Arbitrage Attack: Miners of the World, Unite!

Abstract

Blockchain oracles are introduced to mitigate the gap between blockchain-based applications and real-world information. To solve the centralization problem of current oracle systems, many decentralized protocols have been designed. In this paper, we define the basic model for decentralized oracles that rely on unencrypted transactions for verification and adjustment tasks. Furthermore, we introduce Arbitrage attack against such decentralized oracles carried out by rational miners and mining pools. We analyze the attack based on game-theoretic methods. Moreover, we briefly discuss the price of anarchy to demonstrate the characteristic of attackers’ cooperation union under different circumstances.

Appendices

Proofs

Theorem 1

There can be only one winner for the Arbitrage attack no matter success or not.

Proof

In the case of failure, since there can be only one block containing adjustment transaction \(t_a\), therefore this block’s publisher should be the only winner with normal profit A.

In the case of success, each rational mining pool can publish a smart contract in the blockchain including all the transaction it would like to make after the oracle’s output is manipulated. This smart contract has enough time to become valid during the oracle’s verification period. After the output has been changed, the mining pool can propose a newly mined block containing arbitrage transactions set \(t_{arb}\) and exploit all arbitrage opportunities.   \(\square \)

Theorem 2

For a rational mining pool j, its strategy for block i should be the Nash equilibrium strategy for game i.

Proof

The Nash equilibrium strategy at game i for mining pool j should satisfy

$$U_1({T_i}^*) \ge U_1(\overline{{T_i}^*})$$

where \({T_i}^*\) represents the equilibrium strategy and \(\overline{{T_i}^*}\) represents other strategies. Thus a rational mining pool will choose the equilibrium strategy while making decision for block i.   \(\square \)

Theorem 3

The Nash equilibrium strategy for block \(s+1\) is

$$T_{s+1}=(\underset{n}{\underbrace{Y,Y,...,Y}})$$

Proof

According to the attack model, all the rational mining pools will try to mine their own block containing the arbitrage transactions set \(t_{arb}\), so the utility function for a mining pool j can be easily denoted as:

$$U_j(T_{s+1})=\left\{ \begin{array}{rcl} P_jB &{} &{} {Tj_{s+1}=Y}\\ 0 &{} &{} {Tj_{s+1}=N} \end{array} \right. $$

Where \(P_j\) is the hashrate ratio of mining pool j. Therefore, all the rational mining pools will choose to add the transaction to the block.   \(\square \)

Proposition 1

When \(\frac{B}{A}>\frac{1}{P_n}>...>\frac{1}{P_1}\), for a random mining pool j, \({Tj_s}^*=N\), \({T_s}^*=(\underset{n}{\underbrace{N,N,...,N}})\) and \(U_j({Tj_s}^*)=P_jB\).

Proof

For all rational mining pools that participated in the attack, the profit ratio \(\frac{B}{A}\) is larger than the reciprocal of any mining pool’s hashrate. As a result, according to the utility function of two different actions, every mining pool’s Nash equilibrium strategy will be N, which will guarantee the attack will succeed and game \(s+1\) will be conducted, therefore the utility will be \(P_jB\) for a random mining pool j.   \(\square \)

Proposition 2

When \(\frac{B}{A}<\frac{1}{P_1}<...<\frac{1}{P_n}\), for a random mining pool j, \({Tj_s}^*=Y\), \(T_s^*=(\underset{n}{\underbrace{Y,Y,...,Y}})\) and \(U_j({Tj_s}^*)=P_jA\).

Proof

For all rational mining pools that participated in the attack, the profit ratio \(\frac{B}{A}\) is less than the reciprocal of any mining pool’s hashrate. Similarly, according to the utility function of two different actions, every mining pool’s Nash equilibrium strategy will be Y, which will guarantee the attack will fail and game \(s+1\) will be not conducted, therefore the utility will be \(P_jA\) for a random mining pool j.   \(\square \)

Proposition 3

When \(\frac{1}{P_1}<\frac{B}{A}<\frac{1}{P_n}\), w.l.o.g. \( \frac{1}{P_1}<...<\frac{1}{P_R}<\frac{B}{A}<\frac{1}{P_{R+1}}<...<\frac{1}{P_n}. \) Then for a random mining pool j, Nash equilibrium strategy should be

$${Tj_s}^*=\left\{ \begin{array}{rcl} Y &{} &{} {j \ge R+1}\\ N &{} &{} {j \le R} \end{array} \right. $$

and the utility function should be:

$$U_j({Tj_s}^*)=\left\{ \begin{array}{rcl} P_jA+P_{Ns}(j)^*P_jB &{} &{} {Tj_{s}^*=Y}\\ (P_{Ns}(j)^*+P_j)P_jB &{} &{} {Tj_{s}^*=N} \end{array} \right. $$

Proof

According to the utility function, mining pools whose hashrate ratio’s reciprocal is higher than \(\frac{B}{A}\) will choose Y and N for the rest of the mining pools, and the utility can be easily obtained based on their Nash equilibrium strategies.

   \(\square \)

Proposition 4

When \(\frac{B}{A}>\frac{1}{P_n}>...>\frac{1}{P_1}\), for a random mining pool j, \(U_j({Tj_s}^*)=P_jB>A holds\). By mathematical induction, the Nash equilibrium strategy for game i should be \({T_i}^*=(\underset{n}{\underbrace{N,N,...,N}})\).

Proof

According to Theorem 1, for a random mining pool j, \(U_j({Tj_s}^*)=P_jB>A\) holds. Therefore, for game \(s-1\), the Nash equilibrium strategy and corresponding utility can be easily obtained:

$$\begin{aligned} {T_{s-1}}^*&=(\underset{n}{\underbrace{N,N,...,N}})\\ U_j({Tj_{s-1}}^*)&=P_jB>A \end{aligned}$$

Then by mathematical induction, rational mining pools’ Nash equilibrium strategy for every game should be \((\underset{n}{\underbrace{N,N,...,N}})\).    \(\square \)

Proposition 5

When \(\frac{B}{A}<\frac{1}{P_1}<...<\frac{1}{P_n}\), for a random mining pool j, \(U_j({Tj_s}^*)=P_jB<A\) holds. By mathematical induction, the Nash equilibrium strategy for game i should be \({T_i}^*=(\underset{n}{\underbrace{Y,Y,...,Y}})\).

Proof

According to Theorem 2, for a random mining pool j, \(U_j({Tj_s}^*)=P_jA<A\) holds. Therefore, for game \(s-1\), the Nash equilibrium strategy and corresponding utility can be easily obtained:

$$\begin{aligned} {T_{s-1}}^*&=(\underset{n}{\underbrace{Y,Y,...,Y}})\\ U_j({Tj_{s-1}}^*)&=P_jA<A \end{aligned}$$

Then by mathematical induction, rational mining pools’ Nash equilibrium strategy for every game should be \((\underset{n}{\underbrace{Y,Y,...,Y}})\).    \(\square \)

Theorem 4

For a random mining pool j, if its Nash equilibrium strategy for block \(i+1\) is Y, then the Nash equilibrium strategy for block i is also Y.

Proof

Assuming that mining pool j’s Nash equilibrium strategy for block \(i+1\) is Y, then

$$ U_j(T_{i+2}^*)<A $$

Therefore

$$\begin{aligned} U_j({Tj_{i+2}}^*)&<A\\ U_j({Tj_{i+1}}^*)&=P_jA+P_{N(i+1)}(j)^*U_j({Tj_{i+2}}^*)\\&<(P_j+P_{N(i+1)}(j)^*)A \le A\\ \Rightarrow U_j({Tj_{i+1}}^*)&<A \end{aligned}$$

The Theorem is therefore proved.    \(\square \)

Corollary 1

For a mining pool j, it is impossible that the Nash equilibrium strategy for game i is N and Y for game \(i+1\).

Proof

According to Theorem 4, a mining pool’s Nash equilibrium strategy for game i can only be Y, if its Nash equilibrium strategy for game \(i+1\) is Y.    \(\square \)

Corollary 2

\(P_{Ni}(j)^*\) will not decrease with i increase to s.

Proof

According to Corollary , once a mining pool’s Nash equilibrium strategy is N for a game, then its Nash equilibrium strategy will not change to Y in later games. Instead, it is possible for mining pools with Y as Nash equilibrium strategy to change in later games. Therefore, the total hashrate of mining pools with Nash equilibrium strategy N will not decrease with the process of the whole attack.    \(\square \)

Theorem 5

For a mining pool j, if its Nash equilibrium strategy for game \(i+1\) is N and Y for i. Then for any mining pool h with \(P_h < P_j\), there should be \({Th_i}^*=Y\).

Proof

We can prove the theorem with contradiction. Assuming that there is a mining pool h with \(P_h < P_j\), and its Nash equilibrium strategy for game i is N.

According to Theorem 4, mining pool h’s Nash equilibrium strategy for game \(i+1\) should be N, therefore \(U_h({Th_{i+1}}^*)=P_hb\prod _{k=i+1}^{s}(P_Nk(h)+P_h)\) should be greater than A

$$ U_h({Th_{i+1}}^*)>A $$

However, for mining pool j

$$ U_j(T_{i+1}^*)=P_jB\prod _{k=i+1}^{s}(P_Nk(j)+P_j) < A $$

since the Nash equilibrium strategy changes to Y. Notice that

$$ U_h({Th_{i+1}}^*)<U_j(T_{i+1}^*) $$

because \(P_h < P_j\). Then a contradiction happens.   \(\square \)

Corollary 3

With block number i increases, mining pools with more hashrate will change their strategy from Y to N more sooner than mining pools with less hashrate.

Proof

According to Theorem 5, if a mining pool j’s Nash equilibrium strategy is N for game \(i+1\) and Y for i, then in game i the Nash equilibrium strategy for all the mining pools with less hashrate will also be Y, which will not change for the game before i according to Theorem 4. Consequently, with block number i increase, mining pool j’s Nash equilibrium strategy will change from Y to N before the mining pools with less hashrate.   \(\square \)

Corollary 4

There won’t be a Nash equilibrium strategy \({T_i}^*\) for game i where \({Th_i}^*=N, {Tj_i}^*=Y (P_h<P_j)\).

Proof

Corollary 3 shows that with block number i increases, mining pools with higher hashrate will change its strategy from Y to N sooner, besides it is not possible to change from N to Y. Conclusively, there won’t be a Nash equilibrium strategy \({T_i}^*\) for game i where \({Th_i}^*=N, {Tj_i}^*=Y (P_h<P_j)\).   \(\square \)

Corollary 5

When \(\frac{B}{A}>\frac{1}{P_n}>...>\frac{1}{P_1}\), the price of anarchy is \(PoA =1\).

Proof

According to Proposition 4, all rational mining pools will choose N during the whole s blocks period, then

$$\begin{aligned} PoA&= \frac{profit(N \text {for all})}{profit(N \text {for all}}\\&=\frac{B}{B}\\&=1 \end{aligned}$$

   \(\square \)

Corollary 6

When \(\frac{B}{A}<\frac{1}{P_1}<...<\frac{1}{P_n}\), the price of anarchy is \(PoA =\frac{A}{B}\).

Proof

According to Proposition 5, all rational mining pools will choose Y during the whole s blocks period, then

$$\begin{aligned} PoA&= \frac{profit(Y \text {for all})}{profit(N \text {for all})}\\&=\frac{A}{B}\\ \end{aligned}$$

   \(\square \)

Corollary 7

When \(\frac{1}{P_1}<\frac{B}{A}<\frac{1}{P_n}\), the price of anarchy is

$$PoA =\frac{(1-\prod _{i=1}^{s}P_{Ni})A+\prod _{i=1}^{s}P_{Ni}B}{B}.$$

Proof

When \(\frac{1}{P_1}<\frac{B}{A}<\frac{1}{P_n}\), since there will always be mining pools that decide to publish the adjustment contract \(t_a\) during the s blocks and gain profit A, the only situation to obtain profit B is when mining pools whose Nash equilibrium strategy is N successfully mine the block   \(\square \)

Algorithm