Skip to content

(block, epoch)-fork choice#2292

Closed
adiasg wants to merge 8 commits intodevfrom
finality-delay-fix
Closed

(block, epoch)-fork choice#2292
adiasg wants to merge 8 commits intodevfrom
finality-delay-fix

Conversation

@adiasg
Copy link
Contributor

@adiasg adiasg commented Mar 30, 2021
edited
Loading

This PR contains a security fix for the finality delay attack outlined in this paper.

Finality Delay Attack

The execution of the attack involves temporary block withholding by the first few proposers in the epoch. At the end of the last withholding proposer's slot, all blocks are released. During slots in which blocks were withheld, honest attesters make FFG target votes for the last block of the previous epoch (which is "pulled up" to serve as the FFG checkpoint for the current epoch). After the blocks have been released, honest attesters make FFG target votes for the first block of the current epoch.
During each slot, 1 / SLOTS_PER_EPOCH (= 3.125%) fraction of stake is attesting. So a 25% attacker needs to control the first 3 slots (= ceil((33.33 - 25) / 3.125)) of an epoch to successfully delay finality at the end of that epoch.

A brief description from the original paper:
image

The attack is possible because the fork choice allows for updating the head block, without any reorgs, in the following situation:

  • the old head block points to an FFG target inconsistent with the one pointed to by the new head block, and
  • there is more support for the old head block's FFG target than the new head block's FFG target.

This happens because the fork choice only calculates the LMD GHOST winner based on the support for each individual block. This PR prevents the attack by changing the block tree structure, and by also taking into account the support for the FFG target pointed to by each block.

For example, the below block hierarchy will be transformed into a block tree in the following manner:
image

Summary of Changes

  • Block Tree Structure
  • LatestMessage Accounting
    • To calculate support for nodes in the block tree, LMD GHOST fork choice now interprets LatestMessage in the spirit of the attack fix. (Refer: get_latest_attesting_balance)
  • Fork Choice Store & Functions
    • Updated the fork choice store & all functions for compatibility with the new block tree structure.
    • Added block tree updates to the on_block & on_attestation functions.
  • Testing
    • Added tests for the finality delay attack.
    • Updated existing tests that use internal fork choice functions.

@adiasg adiasg added forkchoice security General protocol security-related items labels Mar 30, 2021
@adiasg
Copy link
Contributor Author

adiasg commented Apr 20, 2021
edited
Loading

Note: First merge PR #2301 into dev, then merge this into dev

@adiasg adiasg changed the base branch from dev to fix-bouncing-attack-tests April 23, 2021 18:58
@adiasg adiasg mentioned this pull request Apr 23, 2021
Closed
Base automatically changed from fix-bouncing-attack-tests to dev April 27, 2021 13:51
@leolara
Copy link
Member

leolara commented Jun 4, 2025

I am closing this issue because it seems stale. Please, do not hesitate to reopen it if this is a mistake

@leolara leolara closed this Jun 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vbuterin vbuterin vbuterin approved these changes

Assignees

No one assigned

Labels

forkchoice security General protocol security-related items

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@adiasg @leolara @vbuterin