Rise of Replay Attacks Intensifies Ethereum Divide

Boiling-Water

The unintended consequences of the ethereum hard fork continued to mount this week as new problems became apparent due to the ongoing popularity of two competing networks.

A week ago, there was one ethereum, a decentralized computing platform that’s drawn outside attention for applying the cryptocurrency concept to develop new Internet applications. But due to a schism in how people think the platform should work, there are now two ethereum networks (ethereum and ethereum classic), both of which use an almost identical history.

The thinking was one blockchain ‘winner’ would quickly emerge and that the other would eventually fall to the wayside. However, both have continued to exist despite these predictions.

At issue is that, by having two separate networks with two separate blockchains, anyone who held funds in the first iteration (ethereum) is now the owner of funds on the second (ethereum classic). Complicating matters is that, for users, both their ETH funds on ethereum and ETC funds on ethereum classic have the same address and private keys.

The present conditions have set the stage for “replay attacks”.

In computer science terms, this simply means a network action that is repeated that isn’t supposed to be. In digital currency terms, when someone broadcasts a transaction using one of the networks, there is a risk that that transaction gets included in both blockchains.

This means users who try to buy ETH today won’t be affected, but anyone who had funds in any contract prior to the fork was essentially duplicated on the other fork.

Ethereum developer Zsolt Felföldi, who works on the platform’s Go implementation, explained that this shouldn’t happen if both networks were taking proper precautions.

“Separating these two networks was never really planned,” he said.

Given the attention paid to ethereum by major banks and financial professionals, the incident has caught the interest of even those outside the open-source blockchain community. To these observers, the situation appears to be a crossroads of indecision.

IBM blockchain leader of the Latin American division Martin Hagelstrom told CoinDesk:

“The problem is that changing these rules imply making a new hard fork. So ethereum is saying [ethereum classic] should do it. And the classic guys are saying that [ethereum creator] Vitalik [Buterin] should have considered it on their hard fork, so they should do it.”

Neither ethereum nor ethereum classic seemed to prepare for the attacks, but the resulting gap in communications means that neither side is really pursuing action.

“They are acting like kids if you ask me,” Hagelstrom added.

‘Attack’ semantics

Users on both the ETC and ETH networks are vulnerable to the “attack,” though there is even disagreement about whether this is an accurate way to describe what’s going on.

For one, it’s unclear whether users could fall into one category or the other, unless they opted out of one network for ideological reasons and chose to sell their ETH or ETC.

Felföldi described it as a necessary inconvenience:

“I wouldn’t say the replay problem is quite an ‘attack’ because this is just something that happens always. No one does this maliciously, I think. This is just some inconvenience. The network wasn’t designed for this situation.”

The biggest risk may be that users “lose” funds by intending to execute a contract with ETH, and by virtue of the address and private key similarities, end up sending ETC as well.

Should this account not be accessible to the user, this could mean additional value is lost in a manner that wasn’t intended.

Exchange impact

At present, it appears that exchanges have been most affected by the vulnerability.

For example, at one time, traders seemed to be using Coinbase’s exchange as a vehicle to get “free” ETC. The steps required to do game the exchange are public, and people appear to be using them. Whether this particular attack vector might have been resolved is unclear, but signs on social media suggest that users have been able to withdraw both currencies today.

Coinbase was unavailable for comment at press time.

In a blog post, Coinbase CEO Brian Armstrong claims that the exchange anticipated the replay attacks, but didn’t expect ethereum classic to be so popular. He claims that they then “began work to nullify the replay attacks.”

Earlier this week, Coinbase announced that it doesn’t plan to support ethereum classic, whether on its wallet service or its new exchange GDAX.

It’s unclear whether this is ongoing, and if it is, who’s paying for it, because it might not even be the exchange.

Coinbase doesn’t appear to be guarding against it, although it’s hard to tell. Coinbase’s Charlie Lee said via Slack that the Ethereum Foundation advised the payment processor not to guard against the replay attacks.

Coinbase, however, isn’t the only exchange impacted.

In a message posted to the exchange’s website this week, BTC-e staff indicated that its ETC holdings had been drained when users transferred their funds to Poloniex, and went as far as declaring that “ethereum classic in the current circumstances is a scam”.

China-based exchange Yunbi said in blog post earlier this week that it had lost 40,000 ETC due to the replay vulnerability. The exchange said that it would effectively eat the losses and pay out ETC balances corresponding to user ETH balances.

Future fix unclear

So how do ethereum users and exchanges guard against it?

One way to get around the risk is to run a transaction through an open-source “splitter contract“, effectively moving ETC to a new account. But this is pretty burdensome as it’s dependent on each exchange or each individual to do for every account that they have.

Poloniex automatically generates new addresses for users so that they can avoid unintentionally sending their ETH or ETC in the mirrored process. Kraken did the same, claiming that if users don’t “split” their ETH and ETC, they can still deposit ETH at the exchange and receive ETH and ETC in their account.

It’s possible to stop this across the network wholesale, rather than trusting exchanges to pull through. If either network incorporated the fix by hard forking their network to update the transaction formats, they could resolve this problem, but neither has expressed plans to do so.

On the other hand, Felföldi mentioned that ethereum does eventually want to update the network to resolve the problem by incorporating the necessary change to the transaction formats in Metropolis, the next version of ethereum, which is due in fall 2016.

The worry is that changing it earlier than that would require yet another hard fork, or moving to a new blockchain, but people are afraid it will be one fork too many.

“We just did one fork. We don’t want to do any more rash updates because it’s dangerous,” he said. “It will probably be here for quite some time.”

Classic project manager Arvicco said that, in his view, the responsibility for resolving the relay vulnerability falls on those who executed the split in the first place.

“The facts are clear, ethereum classic is still keeping a consensus of original legacy network, while those following forked ethereum left this consensus,” he told CoinDesk, going on to argue:

“For the ones forking off (leaving consensus), it stands to reason that they are liable to institute a clean split, and not expect to push the burden to the ones still in consensus.”

Others see the situation persisting because of these entrenched positions.

Peter Vessenes, security expert and Bitcoin Foundation founder, said:

“Creating chaos is clearly a goal for some participants.”