Taro Tsuchiya
@tarotsuchiya.bsky.social
Ph.D. Student at Carnegie Mellon. Cylab Studying computer security & online crime.
https://taro-tsuchiya.github.io/
https://taro-tsuchiya.github.io/
7/
Finally, we estimated the time saved by skipping validations, from both the local simulations and 14 weeks of testnet measurement. Although processing time can be reduced by a few milliseconds, the marginal latency benefits may not necessarily justify the potential damage from the attack.
Finally, we estimated the time saved by skipping validations, from both the local simulations and 14 weeks of testnet measurement. Although processing time can be reduced by a few milliseconds, the marginal latency benefits may not necessarily justify the potential damage from the attack.
June 9, 2025 at 9:04 PM
7/
Finally, we estimated the time saved by skipping validations, from both the local simulations and 14 weeks of testnet measurement. Although processing time can be reduced by a few milliseconds, the marginal latency benefits may not necessarily justify the potential damage from the attack.
Finally, we estimated the time saved by skipping validations, from both the local simulations and 14 weeks of testnet measurement. Although processing time can be reduced by a few milliseconds, the marginal latency benefits may not necessarily justify the potential damage from the attack.
6/
Furthermore, we conducted attack simulations in a local network and confirmed that our proposed attack can evict as many honest transactions from both the mempool and the block as other DoS attacks, but at significantly lower costs.
Furthermore, we conducted attack simulations in a local network and confirmed that our proposed attack can evict as many honest transactions from both the mempool and the block as other DoS attacks, but at significantly lower costs.
June 9, 2025 at 9:04 PM
6/
Furthermore, we conducted attack simulations in a local network and confirmed that our proposed attack can evict as many honest transactions from both the mempool and the block as other DoS attacks, but at significantly lower costs.
Furthermore, we conducted attack simulations in a local network and confirmed that our proposed attack can evict as many honest transactions from both the mempool and the block as other DoS attacks, but at significantly lower costs.
5/
Based on our mathematical modeling and measurements, we showed that the attacker can amplify the invalid transaction at modified nodes by a factor of at least 3,600, causing economic damage that is 13,800x (!) the amount needed to carry out the attack.
Based on our mathematical modeling and measurements, we showed that the attacker can amplify the invalid transaction at modified nodes by a factor of at least 3,600, causing economic damage that is 13,800x (!) the amount needed to carry out the attack.
June 9, 2025 at 9:04 PM
5/
Based on our mathematical modeling and measurements, we showed that the attacker can amplify the invalid transaction at modified nodes by a factor of at least 3,600, causing economic damage that is 13,800x (!) the amount needed to carry out the attack.
Based on our mathematical modeling and measurements, we showed that the attacker can amplify the invalid transaction at modified nodes by a factor of at least 3,600, causing economic damage that is 13,800x (!) the amount needed to carry out the attack.
4/
To accurately estimate the attack impact on the network, we developed a new cost-effective and ethical method for inferring the network topology. To implement it, we designed two customized monitoring nodes to scan network activity, resulting in 2.5 billion observations.
To accurately estimate the attack impact on the network, we developed a new cost-effective and ethical method for inferring the network topology. To implement it, we designed two customized monitoring nodes to scan network activity, resulting in 2.5 billion observations.
June 9, 2025 at 9:04 PM
4/
To accurately estimate the attack impact on the network, we developed a new cost-effective and ethical method for inferring the network topology. To implement it, we designed two customized monitoring nodes to scan network activity, resulting in 2.5 billion observations.
To accurately estimate the attack impact on the network, we developed a new cost-effective and ethical method for inferring the network topology. To implement it, we designed two customized monitoring nodes to scan network activity, resulting in 2.5 billion observations.
3/
We first found that some relay services forward transactions significantly faster than others, but propagate invalid ones, suggesting a lack of proper validation checks. Indeed, we observed that attackers already target these services in the wild, flooding them with invalid transactions.
We first found that some relay services forward transactions significantly faster than others, but propagate invalid ones, suggesting a lack of proper validation checks. Indeed, we observed that attackers already target these services in the wild, flooding them with invalid transactions.
June 9, 2025 at 9:04 PM
3/
We first found that some relay services forward transactions significantly faster than others, but propagate invalid ones, suggesting a lack of proper validation checks. Indeed, we observed that attackers already target these services in the wild, flooding them with invalid transactions.
We first found that some relay services forward transactions significantly faster than others, but propagate invalid ones, suggesting a lack of proper validation checks. Indeed, we observed that attackers already target these services in the wild, flooding them with invalid transactions.
2/
We proposed a Blockchain Amplification Attack where attackers use those nodes to amplify an invalid transaction thousands of times to the entire network. Do latency benefits justify the security risks? We used mathematical modeling, large-scale network measurement, and simulations to find out.
We proposed a Blockchain Amplification Attack where attackers use those nodes to amplify an invalid transaction thousands of times to the entire network. Do latency benefits justify the security risks? We used mathematical modeling, large-scale network measurement, and simulations to find out.
June 9, 2025 at 9:04 PM
2/
We proposed a Blockchain Amplification Attack where attackers use those nodes to amplify an invalid transaction thousands of times to the entire network. Do latency benefits justify the security risks? We used mathematical modeling, large-scale network measurement, and simulations to find out.
We proposed a Blockchain Amplification Attack where attackers use those nodes to amplify an invalid transaction thousands of times to the entire network. Do latency benefits justify the security risks? We used mathematical modeling, large-scale network measurement, and simulations to find out.
1/
Latency matters in the Ethereum P2P network due to economic incentives such as arbitrage and front-running. Here, blockchain network nodes face a dilemma: skip transaction validations for lower latency and higher profits, but risk accepting floods of invalid transactions from attackers.
Latency matters in the Ethereum P2P network due to economic incentives such as arbitrage and front-running. Here, blockchain network nodes face a dilemma: skip transaction validations for lower latency and higher profits, but risk accepting floods of invalid transactions from attackers.
June 9, 2025 at 9:04 PM
1/
Latency matters in the Ethereum P2P network due to economic incentives such as arbitrage and front-running. Here, blockchain network nodes face a dilemma: skip transaction validations for lower latency and higher profits, but risk accepting floods of invalid transactions from attackers.
Latency matters in the Ethereum P2P network due to economic incentives such as arbitrage and front-running. Here, blockchain network nodes face a dilemma: skip transaction validations for lower latency and higher profits, but risk accepting floods of invalid transactions from attackers.