SoK: Algorithmic Incentive Manipulation Attacks on Permissionless PoW Cryptocurrencies

• Published in: Financial Cryptography and Data Security. FC 2021 International Workshops pp. 507 - 532
• Main Authors: Judmayer, Aljosha, Stifter, Nicholas, Zamyatin, Alexei, Tsabary, Itay, Eyal, Ittay, Gaži, Peter, Meiklejohn, Sarah, Weippl, Edgar
• Format: Book Chapter
• Language: English
• Published: Berlin, Heidelberg Springer Berlin Heidelberg 2021
• Series: Lecture Notes in Computer Science
• Subjects: Algorithmic incentive manipulation; Bribing; Cryptocurrencies; Front-running; Goldfinger
• ISBN: 3662639572; 9783662639573
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-662-63958-0_38

A long standing question in the context of cryptocurrencies based on Nakamoto consensus is whether such constructions are incentive compatible, i.e., the intended properties of the system emerge from the appropriate utility model for participants. Bribing and other related attacks, such as front-running or Goldfinger attacks, aim to directly influence the incentives of actors within (or outside) of the targeted cryptocurrency system. The theoretical possibility of bribing attacks on cryptocurrencies was discussed early on in the cryptocurrency community and various different techniques and approaches have since been proposed. Some of these attacks are designed to gain in-band profits, while others intend to break the mechanism design and render the cryptocurrency worthless. In this paper, we systematically expose the large but scattered body of research in this area which has accumulated over the years. We summarize these bribing attacks and similar techniques that leverage on programmatic execution and verification under the term algorithmic incentive manipulation (AIM) attacks, and show that the problem space is not yet fully explored. Based on our analysis we present several research gaps and opportunities that warrant further investigation. In particular, we highlight no- and near-fork attacks as a powerful, yet largely underestimated, AIM category that raises serious security concerns not only for smart contract platforms.