DeepAI AI Chat
Log In Sign Up

Eclipsing Ethereum Peers with False Friends

by   Sebastian Henningsen, et al.

Ethereum is a decentralized Blockchain system that supports the execution of Turing-complete smart contracts. Although the security of the Ethereum ecosystem has been studied in the past, the network layer has been mostly neglected. We show that Go Ethereum (Geth), the most widely used Ethereum implementation, is vulnerable to eclipse attacks, effectively circumventing recently introduced (Geth v1.8.0) security enhancements. We responsibly disclosed the vulnerability to core Ethereum developers; the corresponding countermeasures to our attack where incorporated into the v1.9.0 release of Geth. Our false friends attack exploits the Kademlia-inspired peer discovery logic used by Geth and enables a low-resource eclipsing of long-running, remote victim nodes. An adversary only needs two hosts in distinct /24 subnets to launch the eclipse, which can then be leveraged to filter the victim's view of the Blockchain. We discuss fundamental properties of Geth's node discovery logic that enable the false friends attack, as well as proposed and implemented countermeasures.


page 1

page 2

page 3

page 4


Reentrancy Vulnerability Identification in Ethereum Smart Contracts

Ethereum Smart contracts use blockchain to transfer values among peers o...

EASYFLOW: Keep Ethereum Away From Overflow

While Ethereum smart contracts enabled a wide range of blockchain applic...

TxT: Real-time Transaction Encapsulation for Ethereum Smart Contracts

Ethereum is a permissionless blockchain ecosystem that supports executio...

A Survey on EOSIO Systems Security: Vulnerability, Attack, and Mitigation

EOSIO, as one of the most representative blockchain 3.0 platforms, invol...

Stateful to Stateless: Modelling Stateless Ethereum

The concept of 'Stateless Ethereum' was conceived with the primary aim o...

Two Attacks On Proof-of-Stake GHOST/Ethereum

We present two attacks targeting the Proof-of-Stake (PoS) Ethereum conse...

Decentralized Release of Self-emerging Data using Smart Contracts

In the age of Big Data, releasing protected sensitive data at a future p...