Free Transactions Invite Systemic Attacks on Blockchains, Researchers Find

shutterstock_1648251973
11 June 2020

The problem with paying gas to run transactions is that it discourages lots of transactions. The advantage of paying gas to run transactions, though, is that it discourages lots of transactions.

This contradiction is captured well in a new paper examining transactions on EOS, Tezos and XRP Ledger (XRPL) over a seven-month period ending in April. Researchers from Imperial College London and University College London found the overwhelming number of transactions on these three networks either have no value attached or are passing it back and forth within one entity. 

Titled “Revisiting Transactional Statistics of High-scalability Blockchain,” by Daniel Perez, Jiahua Xu and Benjamin Livshits, the report explains these findings in detail.

“Our analysis reveals that only a small fraction of the transactions are used for value transfer purposes,” the authors write. “In particular, 96% of the transactions on EOSIO were triggered by the airdrop of a currently valueless token; on Tezos, 76% of throughput was used for maintaining consensus; and over 94% of transactions on XRPL carried no economic value.”

Read more: A Mysterious Airdrop Called EIDOS Is Clogging EOS to Make a Point

The authors’ latest version came out Wednesday, following up on two prior versions, with this one including several more months of data. It immediately sparked discussion, with its findings that high-throughput blockchains don’t necessarily have a lot of payment activity.

It also illuminated the fact that transparency doesn’t necessarily equal legibility. 

So many records can pile up on a blockchain that needed information can become needles in a very large haystack. As Perez, a Ph.D. candidate at Imperial College London told CoinDesk in an email, “When the level of spam activity is very high, the size of the history gets disproportionately large given the amount of useful activity on the network. This makes such blockchains much more difficult to analyze and reason about.”

That said, the authors’ analysis is based on a careful examination of each blockchain, looking at the kinds of transactions and characterizing what kind of work they represented. Then they looked at the biggest users of the networks, which generally corresponded to most of the usage, and dug deeper into what was going on in their transactions.

As the authors note, there has been a dearth of academic investigation into blockchains besides that of Bitcoin and Ethereum. This analysis of EOS, XRP Ledger and Tezos covers the period from October 1, 2019 to April 30, 2020, using data collected by the open source tool, Blockchain Analyzer. Here’s what they found for each chain.

EOS

Last November, CoinDesk reported on a mysterious airdrop on EOS that gave users an incentive to make as many low-value transactions as they could, called EIDOS, which overall made the blockchain more expensive to use, making it look very much like a denial of service (DoS) attack (also evidenced by the fact that “DOS” is part of the airdrop’s name).

The researchers found that most of the transactions taking place on EOS, at least through the end of April, were related to the EIDOS stunt.

The authors write, “Before the arrival of the EIDOS token, approximately 50% of these are transactions to betting games. … The launch of EIDOS increased the total number of transactions more than tenfold, resulting in 96% of the transactions being used for token transfers.”

To recap: The EIDOS smart contract sends a token to any EOS wallet address that sends it any amount of EOS. The smart contract instantly returns any EOS sent along with the token. The smart contract rewards transactions, not value, so it doesn’t matter how much EOS gets sent. It sends the same number of tokens back no matter what.

EIDOS was worth a little less than $0.02 when we last reported it on it. It currently trades for about $0.0008, according to CoinGecko.

Read more: Tron Dapps Saw $1.6 Billion in Volume in Q1 2019, Driven By Gambling

Additionally, the authors also found that most of the transactions on one of EOS’s large apps, WhaleEx, look suspicious. The WhaleEx website says it is the “#1 Decentralized Exchange in the World,” yet the authors looked at its transactions and found:

"Firstly, and most obviously, we notice that in more than 75% of the trades, the buyer and the seller are the same. This means that no asset is transferred at the end of the action. Furthermore, the transaction fees for both the buyer and the seller are 0, which means that such a transaction is achieving absolutely nothing else than artificially increasing the service statistics, i.e. wash-trading."

WhaleEx could not be immediately reached for comment.

Block.One, the creators of the EOSIO software that runs EOS among a few other blockchains, declined to comment directly to CoinDesk. Instead, they directed CoinDesk to a new Medium post by CTO Dan Larimer, which does not directly address the questions about EIDOS and WhaleEx, but instead dwells on how the report’s authors define throughput.

The paper makes a theoretical argument that the true throughput on each of these chains is very low in terms of transactions with actual value, a point which Larimer disputes. In other words, Larimer emphasizes what EOSIO software could be used for. Potential aside, the researchers’ findings are about what it is currently used for.

Larimer writes:

"How the media chooses to report on this paper will reveal whether or not they have integrity to differentiate technological capability and recognize EOSIO as being the most demonstrably scalable."

Again, Block.One declined to further comment.

XRP

XRP is periodically beset by spam. The authors write:

“The ledger experienced two waves of abnormally high traffic in the form of Payment transactions in late 2019, the first between the end of October and the beginning of November, the second – at a higher level – between the end of November and the beginning of December.”

Why such traffic occurs, however, is unclear. “It remains something of a mystery how such an expensive form of ‘spam’ benefited its originators.”

Ripple’s CTO David Schwartz addressed this point when a prior draft of this paper was under discussion. He wrote in May:

"If you have a cheap, high-capacity public blockchain that was designed for maximum censorship resistance, it's going to get a lot of spam. There's no real disincentive and no authority to stop you. What are you willing to give up to stop it given that it doesn't do much harm?"

That said, they also found that most XRP holders do very little. “The distribution of the number of transactions per account is highly skewed. Over one third (71 thousand) of the accounts have transacted only once during the entire observation period, whereas the 35 most active accounts are responsible for half of the total traffic,” they wrote, though such Pareto distributions are not unusual, especially when money is concerned.

Ripple has not yet provided further comment to CoinDesk on this latest draft.

Tezos

On Tezos, the authors find that most activity on the network is related to governance and staking. 

They write, “Tezos has a high number of ‘endorsements,’ which are used as part of the consensus protocol, and only a small fraction of the throughput are actual transactions.” Further, a large portion of the transactions appear to be bakers (the validators) making payments to users who have delegated XTZ.”

Later, the paper notes:

"Tezos has not yet come close to maximizing its actual capacity."

It does not, however, find suspicious or malicious transactions in any real volume on Tezos. TQuorum, an entity that promotes Tezos, had not yet provided comment as of press time.

In conclusion

As most people who follow cryptocurrency know, the Bitcoin blockchain debuted what’s come to be known as the internet of value. The paper’s analysis then is based on how frequently users actually transfer value, as opposed to making other kinds of transactions. 

It raises questions about whether it is wise to design a blockchain so that valueless transactions are free or nearly free. The authors write:

"While on XRPL the consequences of such a spam attack are limited, on EOSIO they forced the network to enter congestion mode, causing regular users to be unable to use the network because transactions which used to be free started to cost a fee."

In short, the authors write, “The massive potential of those blockchains has thus far not been fully realized for their intended purposes.”

Read the full paper below: