Disclosure letter: Liveness Attacks against the Vechain Thor Consensus

Report date: May 25, 2024

Attacking target: Vechain Thor consensus protocols

The whitepaper claims its liveness as

In a practical synchronous model, new blocks could always be finalized.

Key deliveries
Our attack undermines VeChain’s finalization mechanism (in particular, FOB VIPs/assets/vip220.pdf at master · vechain/VIPs · GitHub). By coordinating N/3 malicious block proposers (N represents the total number of nodes) —to vote ‘0’ on the blocks they generate, and leveraging the chain’s fork-choice protocol (similar to the method used in Attack II), we strategically cause the next N/3 blocks produced by honest nodes to be discarded. Consequently, the proportion of proposers voting ‘1’ fails to reach the necessary two-thirds majority, rendering the blocks unable to achieve finalization. This effectively disrupts the Vechain’s finalization mechanism.

Attacking strategy
In particular, by employing tactics such as refusing to vote and delaying the broadcasting of blocks, our attack creates forks and reduces the count of honest voters to below two-thirds. This prevents the latest block on the chain from being finalized, effectively undermining the chain’s finalization mechanism and liveness property.

To clearly explain our strategy, we consider the current time as T, and label the time for the n-th block in the future as T+N. We refer to the n-th malicious actor as M(n) and the n-th honest node as H(n). Here’s how the attack unfolds:

  1. Every malicious actor votes 0 on the blocks they produce.
  2. These malicious actors then create blocks and share them only with each other.
  3. After a period, specifically at time T+2N, all malicious actors release their blocks to the entire network.

The above tactic creates two separate chains of blocks, each n blocks long. Based on how the network decides between competing chains, the blocks from the malicious actors, M(n), end up being chosen as the best blocks. This occurs between T+N+1 and T+2N. Consequently, the blocks from the n honest nodes are discarded, or “rolled back”. Since less than two-thirds of the total voters cast a positive vote, the network fails to finalize these blocks. This disrupts the chain’s ability to reach a consensus on the most recent valid block.

We put more details as follows: Vulnerability Report: Adaptive Attacks against the Vechain Thor Consensus | by Vulnerabilities and Exposures | Jun, 2024 | Medium

The original post of a potential liveness attack on the VeChainThor blockchain is a correct and true statement. The described attack vector suggests that if one-third of the nodes collude, they can prevent the finalization of the network. However, this vulnerability is not unique to the VeChainThor blockchain but applicable to many blockchains.

The attack involves a single or group of malicious actors controlling one-third of the validator nodes. By voting ‘0’ on blocks they generate and coordinate their actions, they can disrupt the consensus mechanism. This prevents the necessary two-thirds majority required for block finalization, effectively stalling finalization of the network. It is worth noting that blocks will continue to be produced, transactions will continue to be processed and the gain will continue to grow.

It’s crucial to understand that this type of attack is not confined to the VeChainThor blockchain. For example; if a group of miners controls 51% of the Bitcoin mining power, they could disrupt the network by generating empty blocks or creating competing forks, preventing transaction confirmations. On Ethereum similar vulnerabilities exist where collusion among a significant number of validators can impede finalization.

While the attack is theoretically possible, several factors mitigate its feasibility;
Economically speaking it would cost approximately $29 million, at the current market value, for a single or group of entities to control and operate one-third of the validator nodes in the network. This high entry barrier significantly reduces the risk of such an attack.

The Know Your Customer (KYC) procedures that are part of the VeChainThor blockchain Proof of Authority (PoA) mechanism ensures that validators are verified, reducing the likelihood of a single entity gaining control over a significant portion of the network.

VeChain aims for a diverse set of validators on the VeChainThor blockchain which are geographically and organizationally diverse. This diversity is critical in preventing collusion and ensuring that no single entity can easily control one-third of the validators.

VeChain’s governance structure promotes decentralization, making it difficult for a single entity to gain undue influence.

Continuous monitoring and auditing of validator activities help detect and mitigate any coordinated malicious actions early.

In conclusion while the theoretical possibility of a liveness attack exists, VeChainThor’s robust economic barriers, stringent PoA mechanism, strive for validator diversity and decentralized governance significantly mitigate the risks. It is important to continue enhancing these measures and remaining vigilant against potential threats to ensure the ongoing security and stability of the VeChainThor blockchain.