An adaptive gas cost mechanism for ethereum to defend against under-priced DoS attacks

Ting Chen, Xiaoqi Li, Ying Wang, Jiachi Chen, Zihao Li, Xiapu Luo, Man Ho Au, Xiaosong Zhang

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

23 Citations (Scopus)

Abstract

The gas mechanism in Ethereum charges the execution of every operation to ensure that smart contracts running in EVM (Ethereum Virtual Machine) will be eventually terminated. Failing to properly set the gas costs of EVM operations allows attackers to launch DoS attacks on Ethereum. Although Ethereum recently adjusted the gas costs of EVM operations to defend against known DoS attacks, it remains unknown whether the new setting is proper and how to configure it to defend against unknown DoS attacks. In this paper, we make the first step to address this challenging issue by first proposing an emulation-based framework to automatically measure the resource consumptions of EVM operations. The results reveal that Ethereum’s new setting is still not proper. Moreover, we obtain an insight that there may always exist exploitable under-priced operations if the cost is fixed. Hence, we propose a novel gas cost mechanism, which dynamically adjusts the costs of EVM operations according to the number of executions, to thwart DoS attacks. This method punishes the operations that are executed much more frequently than before and lead to high gas costs. To make our solution flexible and secure and avoid frequent update of Ethereum client, we design a special smart contract that collaborates with the updated EVM for dynamic parameter adjustment. Experimental results demonstrate that our method can effectively thwart both known and unknown DoS attacks with flexible parameter settings. Moreover, our method only introduces negligible additional gas consumption for benign users.

Original languageEnglish
Title of host publicationInformation Security Practice and Experience - 13th International Conference, ISPEC 2017, Proceedings
EditorsJoseph K. Liu, Pierangela Samarati
PublisherSpringer Verlag
Pages3-24
Number of pages22
ISBN (Print)9783319723587
DOIs
Publication statusPublished - Dec 2017
Event13th International Conference on Information Security Practice and Experience, ISPEC 2017 - Melbourne, Australia
Duration: 13 Dec 201715 Dec 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10701 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference13th International Conference on Information Security Practice and Experience, ISPEC 2017
CountryAustralia
CityMelbourne
Period13/12/1715/12/17

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this