Analysis of the Principle of Ethereum Mining Pool Refusal to Package Attacks

This article was published on NEST Enthusiasts, authors: Yuheng & Yuyi.

Unlike centralized oracles that rely solely on trusted third parties, the NEST distributed oracle aims to involve as many on-chain users as possible in the process of determining price conversion relationships, thereby further enhancing the reliability of the oracle's output data and the overall security of the oracle system.

Due to this characteristic, distributed oracles often encounter the problem of data being unable to be effectively verified, such as malicious miners providing malicious quotes to influence prices. To address this issue, NEST has designed a submission verification mechanism for quotes—known as "eating orders"—which allows verifiers to trade based on the quoted price to obtain the assets pledged by the quote provider and to propose a revised quote. In this way, the NEST distributed oracle can effectively limit malicious quotes to a certain extent while also promptly correcting them.

However, the smooth operation of this price correction mechanism relies on the timely appearance of eating order transactions and new quote transactions in the new blocks on the chain within the verification period. As is well known, the group of miners in the entire blockchain network is no longer working individually as they did at the beginning. To ensure stable earnings, miners organize into pools to achieve the integration of computing power, because under the proof-of-work (PoW) consensus, greater computing power means a higher probability of earning rewards.

The emergence of mining pools raises the fundamental issue of their monopoly over transaction packaging rights. In public chains, only miners or pools that mine blocks can decide which transactions should be included in the next block. Compared to individual miners, mining pools often have overwhelming advantages in computing power. In this case, those pools with larger computing power may choose to package transactions that are beneficial to themselves or have higher transaction fees, even if these transactions may not be the first to be published on the chain.

When this situation occurs in the NEST distributed oracle, it can lead to new quotes submitted not being verified in a timely manner within the verification period, ultimately resulting in NEST outputting incorrect price data, which allows certain mining pools to capture arbitrage opportunities, thus threatening the overall security of the DeFi ecosystem. The following sections will specifically introduce the details of the mining pool denial-of-packaging attack targeting the NEST distributed oracle.

Attack Process and Analysis

To facilitate the explanation of this attack method, we first assume that all participants in mining are pools (a single miner can also be considered a very small pool), with each pool having different proportions of computing power, and they all know each other's computing power proportions.

Before launching the attack, the malicious pool can pre-accumulate cryptocurrencies for arbitrage through methods such as flash loans. For example, the malicious pool may pre-accumulate a large amount of ETH and then manipulate the price ratio between ETH and USDT to achieve arbitrage.

Next, the malicious pool will submit a quote to NEST that has a significant difference from the current actual market price. The large discrepancy between the quote and the actual market price indicates a substantial arbitrage opportunity. Therefore, during the verification period lasting S blocks, according to NEST's own eating order verification protocol, there will inevitably be verifiers proposing eating order transactions to make the most reasonable correction to the quote to maximize their profits.

At this point, when assembling each block for the verification period, all mining pools face two identical choices: to package the transaction into their next assembled block (or to eat the order themselves and propose a new quote) or not to package the quote into the next assembled block (or not to propose the eating order transaction). Since each pool knows the computing power proportions and the strategic choices available to each other, during the verification period, whether each pool chooses to correct the quote can be seen as a series of independent static games with complete information among all pools. The final outcome of the entire game, known as the Nash Equilibrium Point, is determined by the payoffs of each participant under various decision combinations, as each participant will choose the decision that maximizes their own payoff in all situations. The prisoner's dilemma is a typical example of a complete information static game.

If a mining pool chooses to correct the quote, it is clear that the pool can immediately gain profits; let’s assume the profit corresponding to the corrected quote is a. If a mining pool does not choose to correct a quote, it may seem that the pool cannot immediately gain profits, but the pool can also accumulate the cryptocurrencies involved in the malicious quote and ultimately arbitrage after the quote is established; we can denote this final profit as b, and it is usually true that b > a.

However, we need to note that in the blockchain, only the pools that mine new blocks can obtain the right to record transactions. This means that even if a pool chooses to immediately correct the malicious quote, it can only earn a with a certain probability, and this probability is proportional to the pool's computing power. Therefore, we can express the profit from a pool choosing to correct the quote as Pia. Similarly, if the quote is not corrected, after the quote is established, the profit that a pool can obtain is Pib. However, once the quote is corrected, the subsequent game no longer exists, meaning that all pools will not earn b. Therefore, in reality, when pools decide the transaction content of each block during the verification period, the two types of profits they consider are as follows:

Where T represents the pool's decision, Y represents modifying the quote, N represents not modifying the quote; Pn represents the probability that no modified quote will appear in the subsequent verification period blocks.

When assembling each block corresponding to the verification period, all pools will compare these two types of profits to choose their decisions. Finally, based on their computing power proportions and the ratio of the two profits a and b, they will decide whether to correct the quote, thus ultimately reaching a Nash equilibrium state.

Analysis Summary

As mentioned above, mining pools may leverage their advantages in computing power to delay and obstruct the updates of quote corrections, thereby using the NEST oracle for arbitrage. However, this is not just an issue faced by the NEST oracle; in fact, the entire decentralized concept of blockchain is being impacted by the phenomenon of mining pools. Therefore, how to effectively address the problems brought by mining pools is an unavoidable challenge on our path toward true decentralization.