The Ethereum Foundation has published a blog post outlining a potentially catastrophic vulnerability that could have resulted in the mainnet being brought down at a cost of less than five-figures up until the execution of the Berlin hard fork last month.
A May 18 blog post describes the vulnerability as having posed “a severe threat against the Ethereum platform” until April’s upgrades allowed it to dodge the bullet.
The report describes the threat as having been an “open secret,” noting that it was once publicly disclosed by mistake. Following the implementation of the Berlin hard fork, the foundation estimated the threat is low enough to warrant full disclosure at this time, stating:
“It’s important that the community is given a chance to understand the reasoning behind changes that negatively affect the user experience, such as raising gas costs and limiting refunds.”
The post details that Ethereum’s state consists of a Merkle Patricia trie, conceptually likening new accounts on the Ethereum network to new leaves growing on a tree. With the growth of the Ethereum network, increases to gas costs have been implemented from October 2016 to protect against denial-of-service attacks, including the controversial Ethereum Improvement Proposal 1884.
In 2019, Ethereum security researchers Hubert Ritzdorf, Matthias Egli and Daniel Perez teamed up to weaponize an exploit enabled by the recent upgrades, with the attack triggering random trie lookups that could “lead to blocktimes in the minute-range.” A report published that year states that delays caused by the attack will become longer as Ethereum’s state grows, “which allows efficient DoS attacks against Ethereum.”
After various proposals from developers were rejected throughout 2020, Vitalik Buterin teamed up with Martin Swende to author EIP-2929 and EIP-2930 — upgrades that raised gas prices “only for things not already accessed” in order to prevent the attack. The EIPs were introduced alongside the Berlin upgrade on April 15. As such, the blog estimates the Berlin upgrade reduced the effectiveness of the exploit by 50 times.
Ethereum is not the only network to come clean about long-term vulnerabilities after implementing upgrades to protect against said exploits.
In September 2020, crypto researchers Braydond Fuller and Javed Khan published a paper revealing a “high” severity vulnerability for layer-two solutions built on top of Bitcoin, such as the Lightning Network. Despite the vulnerability being introduced and the authors estimating that 50% of Bitcoin nodes were exposed to the vector, the authors did not identify any attempts at exploiting the weakness.