A team of students discovered a series of vulnerabilities that affected more than 26 Proof-of-Stake (PoS) cryptos. The investigation was carried out at the Decentralized Systems Lab at UIUC, and the team comprised of advisor Andrew Miller and students Sanket Kanjalkar, Joseph Kuo, Yuguang Chen, and Yunqi Li.
According to the results of the investigation, cryptos with a PoS algorithm in its Blockchain were vulnerable to network attackers who could, with a small or even no stake, crash any one of the network nodes that were running the software.
“Fake Stake” Attacks: Proof-of-Stake Cryptos Vulnerabilities
PoS cryptos, especially those running on the PoSV3 algorithm, are like Bitcoin in using the longest-chain consensus rules and the UTXO model. However, the critical difference between these cryptos and Bitcoin’s network is that they have replaced the Proof-of-Work algorithm with a Proof-of-Ownership of tokens.
The PoS method has advantages such as increasing the security of the networks against 51% attacks and reducing their impact on the environment. However, the challenge arises when these design ideas are copied incorrectly. This leads to gaps in the network that do not exist in the original codebase.
These vulnerabilities have been named “Fake Stake” and these attacks are possible due to PoSV3 implementations not validating network data adequately before disk and RAM resources are committed.
An attacker with little or no stake in the network can then simply fill up a node’s disk or RAM with useless data and crash that note. This is what is called resource exhaustion vulnerability.
Types of Vulnerabilities
According to the team that investigated this matter, there was basically two types of vulnerabilities found.
The first one was due to a failure in verifying coinstake transactions before a block was committed to a disk or a RAM. Due to this lapse, all an attacker needed to do was fill up the RAM of a node with useless data. A variation of this vulnerability could cause the disk, rather than the RAM, to be attacked.
The second variation was found to be more serious since if a RAM was filled up, the node simply needed restarting. If, however, the disk space was filled up, then manual intervention would be required to clean up the disk.
The second vulnerability was found in earlier versions of the PoS. This is because the earlier versions of the Proof-of-Stake have two extra checks block data is stored. However, even here, a “spent stake attack” along with a “stake amplification” could break through these barriers and crash the victim node.
Impact of a “Fake Stake” Attack
According to the researchers, such attacks could create conflicting checkpoints because of which nodes on the network would not be able to reach a consensus of the Blockchain. This could lead to a split in the chain.
Another impact of such an attack could be that hostile miners could take over the chain.