Rujia Li (Tsinghua University), Mingfei Zhang (Shandong University), Xueqian Lu (Independent Reseacher), Wenbo Xu (AntChain Platform Division, Ant Group), Ying Yan (Blockchain Platform Division, Ant Group), Sisi Duan (Tsinghua University)
Ethereum, a leading blockchain platform, relies on incentive mechanisms to improve its stability. Recently, several attacks targeting the incentive mechanisms have been proposed. Examples include the so-called reorganization attacks that cause blocks proposed by honest validators to be discarded. In reorganization attacks, honest validators suffer from lower rewards than their fair share. Finding these attacks, however, heavily relies on expert knowledge and may involve substantial manual effort.
We present proto, a framework for finding incentive flaws in Ethereum with little manual effort. proto is inspired by failure injection, a technique commonly used in software testing for finding implementation vulnerabilities. Instead of finding implementation vulnerabilities, we aim to find design flaws. Our main technical contributions involve a carefully designed ``strategy generator" that generates a large pool of attack instances, an automatic workflow that launches attacks and analyzes the results, and a workflow that integrates reinforcement learning to fine-tune the attack parameters and identify the most profitable attacks. We simulate a total of 7,991 attack instances using our framework and find the following results. First, our framework textit{reproduces} five known incentive attacks that were previously found manually. Second, we find three new attacks that can be identified as incentive flaws. Finally and surprisingly, one of our experiments also identified two implementation flaws.