a systemization of knowledge of public blockchain sharding. It includes the core components of sharding systems, challenges, limitations, and mechanisms of the latest sharding protocols.
  arXiv  Detail & Related papers  (2024-05-30T22:38:40Z)
• Enhancing Trust and Privacy in Distributed Networks: A Comprehensive Survey on Blockchain-based Federated Learning [51.13534069758711]
  Decentralized approaches like blockchain offer a compelling solution by implementing a consensus mechanism among multiple entities. Federated Learning (FL) enables participants to collaboratively train models while safeguarding data privacy. This paper investigates the synergy between blockchain's security features and FL's privacy-preserving model training capabilities.
  arXiv  Detail & Related papers  (2024-03-28T07:08:26Z)
• Generative AI-enabled Blockchain Networks: Fundamentals, Applications, and Case Study [73.87110604150315]
  Generative Artificial Intelligence (GAI) has emerged as a promising solution to address challenges of blockchain technology. In this paper, we first introduce GAI techniques, outline their applications, and discuss existing solutions for integrating GAI into blockchains.
  arXiv  Detail & Related papers  (2024-01-28T10:46:17Z)
• Token Spammers, Rug Pulls, and SniperBots: An Analysis of the Ecosystem of Tokens in Ethereum and the Binance Smart Chain (BNB) [50.888293380932616]
  We study the ecosystem of the tokens and liquidity pools, highlighting analogies and differences between the two blockchains. We estimate the lifetime of the tokens, discovering that about 60% of them are active for less than one day. We present an exit scam fraud and quantify its prevalence on both blockchains.
  arXiv  Detail & Related papers  (2022-06-16T14:20:19Z)
• Analysis of Arbitrary Content on Blockchain-Based Systems using BigQuery [0.0]
  We develop and apply a cloud-based approach for quickly discovering and classifying content on public blockchains. Our method can be adapted to different blockchain systems and offers insights into content-related usage patterns and potential cases of abuse. To the best of our knowledge, the presented study is the first to systematically analyze non-financial content stored on the blockchain.
  arXiv  Detail & Related papers  (2022-03-17T15:12:38Z)
• Quantum-resistance in blockchain networks [46.63333997460008]
  This paper describes the work carried out by the Inter-American Development Bank, the IDB Lab, LACChain, Quantum Computing (CQC), and Tecnologico de Monterrey to identify and eliminate quantum threats in blockchain networks. The advent of quantum computing threatens internet protocols and blockchain networks because they utilize non-quantum resistant cryptographic algorithms.
  arXiv  Detail & Related papers  (2021-06-11T23:39:25Z)
• Selective Deletion in a Blockchain [0.0]
  We present the first concept for the selective deletion of single entries in a blockchain. The general consensus algorithm is extended by the functionality of regularly creating summary blocks. With a shifting marker of the Genesis Block, data can be deleted from the beginning of a blockchain.
  arXiv  Detail & Related papers  (2021-01-14T08:06:37Z)
• Quantum Multi-Solution Bernoulli Search with Applications to Bitcoin's Post-Quantum Security [67.06003361150228]
  A proof of work (PoW) is an important cryptographic construct enabling a party to convince others that they invested some effort in solving a computational task. In this work, we examine the hardness of finding such chain of PoWs against quantum strategies. We prove that the chain of PoWs problem reduces to a problem we call multi-solution Bernoulli search, for which we establish its quantum query complexity.
  arXiv  Detail & Related papers  (2020-12-30T18:03:56Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.