F2Pool co-founder Chun Wang has responded to allegations that his mining pool has been manipulating Ethereum block timestamps to “obtain consistently higher mining rewards."
The allegations came from an Aug. 5 paper from researchers at The Hebrew University, claiming the mining pool has been engaging in a "consensus-level" attack on Ethereum over the last two years to gain an edge over "honest" miners.
However, Wang on Twitter responded by saying that “we respect the *consensus* as is”, implying that intentionally exploiting the system's rules doesn’t necessarily mean that rules have been broken.
Earlier this week, the researchers shared what they claim has been the first proof of a “consensus-level attack” on Ethereum, in which miners such as F2Pool have found a way to manipulate block timestamps to consistently get higher mining rewards compared to mining “honestly.”
The research paper was penned by cryptocurrency lecturer Aviv Yaish, software algorithm developer Gilad Stern, and computer scientist Aviv Zohar, alleging that Ethereum mining pool F2Pool has been one of the miners that have been using this timestamp manipulation strategy.
“Although most mining pools produce relatively inconspicuous-looking blocks, F2Pool blatantly disregards the rules and uses false timestamps for its blocks,” said Yaish, adding that the mining pool has been executing the attack over the last two years.
Wang also appeared to own up to evidence presented by Yaish, suggesting that the timestamp manipulation was being done intentionally.
I can’t stop appreciate this elegant implementation of what we’ve done over the past two years.— Chun at 78°N (@satofishi) August 8, 2022
I killed $TRC Terracoin as early as 2013 using a similar timestamp manipulation approach by lower the difficulty to virtually zero. A robust system must withstand all kind of tests. https://t.co/z8pLdLtAU0
F2Pool is a geographically distributed mining pool, which mostly mines blocks on the Bitcoin, Ethereum, and Litecoin networks.
How the ‘attack’ works
According to the researchers, Ethereum’s current proof-of-work (POW) consensus laws include a vulnerability that gives miners a “certain degree of freedom” when setting timestamps, which means that false timestamps can be created.
“For example, a miner can start mining a block now, but set the block’s timestamp to actually be 5 seconds in the past, or 10 seconds in the future. As long as this timestamp is within a certain reasonable bound, the block will still be considered valid, according to Ethereum’s consensus laws.”
The ability to create these false timestamps gives these miners an edge in a "tie-breaking" scenario as a miner can replace another miner’s blocks of the same block height by making the timestamp low enough to increase the block's mining difficulty.
However, the researchers also noted that the vulnerability may be solved after Ethereum transitions to proof-of-stake (POS) after the upcoming Merge on Sept. 19, which utilizes a different set of consensus rules.
"An obvious mitigation technique which will solve both this attack and any other PoW-related one, is to migrate Ethereum’s consensus mechanism to proof-of-stake (PoS)."
"Other solutions which might be smaller in scope and thus easier to implement are to adopt better fork-choosing rules, use reliable timestamps, or avoid using timestamps for difficulty adjustments altogether," the researchers added.