Promises of a proof-of-stake regime that might invite more attacks
After years of development and delay, the Ethereum Merge has finally happened. The Merge upgrade is a move to a vastly more energy-efficient, scalable, and secure system with the major change being the validation mechanism for transactions from a proof-of-work method to proof-of-stake (PoS). Since December 2020, Ethereum developers have been running essentially two different versions of the blockchain, Mainnet & Beacon, simultaneously.
Post-Merge, financial transactions now only live on the Beacon proof-of-stake system. On the one hand, this move effectively limits points of entry for hackers. On the other hand, we still have reason to be unnerved by how increasingly creative and malicious recent crypto attacks have been and will continue to be.
Months before the Merge Ethereums Beacon Chain experienced a seven-block reorganization (reorg), where a competing block knocked off a block from the canonical chain, causing the chain to unintentionally fork or duplicate. On this occasion, supposedly there was no foul play. However instances like these, albeit fairly hard to execute in the mainnet on purpose, could be the result of a malicious attack from a miner or a bug.
A key factor that will determine merges initial success is the relative security of the blockchain under a proof-of-stake regime. The Ethereum blockchain remains a likely target for attackers. In this article, well take a look at some of the more prevalent issues raised regarding new possibilities for attacks.
PoS exploit vulnerability
The proof-of-stake system operates much like a lottery on the principle that every ‘staker’ who temporarily deposits their coins to help secure the network has the chance to add a block to the blockchain. This algorithmic lottery determines who gets to validate transactions and win tokens as a reward for doing so. With the reward incentive driving more validators to stake their coins, Ethereum is said to be even harder to attack. So, how could this possibly spell disaster?
Potential attack #1
A proof-of-stake system can be vulnerable to a 51% Attack, otherwise known as a majority attack. In theory, if a malicious entity were to control at least 51% of the blockchains staked tokens while simultaneously controlling at least 51 percent of the networks nodes, they could tamper with the blockchain record. This is often done to reverse transactions, leading to an issue known as double spending which renders the network incapable of proving how many people spent the same digital asset.
The proof-of-stake algorithms will help diversify nodes, but we shouldnt forget that these are unprecedented times for crypto. We are witnessing amounting attention given to what some anticipate will be a boost of all crypto assets on Ethereum’s Beacon blockchain. The probability of 51% Attacks being a major problem seems inconsequential; however, an attacks improbability isnt always an effective deterrent.
Potential Attack #2
Post-Merge we expect an uptick in staking services for Ethereum as more people and even institutions will be enticed by the high staking rewards. With more at stake, hackers are in return incentivized to hack large sums of Ethereum as well. This puts precedence on whether the staking service is adequately secured or audited.
Because of the merge, irresponsible amounts of Ethereum are being rushed into services that support Ethereum staking, emboldening an already highlighted central point of failure.
There are reasons to believe the new changes brought by merge will make Ethereum temporarily less secure, but there are always two sides to the crypto coin. Where contributors are incentivized to put more on the line, a commitment to growth, increased scalability, and accountability on the blockchain will follow.
Smart contract auditing will continue to be integral post-merge as attempts to compromise staking services will likely increase. Fortifying our assets in this next crypto chapter will determine the continued success of the merge. Although Smart contracts within Ethereum however wont be changed majorly by the merge, new growth poses an opportunity for setting smart contract specifications, or industry standards. As the Ethereum blockchain routes new pathways, we need to look at making each step forward secure.
As a security researcher of DeFi infrastructure service provider Sooho.io, Jasper Lee conducts security audits of various DeFi and NFT services such as KLEVA and Klaycity. Headquartered in South Korea, the company aims to become the SWIFT for Web3.0 and connect the Korean DeFi ecosystem with the rest of the world. The company specializes in developing DeFi products and smart contract auditing, offering one-stop customizable solutionsto financial institutions.
TechNode Global INSIDER publishes contributions relevant to entrepreneurship and innovation. You maysubmit your own original or published contributions subject to editorial discretion.
Why Ethereum Merge will be game-changing for DeFi and crypto investing