Replay Attacks: What to Consider Before Selling Your Post-Merger ETH Tokens

Ethereum, the blockchain behind the world’s second largest crypto asset of the same name, will almost certainly split, creating two separate coins running on two separate chains: proof-of-work (PoW) and proof-of-stake (PoS).

Such a split, often influenced by differing views among members of the crypto community, is called a “hard fork.” Or just “fork”. Some Ethereum miners reluctant to get rid of the old consensus mechanism have now announced their intention to “fork” the blockchain once it “merges”.

Forge Ethereum

“The chain will separate. Ethereum will continue on PoS as normal, and miners will fork it and create $ETHW,” tweeted DeFi strategist pseudonym Olimpio.

What this means, Olimpio explained, is that the entire Ethereum blockchain will have two identical instances – all Ether tokens, ERC20 and transactions, and all DeFi positions will exist in proof-of-work and proof. of attendance.

Users who held Ethereum before the merger can automatically receive a token balance from the new proof-of-work forks in their wallets. The process for claiming these tokens will vary depending on the channel.

Assets on a centralized exchange such as Poloniex or Coinbase will likely receive the forked tokens without much fuss, should the exchange decide to list those specific tokens.

Olimpio warned that while forked tokens can be bought or sold, “it’s probably an unnecessary risk and probably not worth it.” He expects PoW Ethereum forks to crash right after the merger because “miners promoting PoW Ethereum don’t seem very competent.”

Or you could fall victim to unintended replays, he says.

What is a replay attack?

According to experts, a replay attack occurs when bad actors sneak onto a secure network connection and intercept it, giving them access to delay or resend another data transaction to subvert the receiver.

In the context of the merger, replay attacks are a realistic possibility. “Transactions signed and submitted to both PoS and PoW chains will be identical and can be executed on both chains,” Web3 security firm Quantstamp Labs explained in a statement. blog post.

This could have multiple consequences. Users can cede their non-fungible tokens or ERC20 tokens on decentralized exchanges (DEX) to an unaware attacker. Essentially any transaction on Ethereum could be affected, he said.

For example, imagine you send 100 proof-of-stake ether to an exchange like Poloniex to sell, Olimpio says a bot can send your 100 real ETH to the Ethereum mainnet at the same Poloniex address.

“In this particular example, what will happen is that the funds may not be lost forever (since Poloniex holds all the keys), but chaos and uncertainty will most likely occur, hijacking the attention to the real, tangible and important milestone accomplished that day. [the Merge],” he stated.

However, “attackers cannot freely remove assets from user accounts after the merger without users themselves creating suitable conditions for attackers.”

Quantstamp said this is a protocol-level issue, “regardless of whether the account’s private keys are managed by an active wallet (such as MetaMask), a hardware wallet, or a custodial provider. .”

How to avoid unintended replays

“I would 100% stay out of ETH proof-of-work,” Olimpio advised. However, for users who “insisted” on interacting with PoW fork tokens, it is possible to protect against unintended replays.

Ensure that transactions signed on one chain (PoW or PoS) will naturally fail if replayed on the other chain. To do this, Quantstamp Labs suggested moving all assets from both channels to new accounts dedicated to those channels. This is the most effective approach, he says.

Olimpio explained how.

“After the merger, send your proof-of-stake ETH from your primary wallet to a second wallet that you control. Now you send your proof-of-work ether to Poloniex to empty it. If someone tries to replay this on PoS, the transaction will fail since you already moved it before to your second wallet.

The transfer will have to take place on both the PoW and PoS chains. “If this happened on one channel, an attacker could replay the transfer on the other channel and execute the attack exactly the same way,” Quantstamp added.

He ruled out the use of nonces as a sufficient solution for replay attacks. A nonce is a number in the sequence of transactions sent by an account on the Ethereum network. The very first trade in an account has nonce 0. Each subsequent trade increases the nonce by 1, which means there can be no gaps.

Proponents of nonce divergence argue that if one chain advances the nonce for an account, the other chain will be late in the transaction sequence, and therefore the attempt to replay transactions would fail due to the discrepancy in the nuncios.

But “if the attacker is able to execute transactions on the other chain and match nonces on the account, replays would again be possible,” Quantstamp said.

What will the fork for ETH mean on layer two protocols?

“Nothing. All safe. Unaffected,” Olimpio claimed.

A layer two (L2) is a separate blockchain that extends Ethereum, meaning it helps scale the Ethereum blockchain by improving transaction speeds and reducing transaction costs.

There is a total of over $5.1 billion worth of ETH locked in layer two protocols, according to data from the Ethereum Foundation website.

“Most L2s have centralized components,” Fringe Finance CTO Brian Pasfield told Be[In]Crypto.

“Therefore, I don’t think many consider the risks posed by Ethereum’s move to PoS as it introduces additional attack surfaces for authorities…which will lead to transactions being censored,” he said. he added.

To be[In]Crypto’s Latest Bitcoin (BTC) Analysis, Click here.


All information contained on our website is published in good faith and for general information purposes only. Any action the reader takes on the information found on our website is strictly at their own risk.

Comments are closed.