BRC20 Pinning Attack

• URL: http://arxiv.org/abs/2410.11295v2
• Date: Sun, 20 Oct 2024 23:57:21 GMT
• Title: BRC20 Pinning Attack
• Authors: Minfeng Qi, Qin Wang, Zhipeng Wang, Lin Zhong, Tianqing Zhu, Shiping Chen, William Knottenbelt,
• Abstract summary: BRC20 tokens are a type of non-fungible asset on the Bitcoin network. We present the first in-depth analysis of the BRC20 transfer mechanism and identify a critical attack vector.
• Score: 9.2705406817139
• License:
• Abstract: BRC20 tokens are a type of non-fungible asset on the Bitcoin network. They allow users to embed customized content within Bitcoin satoshis. The related token frenzy has reached a market size of US$2,650b over the past year (2023Q3-2024Q3). However, this intuitive design has not undergone serious security scrutiny. We present the first in-depth analysis of the BRC20 transfer mechanism and identify a critical attack vector. A typical BRC20 transfer involves two bundled on-chain transactions with different fee levels: the first (i.e., Tx1) with a lower fee inscribes the transfer request, while the second (i.e., Tx2) with a higher fee finalizes the actual transfer. We find that an adversary can exploit this by sending a manipulated fee transaction (falling between the two fee levels), which allows Tx1 to be processed while Tx2 remains pinned in the mempool. This locks the BRC20 liquidity and disrupts normal transfers for users. We term this BRC20 pinning attack. Our attack exposes an inherent design flaw that can be applied to 90+% inscription-based tokens within the Bitcoin ecosystem. We also conducted the attack on Binance's ORDI hot wallet (the most prevalent BRC20 token and the most active wallet), resulting in a temporary suspension of ORDI withdrawals on Binance for 3.5 hours, which were shortly resumed after our communication.

Related papers

• BRC20 Snipping Attack [8.870539952629356]
  We introduce and implement BRC20 sniping attack. Our attack manipulates the BRC20 token transfers in open markets and disrupts the fairness among bidding participants.
  arXiv  Detail & Related papers  (2025-01-21T07:38:08Z)
• Zaptos: Towards Optimal Blockchain Latency [52.30047458198369]
  We introduce Zaptos, a parallel pipelined architecture designed to minimize end-to-end latency. Zaptos achieves a throughput of 20,000 transactions per second with sub-second latency.
  arXiv  Detail & Related papers  (2025-01-18T00:22:22Z)
• XChainWatcher: Monitoring and Identifying Attacks in Cross-Chain Bridges [3.893704673350463]
  We propose XChainWatcher, the first mechanism for monitoring bridges and detecting attacks against them. XChainWatcher relies on a cross-chain model powered by a Datalog engine, designed to be pluggable into any cross-chain bridge. We provide the first open-source dataset of 81,000 cctxs across three blockchains, capturing more than $4.2B in token transfers.
  arXiv  Detail & Related papers  (2024-10-02T20:49:24Z)
• Not All Prompts Are Secure: A Switchable Backdoor Attack Against Pre-trained Vision Transformers [51.0477382050976]
  An extra prompt token, called the switch token in this work, can turn the backdoor mode on, converting a benign model into a backdoored one. To attack a pre-trained model, our proposed attack, named SWARM, learns a trigger and prompt tokens including a switch token. Experiments on diverse visual recognition tasks confirm the success of our switchable backdoor attack, achieving 95%+ attack success rate.
  arXiv  Detail & Related papers  (2024-05-17T08:19:48Z)
• R-Pool and Settlement Markets for Recoverable ERC-20R Tokens [14.112164089246571]
  ERC-20R supports asset recovery within a limited time window after an asset is transferred. When an honest recipient receives an ERC-20R asset, they must wait until the recovery windows elapses. We explore how to design a pool to exchange an unsettled ERC-20R asset for a base ERC-20 of the same asset.
  arXiv  Detail & Related papers  (2023-12-22T02:00:23Z)
• Bridging BRC-20 to Ethereum [3.2763090690491343]
  We design, implement, and evaluate a lightweight bridge to connect the Bitcoin and networks that were heterogeneously uncontactable before. Inspired by the recently introduced Bitcoin Request Comment (BRC-20) standard, we leverage the flexibility of Bitcoin inscriptions by embedding editable operations within each satoshi. A user can initialize his/her requests from the Bitcoin network, subsequently triggering corresponding actions on the network.
  arXiv  Detail & Related papers  (2023-10-16T04:58:17Z)
• BRC-20: Hope or Hype [2.3909240294391236]
  BRC-20 (short for Bitcoin Request for Comment 20) token mania was a key storyline in the middle of 2023. We pioneer the exploration of this concept, covering its intricate mechanisms, features, and state-of-the-art applications.
  arXiv  Detail & Related papers  (2023-08-31T02:59:52Z)
• Bitcoin-Enhanced Proof-of-Stake Security: Possibilities and Impossibilities [45.90740335615872]
  Bitcoin is the most secure blockchain in the world, supported by the immense hash power of its Proof-of-Work miners. Proof-of-Stake chains are energy-efficient, have fast finality but face several security issues. We show that these security issues are inherent in any PoS chain without an external trusted source. We propose a new protocol, Babylon, where an off-the-shelf PoS protocol checkpoints onto Bitcoin to resolve these issues.
  arXiv  Detail & Related papers  (2022-07-18T06:01:25Z)
• Token Spammers, Rug Pulls, and SniperBots: An Analysis of the Ecosystem of Tokens in Ethereum and in the Binance Smart Chain (BNB) [50.888293380932616]
  We study the ecosystem of the tokens and liquidity pools. We find that about 60% of tokens are active for less than one day. We estimate that 1-day rug pulls generated $240 million in profits.
  arXiv  Detail & Related papers  (2022-06-16T14:20:19Z)
• Investigating Top-$k$ White-Box and Transferable Black-box Attack [75.13902066331356]
  We show that stronger attack actually transfers better for the general top-$k$ ASR indicated by the interest class rank (ICR) after attack. We propose a new normalized CE loss that guides the logit to be updated in the direction of implicitly maximizing its rank distance from the ground-truth class.
  arXiv  Detail & Related papers  (2022-03-30T15:02:27Z)
• Quantum Multi-Solution Bernoulli Search with Applications to Bitcoin's Post-Quantum Security [67.06003361150228]
  A proof of work (PoW) is an important cryptographic construct enabling a party to convince others that they invested some effort in solving a computational task. In this work, we examine the hardness of finding such chain of PoWs against quantum strategies. We prove that the chain of PoWs problem reduces to a problem we call multi-solution Bernoulli search, for which we establish its quantum query complexity.
  arXiv  Detail & Related papers  (2020-12-30T18:03:56Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.