Blockchain`s Mempool Vulnerability


Anyone who has ever made transactions on the blockchain network has probably encountered the fact that the time between sending and receiving can be up to 10 minutes, and at times of heavy network congestion, the waiting time can increase to several hours, and in some cases even to several days. At the same time, many users are familiar with the phrase: “The transaction is stuck in the mempool.” The mempool, or as it is also called the “transaction pool,” is precisely the place where data is located awaiting further processing. If there is an increase in the size of the mempool, then this indicates that there are more and more outstanding transactions. This, in turn, means that the waiting time for confirmation becomes even longer, and in order to speed up a particular transaction, user will need to pay an additional commission. Today, the mempool is one of the most important part of the blockchain infrastructure. Thanks to mempools, miners can prioritize transaction processing based on fees, and observers can diagnose the network. So, we can conclude that any ordinary user and any miner are interested in having online access to all information of the mempools of the corresponding blockchain. And they can get this opportunity by using, for example, the service

Blockchains and Attacks

Like any technical system, distributed registries can be subject to various types of attacks. These include: Sybil attack, double expense, 51% attack, DDoS attack, mempool overflow, centralization attack. It should be noted that developed blockchains are practically protected from most attacks. An exception is a type of attack such as mempool overflow. Any blockchain can be subject to this attack, but Bitcoin is especially likely to fall victim to it. Below we will touch a little on the topic of mempool overflow.

Based on the definition of the concept of blockchain, it becomes obvious that when mining each new block, information from the previous block, as well as information about new transactions, will be added to it. However, not all transactions can get into the new block, but only a limited number of them. The reason for this is the fact that the size of each block in megabytes is standard, and it does not provide for the ability to cover absolutely all transactions completed within a certain period of time since the previous block. And here the transaction pool comes into play – the mempool, which we talked about above. Each node`s mempool has a huge number of transactions that are waiting to be confirmed. The miner who works with this network selects a certain number of transactions, exactly those that are of interest to him. Most often, miners arrange transactions according to the principle of decreasing commission, and then create for themselves the set of transactions that can fit into the current block. It should be noted that each miner is guided by his own principle for selecting transactions and it is difficult to predict in advance which transactions will certainly end up in the current block. Naturally, it is beneficial for miners to take on transactions with the highest commission first. The reason for this is simple – since significant resources are spent on mining, the miner is interested not only in compensating his costs, but also in receiving additional income.

Mempool Overflow Attack

Let’s imagine that some attacker decided to use a mempool for his attack. To do this, he begins to record myriads of small transactions into the mempool, after which the mempool will overflow. At first glance, nothing terrible will happen to the network, since miners will continue to select transactions based on the principle of the highest commissions. The negative in this situation is that those transactions that are at the end of the queue may never be processed by the miner, since the attacker was able to overflow the mempool.

Let us note once again that with such an attack there will be no problems for the blockchain itself, and the algorithm for selecting transactions by the miner to be placed in the next block will not change. However, overflowing the mempool will have a negative impact on those users who cannot generate high transaction fees. In addition, this situation inevitably leads to various “fermentations” in the market, users begin to show concern and create a certain excitement. The result of this is a feeling of some kind of market instability, which the same attacker can take advantage of.

Which blockchains are most likely to be affected by a mempool overflow attack? Firstly, these are those blockchains that have a limited block size. Secondly, those blockchains for which mining takes a fairly long period of time. In the latest generation of blockchains, in which the generation of each block takes literally seconds, carrying out such attacks is pointless, since all the funds that an attacker uses to create a mempool overflow will immediately go into the network, and the result of the attack will be zero.

Leave a Reply

Your email address will not be published. Required fields are marked *