Ethereum Security and Attacks with Liquid Staking

Vulnerabilities of PoW chains like Bitcoin to 51% attacks are well studied. After Ethereum transitions to PoS, new questions emerged about its resilience to attacks and impact of liquid staking.

In the ever-evolving landscape of blockchain technology, security remains a paramount concern. Ethereum, a leading blockchain platform, has implemented robust measures to protect against various attack vectors. However, attackers are continually adapting and devising new strategies. This blog post explores the objectives of attackers on the Ethereum network and discusses Liquid Staking Protocols (LSPs) as a potential threat to the security.

Background: PoS vs PoW

Proof-of-Stake (PoS) emerges as an alternative consensus mechanism designed to overcome the drawbacks associated with Proof-of-Work (PoW), particularly its substantial energy consumption. Within a PoS blockchain, validators take on the responsibility of creating new blocks, attesting proposed blocks, and securing the network based on their stake – the quantity of native tokens - Ether (ETH) for Ethereum - they possess and commit as collateral.

In PoS, validators are chosen to create or attest blocks following a random schedule, very different from the competitive race among miners in PoW chains. PoS validators, committed to fulfilling their roles, are guaranteed to receive rewards over time. However, a vigilant system is in place to penalize validators for instances of being offline, missing attestations, or failing to propose a block, a process aptly termed "slashing."

Understanding Attacker Objectives:

Contrary to popular belief, attackers on the Ethereum blockchain are not focused on creating new ETH tokens or stealing them from individual accounts. Instead, their primary objectives revolve around manipulating the structure of the future blocks (with transactions) in the blockchain. Reorganizations of blocks (reorgs), double finality, and finality delay are the key areas of interest for attackers.

Ex-post and ex-ante Reorgs

Reorgs involve the reordering of blocks, either before or after they are added to the canonical chain. Ex-ante and ex-post reorgs enable attackers to replace or remove blocks, potentially leading to double-spending or exploiting transaction reordering.

• Ex-post reorg - the attacker changes the history of the blockchain, it is required to control over 2/3 of staked ETH.
• Ex-ante reorg - the attacker can influence the future of the blockchain. Finality reversion, the most extreme form of ex-ante reorg, becomes possible when an attacker controls more than 1/3 of the total staked ETH.

Delayed finality

Finality delay requires an attacker to hold a minimum of 33% of staked ETH, to disrupt Ethereum operations by preventing the network from finalizing. In the Ethereum, each new block requires attestation by 2/3 of the staked ether. If 1/3 or more of the staked ETH engages in malicious attestation or fails to attest, a 2/3 supermajority becomes unattainable.

Nevertheless, if the chain fails to finalize for four epochs, validators not attesting or attesting against the majority are gradually slashed until they represent less than 1/3 of the total staked ETH, allowing the restoration of a supermajority.

This attack holds limited benefit for the attacker unless financial incentives are linked to the disruption of the chain.

Double finality

Double finality occurs when two forks of the blockchain reach finality simultaneously, causing a permanent split. Attackers with a substantial stake can manipulate the fork choice algorithm, enabling censorship of transactions and reordering of blocks for Maximal Extractable Value (MEV) rewards.

Censorship and control over the future

For attackers in control of over 51% of the total staked ETH, the ability to split the Ethereum blockchain into two forks of equal size arises, enabling manipulation of the fork choice algorithm. While the attacker cannot alter history, they have influence over the future by leveraging majority votes on a favorable fork, facilitating censorship of transactions and reordering of blocks for MEV rewards.

Control over the past and future

In the case of attackers commanding over 66% of staked ETH, they can vote for the preferred fork and then finalize it with a dishonest supermajority. This grants the attacker the capability to execute ex-post reorgs, altering the historical chain, and conduct finality reversions, thereby controlling the future trajectory of the Ethereum blockchain. The summary you can see in this table

You can see the summary of these attack thresholds in the table below:

Liquid Staking as a New Threat:

Following the successful migration of Ethereum to PoS, the associated risk with liquid staking significantly diminishes, resulting in a rise in the total value locked (TVL) in these protocols. Consequently, Lido which was pioneering liquid staking became the largest DeFi protocol.

Liquid staking protocols introduce a more accessible and streamlined approach to staking. Now, participants receive a token representing their staked ETH, which can be freely traded. You can read more about the benefits of liquid staking in this blog:

Lido: 31% of staked ETH

Node operators, acting on behalf of liquid staking protocols, play a pivotal role in managing validators. Lido, for instance, selects node operators through a decentralized autonomous organization (DAO) vote and currently employs around 30 of them, collectively managing approximately 31% of staked ETH. This figure is approaching the crucial 33% economic security threshold. While each node operator individually manages only about 1% of staked ETH, potential hacking attacks on the Lido software they employ could theoretically lead to a 33% attack, causing delayed finality.

Decentralized Liquduid Staking

In contrast to Lido, protocols like RocketPool and Stader adopt a permissionless network of node operators. Anyone, including potential attackers, can run a validator with as little as 8 or 4 ETH, respectively, while the remaining ETH (32ETH required to run a validator) is provided by liquid staking protocols. This opens the door for attackers deciding to run node operators on RocketPool or Stader, potentially executing a 33% attack with only 11% or 5.5% of staked ETH.

You can read more about the architecture of liquid staking protocols in this blog:

Distributed Validator Technology (DVT)

To fortify against hacking attacks, liquid staking protocols employ Distributed Validator Technology (DVT). This is a technology is similar to MPC wallets that of institutional wallet providers like Copper or Fireblocks.

DVT allows splitting the key to validators into multiple components known as shares, which are then distributed among node operators. For a validator to function, requiring consensus on each action, a minimum of 2/3 of these key shares must be collectively represented by the participating node operators. This sophisticated approach ensures a distributed and collaborative decision-making process, enhancing the overall security of validators and liquid staking protocols.

Conclusion:

As the Ethereum network continues to evolve, so do the strategies of potential attackers. Only control of 2/3 of staked ETH would allow to change the blockchain history, but with as little as 1/3 of staked ETH the attacker can shortly delay the chain finality. However, the attacks is risking this staked ETH that will be slashed when the attack is detected.

Liquid staking protocols pose a theoretical new threat to Ethereum’s security. Lido supports staking of 31% of all ETH (with 30 node operators). The hacking attack on all node operators could lead to a 33% attack. Permissionless networks of node operators of RocketPool or Stader can theoretically lower the attack threshold to just 11% or 5.5% of staked ETH.

Distributed Validator Technology (DVT), similar to MPC wallets, is a promising enhancement in the security of validators and liquid staking protocols.