Conference:Network and Distributed System Security Symposium (NDSS)
CCF level:CCF A
Year:2026
Title:
BunnyFinder: Finding Incentive Flaws for Ethereum Consensus
BunnyFinder:发现以太坊共识的激励机制缺陷
Authors:****
Rujia Li (Tsinghua University and State Key Laboratory of Cryptography and Digital Economy Security), Mingfei Zhang (Shandong University), Xueqian Lu (Independent Reseacher), Wenbo Xu (Blockchain Platform Division, Ant Group), Ying Yan (Blockchain Platform Division, Ant Group), Sisi Duan (Tsinghua University, Zhongguancun Laboratory, Shandong Institute of Blockchains and State Key Laboratory of Cryptography and Digital Economy Security)
Abstract:****
Ethereum, a leading blockchain platform, relies on incentive mechanisms to improve its stability. Recently, several attacks targeting the incentive mechanisms have been proposed. Examples include the so-called reorganization attacks that cause blocks proposed by honest validators to be discarded to gain more rewards. Finding these attacks, however, heavily relies on expert knowledge and may involve substantial manual effort.
We present BunnyFinder, a semi-automated framework for finding incentive flaws in Ethereum. BunnyFinder is inspired by failure injection, a technique commonly used in software testing for finding implementation vulnerabilities. Instead of finding implementation vulnerabilities, we aim to find design flaws. Our main technical contributions involve a carefully designed "strategy generator" that generates a large pool of attack instances, an automatic workflow that launches attacks and analyzes the results, and a workflow that integrates reinforcement learning to fine-tune the attack parameters and identify the most profitable attacks. We simulate a total of 9,354 attack instances using our framework and find the following results. First, our framework reproduces five known incentive attacks that were previously found manually. Second, we find three new attacks that can be identified as incentive flaws. Finally and surprisingly, one of our experiments also identified two implementation flaws.
以太坊作为领先的区块链平台,依靠激励机制来提升其稳定性。近期,针对激励机制的攻击层出不穷。例如,所谓的重组攻击会导致诚实验证者提交的区块被丢弃,从而获取更多奖励。然而,发现这些攻击高度依赖专家知识,并且可能需要大量的人工操作。
我们提出了 BunnyFinder,一个用于发现以太坊激励机制缺陷的半自动化框架。BunnyFinder 的灵感来源于故障注入技术,这是一种常用于软件测试中查找实现漏洞的技术。与查找实现漏洞不同,我们的目标在于发现设计缺陷。我们的主要技术贡献包括:精心设计的"策略生成器",用于生成大量的攻击实例;自动发起攻击并分析结果的工作流;以及集成强化学习的工作流,用于微调攻击参数并识别最具盈利性的攻击。我们使用框架模拟了总共 9,354 个攻击实例,并得出以下结果。首先,我们的框架重现了之前人工发现的五种已知的激励机制攻击。其次,我们发现了三种新的攻击,它们可以被识别为激励机制缺陷。最后,出乎意料的是,我们的一项实验还发现了两个实现缺陷。
