Jelurida co-founder Lior Yaffe claims to have discovered a potential vulnerability in the Ethereum 2.0 testnet – low staking participation could allow the whales to disable the network.
Jelurida co-founder and lead developer of the Ardor and Nxt blockchains Lior Yaffe discovered a vulnerability in Ethereum 2.0. As a reminder, the blockchain is currently running on Medalla and other testnets to check for problems.
Yaffe considered a situation where the level of participation in staking is low, and some “whales” quietly control many accounts. Since the minimum level of participation in staking is 66%, in case a large cryptocurrency holder suddenly leaves the network, this can cause problems.
“Let’s assume that 10% of ETH is currently staking, and user participation in the network is at 75% (which is roughly what we now see on the testnet). In this case, to reduce the participation level by 9% and stop the chain, only control over the 0.9% ETH in circulation is required. This is achievable with the participation of a large whale or a medium-sized exchange, ”said Yaffe.
In Ethereum 2.0, users cannot deposit more than 32 ETH for staking from a single account. However, according to Yaffe, nothing prevents a single user from dividing a large share of coins into 32 ETH chunks stored in different accounts. This will give him the opportunity to participate in the multi-account network, which Jaffe has already observed in Medalla’s testnet block generation.
“Entities that currently control more than 0.16% of ETH – Binance, Coinbase and Vitalik Buterin – will be able to shut down the network at will,” added Yaffe.
The CEO and founder of Etherscan blockchain observer Matthew Tan admitted that such a problem could exist.
“I have not performed any calculations to verify the above, but yes, if user participation falls below 66%, there will be problems with ‘finality’ in the blockchain, as in the previous Medalla testnet incident we witnessed,” he said.
Go developer Raul Jordan, who is working on the Ethereum protocol, said there will be “over 16,384 validators on the Ethereum 2.0 mainnet. Jordan is confident that at the time of the creation of the first block there will be about 25,000 of them, so participation in staking will be above the required level.
As a result, the cost of such an attack would become very high. Jordan said that the participation rate should be around 99%, which means that “an attacker would need control over approximately 25,000 validators, or approximately $ 100 million, to launch an attack that would result in the loss of all funds.