The vulnerability would make Ethereum Classic permanently unable to confirm transactions
GEORGE TOWN, Cayman Islands, July 8, 2021 / PRNewswire / – Today is the team behind the VeriBlock® Blockchain Project, which is the proof-of-work (“PoW”) security of Bitcoin on the blockchains of the world in a fully decentralized, trustworthy, transparent and permissionless ( “DTTP®”) expanded. ) published details of a critical vulnerability in the MESS protocol of Ethereum Classic, which they shared with ETC developers last October before the consensus technology was activated on the mainnet.
The VeriBlock team purposely omitted a detail from the disclosure to give ETC developers and their community additional time to disable the vulnerable technology before it is exploited in the real world. The feasibility of the attack can be demonstrated without this detail and the team will provide a version of the disclosure including the omitted details to any Ethereum Classic developers who wish to further investigate the vulnerability.
After a successful 51% attack on Ethereum Classic in January 2019 and three consecutive attacks in August 2020 that resulted in the theft of over $ 5 million Cryptocurrency, the Ethereum Classic community has adopted the consensus technology MESS (“Modified Exponential Subjective Scoring”) Oct 11, 2020to prevent future 51% attacks on the network.
MESS is based on a subjective rating solution that was originally proposed in 2014 and expanded in 2016 by the Ethereum founder Vitalik Buterin.
However, the subjective nature of MESS led to a much more damaging vulnerability, VeriBlock co-founder and CTO Maxwell Sanchez explained. “Subjective evaluation means that two different nodes can permanently disagree about the correct state of the blockchain. Our disclosure explains how an attacker could exploit this subjectivity to permanently break the network into separate partitions, rendering the blockchain unable to achieve global consensus and permanently prevent confirmation of “transactions.”
The story goes on
As the security disclosure of the VeriBlock team shows, an attacker can not only break the network, but also stabilize the attack over a period of several hours in order to create a state in which Ethereum Classic can no longer converge on a single global blockchain state .
The team also notes that the vulnerability is not due to an implementation error or incorrect parameterization of the protocol, but rather to the fundamental nature of technologies like MESS.
“At the time of the discovery last October, the exploit would have cost about $ 10,000 to run using hashing power, which is readily available on hashrate marketplaces like NiceHash. Today we estimate that the attack could still be carried out for less than $ 50,000, and there is currently enough hashrate available to borrow to successfully carry out the attack, “notes Sanchez.
In addition to publishing the vulnerability disclosure, the VeriBlock team has also made its simulation environment open source so that anyone can conduct a demonstration of the attack themselves to understand how the exploit works.
“Although the economic motivation of a bifurcation attack is much more nuanced than a 51 percent attack, the existence of derivatives markets where attackers can short ETCs certainly provides sufficient financial incentive for this type of attack,” explains Sanchez.
The VeriBlock team also proposed VeriBlock PoP about six weeks before the activation of MESS in the ETC mainnet as a 51% attack protection mechanism for ETC and is internally testing a test network of Ethereum Classic with its own Bitcoin-based proof-of-proof security technology ( instead of MESS) for the ETC community for testing and invites all Ethereum Classic developers interested in further understanding the exploit or anyone interested in testing VeriBlock-Secured Ethereum Classic to contact hello @ veriblock.com.
About the VeriBlock Foundation
The VeriBlock Foundation is a Cayman Islands non-profit organization committed to increasing awareness and adoption of the VeriBlock blockchain and its proof-of-proof security protocol. VeriBlock inherits the security of Bitcoin in a fully decentralized, trustworthy, transparent and permissionless manner (“DTTP®”), follows the same attributes that made Bitcoin great, and allows any other blockchain to reinforce their existing security with full evidence . Bitcoin worker in the same way.
View original content to download multimedia: https://www.prnewswire.com/news-releases/veriblock-foundation-discloses-mess-vulnerability-in-ethereum-classic-blockchain-301327998.html
SOURCE VeriBlock, Inc.