The Ethereum blockchain experienced a seven-block reorganization, or fork, yesterday. This is a significant event that has implications for the network’s stability.
According to core developer Preston Van Loon, this reorganization is caused by the Proposer Boost fork choice not being fully deployed on the network. This will likely require changes to consensus client software.
Decreased Rate of Block Production
While short 1-2 ethereum re-orgs are fairly common on Proof of Work Ethereum due to network latency or unintentional block production race conditions, reorgs longer than this can be caused by an extreme event like network failure, client bugs, or malicious attacks. These reorgs can knock a block off the canonical chain, essentially stealing it from users and businesses that have built on top of it. This can result in lost transaction data and significant costs for those businesses that have been paying fees or MEV to the canonical chain.
It is not possible to prevent reorgs completely, but there are some things that can be done to reduce the frequency and duration of them. One way is to make the existing longest chain the canonical one. This can be achieved by passing blob transaction data from the consensus layer (CL) to the execution layer (EL), which can then cache and resurrect these transactions in the case of a reorg.
Another way to mitigate reorgs is to ensure that all miners are incentivized to build on the longest chain. This can be done by making it expensive to mine on the shorter chains, for example by slashing stakes if it is proven that a validator created multiple blocks in their turn. This may discourage attackers from trying to attack the chain and will likely lead to fewer long reorgs, but it is not a complete solution.
Lastly, it is important to have enough slashing capacity on the network so that it can quickly react to any attackers and ensure that the canonical chain remains safe and secure. Fortunately, this is being worked on by the Ethereum Foundation in the form of the “Emergency Merge” feature.
Ultimately, the best solution is to continue working on bringing us closer to PoS. The transition to this fork would not only reduce the chance of long reorgs, but it will also align incentives against malicious behavior by removing the reward that miners receive for building on the existing canonical chain. This will also help protect settlement assurances and make the system more resilient to 51% attacks.
Decreased Settlement Assurances
A reorg is bad for a blockchain because it can cause users to lose their cryptocurrency. For a network like Ethereum that hosts many tokens and contracts, this can be devastating. It can also devastate the confidence in the system that users have. If they can’t trust the chain, they won’t want to hold any assets there.
On the Proof of Work Ethereum network, reorgs happen quite regularly. The Ethereum explorer etherscan shows them at the rate of about five per hour, and they often reach deep into the chain. It’s much more common on this platform than on Bitcoin, where forks are typically resolved by miners sticking to one of the two competing chains.
Reorgs are almost always caused by extreme network failure or client bugs. In rare cases, malicious actors can gain control of 51% of the mining power and manipulate the blockchain to their advantage. This can be done by creating a new blockchain with their favored transactions that overwrites the existing chain. This is known as a double spend attack, and it’s a major reason why some people are wary of cryptocurrencies.
The most significant preventive measure is improving the security of the system. Implementing a variety of network security measures, such as enhanced consensus protocols and checkpoints can mitigate the risk of reorgs and improve the robustness of the system. Also, encouraging miners to diversify their mining operations and geographical locations can reduce the probability that a single miner gains 51% of the network’s hashpower and launches an attack.
Another preventive measure is to improve the incentives for honest behavior on the Ethereum network. Stakers and miners have an explicit (stakers) or implicit (miners) long position in ETH, so attacking the network in ways that damage user trust would be against their best interests. Rushing the Ethereum Merge to transition to proof of stake would be high-risk and expensive, but a credible commitment to an emergency merge in the face of widespread reorg attacks could help align incentives against such behavior.
A final preventive measure is addressing the root causes of the reorgs. For instance, the current reorg on the Beacon Chain can be attributed to a faulty attestation scheme on FFG Casper. The solution is to fix the issue and ensure that nodes are able to reliably determine which block is canonical without relying on an attestation scheme that has been proven to be unstable.
Decreased Security
In addition to the memory and disc overhead of transitioning over to a new fork, state updates involved in reorgs can cause replay protections to be reverted. This leaves users with fewer assurances that their transactions will be executed correctly. Businesses, like exchanges, can also be left wondering if the transaction context will change, making them less likely to accept deposits from users.
Reorgs are a natural part of blockchain operation, but they can be used for malicious purposes. They highlight the need for robust network design and active community vigilance to detect and respond to threats.
Fortunately, the reorg that caused issues on Polygon this week was a result of bad luck rather than an attack. Core Ethereum developer Preston Van Loon speculated that it may have been due to an implementation of the Proposer Boost fork, which gives priority to certain proposers over others. This was a possible cause, but as other developers pointed out, the odds of such an event happening on a network with over 11,000 validators were slim to none.
However, the reorg is still a reminder that attacks can happen and that the blockchain needs to be constantly monitored. While many of the solutions for these kinds of incidents have already been discussed, there is more that could be done to ensure security.
One of the most effective ways to prevent attacks is through the use of strong consensus protocols, such as multi-signature wallets and time locks. These help to discourage attackers from immediately spending their stolen funds and give the network time to identify and act on any suspicious activity.
Another way to increase security is through ensuring that the validator base remains diverse. By encouraging a variety of miners and validators from different systems and geographies, the risk that a single entity could control the majority of the network is decreased.
Finally, increasing the economic finality of a block through additional attestation methods can also reduce the chances of an attack. At the moment, this is provided by FFG Casper, which adds an epoch where “source” and “target” votes from attesters are tallied up to determine whether a checkpoint block should be finalized. This will be replaced with an epoch that uses the finality of the previous epoch as the basis for the new one, which should further reduce the likelihood of attacks succeeding.
Decreased User Experience
On the Ethereum network, reorganizations happen at a rate of around 5 per hour. Those reorganizations cause delays and uncertainty for users. They also impact businesses like exchanges that rely on timely transaction confirmations. Ultimately, these reorganizations can negatively affect the value of cryptocurrency and damage user confidence in the blockchain.
A reorg is an event in which a block that was previously part of the canonical chain gets knocked out by a competing block on another fork. This can occur due to network failure, client bugs, or malicious attacks. In these cases, a longer, newer chain is selected as canonical, and the older, shorter chain is abandoned.
Reorgs can also happen when two groups of validators have different views of the correct chain. In this case, the chain that the majority of validators voted for became canonical. This type of reorganization is known as an ex ante reorg. Recently, Ethereum experienced an ex ante reorg on the Beacon chain. This reorganization was caused by updated clients getting blocks to the network 12 seconds faster than those with outdated client software. Preston Van Loon, a core Ethereum developer, explained that this was an unavoidable side effect of the decision to implement proposer boost in the protocol.
Proposer boosting gives more weight to proposers that submit blocks in a timely fashion. However, if multiple proposals are received in the same time frame, then validators may have differing views of which is the correct chain. This creates the possibility for split views with balancing attacks, which could lead to an ex ante reorg.
These types of reorganizations can significantly reduce the usability of Ethereum and undermine its value proposition as a decentralized, trustless platform. Reorgs can also increase the costs of running nodes in a blockchain network, as transitioning to a new fork requires state updates that can impact memory and disk space usage. Finally, reorganizations can reduce the level of security in Ethereum by allowing attackers to manipulate consensus on fork choice and finality gadgets. This can potentially be used to perform a 51% attack on the Ethereum network.