Reports this week show that two mining pools, Etherdig and F2Pool, publish a significant number of empty blocks and make a lot of money. While they are not technically breaking any rules, their actions pose a security risk. Here's how they could do it.
Apparently, some miners of Ethereum are gaining significant advantages by validating empty blocks. On October 2, Alex Svanevik, chief scientist of CoinFi data, published a Medium article with data showing an increasing number of blocks containing zero transactions. At one point, at the end of September, almost three percent of the validated blocks were completely empty. Furthermore, on October 2nd Decrypt Media has published an article showing that the number has continued to rise well above three percent.
While three percent may not seem particularly significant, it is added quickly. The blocking time on Ethereum is about 15 seconds, which means there are about 5,760 blocks added to the chain every day. If three percent is empty, it means that there are 170 empty blocks a day. The block issue is currently set at 3 ETHs. The price of ETH fluctuates, of course, but if you sell for $ 220, then it's almost $ 40,000 a day. Of course, the number of empty blocks per day is floating, but Decrypt MediaThe article points out that it has increased by 637% since September.
Second Decrypt MediaData from a mining pool, Etherdig, produced over $ 850,000 in the last three months "without validating a single transaction. "Another mining pool, F2Pool, estimated to be the third largest of the network, it is also digging empty blocks.
In some circumstances, miners can start extracting an empty block more quickly than the one that includes transactions, leading to faster completion. This gives the miners empty blocks a competitive advantage, but this practice can potentially slow down the network, which of course is not exceptional and could lead to an increase in gas prices. So as it is, three percent is not so significant that it's a serious problem, but if more miners come into play this could mean disasters for gas costs and network speed.
Or maybe I should say "these hack" because even though both mining pools are validating empty blocks, like Decrypt Media and Svanevik emphasizes that they seem to use different strategies. The most obvious point of difference is that F2Pool mainly blocks blocks containing transactions, whereas Etherdig extracts only empty blocks.
But there is much more. F2Pool seems to make a combination of what is known as selfish mining, SPV mining and mining spy. Etherdig, meanwhile, is likely to SPV and spy mining.
Selfish extraction is bad, perhaps
The term "selfish mining", coined by Emin Gün Sirer and Ittay Eyal in 2013, refers to a strategy that miners can use to earn more block prizes. The practice involves the bifurcation of a blockchain from the main chain and the concealment of new blocks until the privately extracted chain is longer than the main chain. This does not necessarily imply the extraction of empty blocks, but often it does.
A practice called SPV mining allows selfish mining pools to have a leg over the main chain, even if their hash power would not, under normal circumstances, be competitive. If you are a miner, to add a regular block of transaction blocking to the chain, you must have the block's previous block hash to determine if all the included transactions are valid and will not be rejected by the other miners.
This means that if a miner adds a block that contains transaction data, they must also download and validate the rest of the previous block to ensure that their new block does not contain any double spend. However, if someone wants to extract an empty block, they do not need to spend time to download and validate the transaction data from the previous block – they just need to download the block header hash. This is effective because it means that the miners in the pool can start creating the next block before completing the first one. Some selfish miners do it to beat time and make their chain compete longer than the main chain. This is likely to be what F2Pool is doing, because it is creating both blocks containing transactions and empty blocks.
It is also true that some miners will practice SPV mining to add blocks containing transactions to the chain, but this requires that the miner trust the validity of the previous block without having verified it, which could lead to the rejection of that block once the miners out of the pool mining attempt to validate it. Other miners in the same mining basin may hypothetically be more reliable than miners from another pool, but it is still possible for a miner to include double-shopping transactions (which will be rejected by the network) in their SPV-mined block using this method. Therefore, it is not desirable to enter the transaction in the SPV-mined block.
Many people do not think that these approaches necessarily present a huge risk to network security. Of course, if the network is close to its capacity, empty blocks can slow things down, but if they are not, there is no major loss. Probably, blocks extracted from SPVs containing transactions are more risky, especially if combined with selfish mining activities, because if you later find out that the SPV miner has confidence in an hash blocking an invalid block, it may lead to whole series of rejected blocks and all transactions have been canceled.
It could also be said that selfish extraction increases the profitability of the miners, and therefore can encourage participation and increase security. However, if enough miners create empty blocks and sufficient network delays, this could have a significant effect on gas prices.
Spy Mining is probably just bad
The extraction of spies, on the other hand, which is based on the extraction of SPV, is not really exceptional.
Spy Mining describes the situation in which a miner in a pool joins a competitor's pool, but instead of actually participating, simply takes the hash of the block header created by its own pool of hosts and prematurely shares those information with your own native pool. The difference between spy mining and SPV mining is that an SPV miner could have the entire hash of the block from the previous block – or it may have got the hash of the block header from its own pool – but chooses to download only the hash of the block header and solve the problem. A spy miner is also an SPV miner, but a spy miner is necessarily a double agent and a thief.
Just like any SPV miner, an espionage miner can do two things with the hash of the previous block's header: they can undermine a block containing transactions and risk having invalidated it later (but get the transaction fees associated with a complete block), or they can extract an empty block. This could be used in conjunction with a selfish mining, because it would allow a pool of selfish mining activities to start its competitive chain. But again, this would require the spy miner to bet on the reliability of the miner from the previous block. It's possible that F2Pool is doing, but it's not safe.
The problems with espionage extraction are more defined. Selfish extraction combined with espionage extraction is a game of chance; it is a risk that a large number of transactions can be launched when a whole chain of competing blocks is eventually rejected. When used only to extract empty blocks, as Etherdig appears, it is a practice that does not contribute to the network in any way. When a miner spies on the mines, they steal the rewards from the other miners who did the work to create usable blocks containing actual transactions. I'm just a parasite.
The Bitcoin network has had to face problems with spy mining for years. Decrypt Media suggests that Ethereum could be inspired by changes to the Bitcoin code of 2016 which made it more difficult for miners to spy on each other. He also emphasizes that the Ethereum community seems to be less inclined to fight bitcoins, so it may not be that difficult to implement the changes. It could be right about this.