Data

Tools

Indexes

Applications

Experiments

Open Source Science

speculativedos

The repository for the paper Speculative Denial-of-Service Attacks in Ethereum

https://github.com/avivyaish/speculativedos

Science Score: 44.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (8.1%) to scientific vocabulary
Last synced: 9 months ago · JSON representation ·

Repository

The repository for the paper Speculative Denial-of-Service Attacks in Ethereum

Basic Info
  • Host: GitHub
  • Owner: AvivYaish
  • Language: Go
  • Default Branch: main
  • Size: 43.3 MB
Statistics
  • Stars: 5
  • Watchers: 2
  • Forks: 1
  • Open Issues: 0
  • Releases: 0
Created over 2 years ago · Last pushed over 1 year ago
Metadata Files
Readme Citation

README.md

Speculative Denial-of-Service Attacks in Ethereum (USENIX Security '24)

This repository contains the code for the paper Speculative Denial-of-Service Attacks in Ethereum:

Demo

A large part of our work (1554 lines of code) can be found in the file builder/eth/block-validation/api_test.go, which does the following: - Sets up a fully-functioning local Ethereum testnet running a fork of Flashbots' builder client, which is a fork of geth (Go Ethereum, Ethereum's most popular execution client) - Executes the many attacks we present in the paper on this testnet

For example, run go test -v -run=TestCombinedAttackTestnet -timeout=0 to execute our combined attack, and see how the local testnet does not succeed in adding honest transactions to blocks:

Attack demo

Or, as a video:

Attack demo

As a sanity check, the file can also deploy the testnet without attacking it by running go test -v -run=TestHonestTestnet -timeout=0, showing how the testnet does add transactions to blocks when not under attack:

Honest demo

Or, as a video:

Honest demo

Acknowledgements

  • This repo is a fork of Flashbots' builder client, which is a geth fork
  • This work received two bounties from the Ethereum Foundation and Flashbots
  • In addition, this work received a grant from the Ethereum Foundation
  • Covered by blockworks
  • Ranked 63rd in MLSEC’s Normalized Top-100 Security Papers list

Owner

  • Name: Aviv Yaish
  • Login: AvivYaish
  • Kind: user
  • Company: The Hebrew University

Computer science PhD candidate, with an interest in cryptocurrencies, distributed ledgers, game theory and artificial intelligence.

Citation (CITATION.cff) 

cff-version: 1.2.0
title: Speculative Denial-of-Service Attacks in Ethereum
message: 'If you use this, please cite it as below.'
type: software
authors:
  - family-names: Yaish
    given-names: Aviv
    orcid: 'https://orcid.org/0000-0002-7971-2494'
  - family-names: Qin
    given-names: Kaihua
    orcid: 'https://orcid.org/0000-0003-2190-3623'
  - family-names: Zhou
    given-names: Liyi
    orcid: 'https://orcid.org/0000-0002-2820-9872'
  - family-names: Zohar
    given-names: Aviv
    orcid: 'https://orcid.org/0000-0001-8539-9222'
  - family-names: Gervais
    given-names: Arthur
    orcid: 'https://orcid.org/0000-0002-3565-3410'
repository-code: 'https://github.com/AvivYaish/SpeculativeDoS'
url: 'https://ia.cr/2023/956'
keywords:
  - Ethereum
  - blockchain
  - cryptocurrencies
  - security
  - denial-of-service
  - transaction fees
preferred-citation:
  type: article
  authors:
    - family-names: Yaish
      given-names: Aviv
      orcid: 'https://orcid.org/0000-0002-7971-2494'
    - family-names: Qin
      given-names: Kaihua
      orcid: 'https://orcid.org/0000-0003-2190-3623'
    - family-names: Zhou
      given-names: Liyi
      orcid: 'https://orcid.org/0000-0002-2820-9872'
    - family-names: Zohar
      given-names: Aviv
      orcid: 'https://orcid.org/0000-0001-8539-9222'
    - family-names: Gervais
      given-names: Arthur
      orcid: 'https://orcid.org/0000-0002-3565-3410'
  month: 6
  start: 1
  end: 24
  title: Speculative Denial-of-Service Attacks in Ethereum
  year: 2023

GitHub Events

Total
  • Watch event: 5
  • Push event: 15
  • Fork event: 1
Last Year
  • Watch event: 5
  • Push event: 15
  • Fork event: 1

Dependencies

builder/Dockerfile docker
  • alpine latest build
  • golang 1.20-alpine build
builder/go.mod go
  • github.com/Azure/azure-sdk-for-go/sdk/azcore v0.21.1
  • github.com/Azure/azure-sdk-for-go/sdk/internal v0.8.3
  • github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.3.0
  • github.com/DataDog/zstd v1.5.2
  • github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6
  • github.com/VictoriaMetrics/fastcache v1.6.0
  • github.com/attestantio/go-builder-client v0.2.7
  • github.com/attestantio/go-eth2-client v0.15.2
  • github.com/aws/aws-sdk-go-v2 v1.2.0
  • github.com/aws/aws-sdk-go-v2/config v1.1.1
  • github.com/aws/aws-sdk-go-v2/credentials v1.1.1
  • github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.0.2
  • github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.0.2
  • github.com/aws/aws-sdk-go-v2/service/route53 v1.1.1
  • github.com/aws/aws-sdk-go-v2/service/sso v1.1.1
  • github.com/aws/aws-sdk-go-v2/service/sts v1.1.1
  • github.com/aws/smithy-go v1.1.0
  • github.com/beorn7/perks v1.0.1
  • github.com/btcsuite/btcd/btcec/v2 v2.3.2
  • github.com/btcsuite/btcd/chaincfg/chainhash v1.0.2
  • github.com/cespare/cp v1.1.1
  • github.com/cespare/xxhash/v2 v2.2.0
  • github.com/cloudflare/cloudflare-go v0.14.0
  • github.com/cockroachdb/errors v1.9.1
  • github.com/cockroachdb/logtags v0.0.0-20230118201751-21c54148d20b
  • github.com/cockroachdb/pebble v0.0.0-20230209160836-829675f94811
  • github.com/cockroachdb/redact v1.1.3
  • github.com/consensys/bavard v0.1.13
  • github.com/consensys/gnark-crypto v0.9.1-0.20230105202408-1a7a29904a7c
  • github.com/cpuguy83/go-md2man/v2 v2.0.2
  • github.com/crate-crypto/go-ipa v0.0.0-20220523130400-f11357ae11c7
  • github.com/davecgh/go-spew v1.1.1
  • github.com/deckarep/golang-set/v2 v2.1.0
  • github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1
  • github.com/deepmap/oapi-codegen v1.8.2
  • github.com/dlclark/regexp2 v1.7.0
  • github.com/docker/docker v1.6.2
  • github.com/dop251/goja v0.0.0-20230122112309-96b1610dd4f7
  • github.com/edsrzf/mmap-go v1.0.0
  • github.com/fatih/color v1.13.0
  • github.com/ferranbt/fastssz v0.1.2
  • github.com/fjl/gencodec v0.0.0-20220412091415-8bb9e558978c
  • github.com/fjl/memsize v0.0.0-20190710130421-bcb5799ab5e5
  • github.com/flashbots/go-boost-utils v0.3.5
  • github.com/flashbots/go-utils v0.4.5
  • github.com/flashbots/mev-boost v0.7.3
  • github.com/fsnotify/fsnotify v1.6.0
  • github.com/garslo/gogen v0.0.0-20170306192744-1d203ffc1f61
  • github.com/gballet/go-libpcsclite v0.0.0-20191108122812-4678299bea08
  • github.com/gballet/go-verkle v0.0.0-20220902153445-097bd83b7732
  • github.com/getsentry/sentry-go v0.18.0
  • github.com/go-ole/go-ole v1.2.1
  • github.com/go-sourcemap/sourcemap v2.1.3+incompatible
  • github.com/go-stack/stack v1.8.1
  • github.com/goccy/go-yaml v1.9.2
  • github.com/gofrs/flock v0.8.1
  • github.com/gogo/protobuf v1.3.2
  • github.com/golang-jwt/jwt/v4 v4.3.0
  • github.com/golang/protobuf v1.5.2
  • github.com/golang/snappy v0.0.4
  • github.com/google/gofuzz v1.1.1-0.20200604201612-c04b05f3adfa
  • github.com/google/uuid v1.3.0
  • github.com/gorilla/mux v1.8.0
  • github.com/gorilla/websocket v1.4.2
  • github.com/graph-gophers/graphql-go v1.3.0
  • github.com/hashicorp/go-bexpr v0.1.10
  • github.com/holiman/bloomfilter/v2 v2.0.3
  • github.com/holiman/uint256 v1.2.1
  • github.com/huin/goupnp v1.0.3
  • github.com/influxdata/influxdb v1.8.3
  • github.com/influxdata/influxdb-client-go/v2 v2.4.0
  • github.com/influxdata/line-protocol v0.0.0-20210311194329-9aa0e372d097
  • github.com/jackpal/go-nat-pmp v1.0.2
  • github.com/jedisct1/go-minisign v0.0.0-20190909160543-45766022959e
  • github.com/jmoiron/sqlx v1.3.5
  • github.com/julienschmidt/httprouter v1.3.0
  • github.com/karalabe/usb v0.0.2
  • github.com/klauspost/compress v1.15.15
  • github.com/klauspost/cpuid/v2 v2.2.1
  • github.com/kr/pretty v0.3.1
  • github.com/kr/text v0.2.0
  • github.com/kylelemons/godebug v1.1.0
  • github.com/lib/pq v1.2.0
  • github.com/mattn/go-colorable v0.1.13
  • github.com/mattn/go-isatty v0.0.16
  • github.com/mattn/go-runewidth v0.0.9
  • github.com/matttproud/golang_protobuf_extensions v1.0.4
  • github.com/minio/sha256-simd v1.0.0
  • github.com/mitchellh/mapstructure v1.5.0
  • github.com/mitchellh/pointerstructure v1.2.0
  • github.com/mmcloughlin/addchain v0.4.0
  • github.com/naoina/go-stringutil v0.1.0
  • github.com/naoina/toml v0.1.2-0.20170918210437-9fafd6967416
  • github.com/olekukonko/tablewriter v0.0.5
  • github.com/opentracing/opentracing-go v1.2.0
  • github.com/peterh/liner v1.1.1-0.20190123174540-a2c9a5303de7
  • github.com/pkg/errors v0.9.1
  • github.com/pmezard/go-difflib v1.0.0
  • github.com/prometheus/client_golang v1.14.0
  • github.com/prometheus/client_model v0.3.0
  • github.com/prometheus/common v0.39.0
  • github.com/prometheus/procfs v0.9.0
  • github.com/prysmaticlabs/go-bitfield v0.0.0-20210809151128-385d8c5e3fb7
  • github.com/r3labs/sse v0.0.0-20210224172625-26fe804710bc
  • github.com/rogpeppe/go-internal v1.9.0
  • github.com/rs/cors v1.7.0
  • github.com/russross/blackfriday/v2 v2.1.0
  • github.com/shirou/gopsutil v3.21.4-0.20210419000835-c7a38de76ee5+incompatible
  • github.com/sirupsen/logrus v1.9.0
  • github.com/status-im/keycard-go v0.0.0-20190316090335-8537d3370df4
  • github.com/stretchr/testify v1.8.1
  • github.com/supranational/blst v0.3.8-0.20220526154634-513d2456b344
  • github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7
  • github.com/tklauser/go-sysconf v0.3.5
  • github.com/tklauser/numcpus v0.2.2
  • github.com/tyler-smith/go-bip39 v1.1.0
  • github.com/urfave/cli/v2 v2.17.2-0.20221006022127-8f469abc00aa
  • github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673
  • golang.org/x/crypto v0.1.0
  • golang.org/x/exp v0.0.0-20230206171751-46f607a40771
  • golang.org/x/mod v0.6.0
  • golang.org/x/net v0.4.0
  • golang.org/x/sync v0.1.0
  • golang.org/x/sys v0.5.0
  • golang.org/x/text v0.7.0
  • golang.org/x/time v0.0.0-20220922220347-f3bd1da661af
  • golang.org/x/tools v0.2.0
  • golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2
  • google.golang.org/protobuf v1.28.1
  • gopkg.in/cenkalti/backoff.v1 v1.1.0
  • gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce
  • gopkg.in/yaml.v2 v2.4.0
  • gopkg.in/yaml.v3 v3.0.1
  • rsc.io/tmplfunc v0.0.3
builder/go.sum go
  • 966 dependencies
builder/cmd/clef/requirements.txt pypi
  • tinyrpc ==1.1.4