Chun Wang, co-founder of F2Pool, has denied allegations that his mining pool had been manipulating Ethereum block timestamps in order to “obtain consistently greater mining rewards.”
The claims were made in an Aug. 5 paper by researchers from The Hebrew University. They claim that the mining pool has engaged in a “consensus level” attack on Ethereum in order to gain an advantage over honest miners.
Wang responded to this tweet by saying “We respect the *consensus* (as is)”, suggesting that deliberately exploiting the system’s rules does not necessarily mean that the rules have been violated.
We accept the consensus as it is. If you disagree with the consensus, please convince @TimBeiko me to send another Announcement. https://t.co/Lmw2INzOzg
— Chun at 78degN (@satofishi)
August 8, 2022
The researchers published earlier this week what they claim is the first proof of an “consensus level attack” on Ethereum. In which miners like F2Pool can manipulate block timestamps to consistently receive higher mining rewards than mining “honestly”, the researchers claimed that the evidence was the first proof.
The researchpaper was written by Aviv Yaish (cryptocurrency lecturer), Gilad Stern (software algorithm developer) and Aviv Zohar (computer scientist). It alleges that F2Pool, an Ethereum mining pool, has used this timestamp manipulation strategy.
“Although most mining pools produce relatively inconspicuous-looking blocks, F2Pool blatantly disregards the rules and uses false timestamps for its blocks,” said Yaish, adding that the mining pool has been executing the attack over the last two years.
Yaish presented evidence that Wang had also seen, and Wang appeared to admit to it. This suggests that Wang was aware of the intent behind the timestamp manipulation.
This is a beautiful implementation of the work we have done in the last two years.
I used a similar timetamp manipulation method to lower the difficulty to Terracoin in 2013. It must be able to withstand any kind of test. https://t.co/z8pLdLtAU0
— Chun at 78degN (@satofishi)
August 8, 2022
F2Pool, a geographically distributed pool that mines blocks on Bitcoin, Ethereum and Litecoin networks, is called F2Pool.
How the “attack” works
The researchers found that Ethereum’s current proof of work (POW) consensus laws contain a vulnerability that allows miners to set timestamps with a “certain degree” of freedom. This means that false timestamps could be created.
“For instance, a miner could start mining a block right now but set the blocks timestamp to be either 5 seconds in advance or 10 seconds in future. The block will be valid as long as it is within a reasonable bound according to Ethereum’s consensus laws.
These miners have the ability to create false timestamps, which gives them an advantage in “tie-breaking” situations. A miner can replace another miner’s blocks of the same height by setting the timestamp low enough that it increases the mining difficulty.
Similar: Ethereum Fusion: How will PoS transition affect the ETH ecosystem?
Researchers also pointed out that the vulnerability could be fixed after Ethereum switches to proof-ofstake (POS), following the Merge, which takes place on Sep. 19. This event uses a different set consensus rules.
“Moving Ethereum’s consensus mechanism from proof-of-stake to PoS is an obvious mitigation strategy that will resolve both this attack as well as any other PoW-related attacks.
Researchers added that other solutions might be simpler and more manageable. They include better fork-choosing rules for difficult adjustments, reliable timestamps or avoiding using timestamps altogether.
