IOHK States Cardano (ADA) is Secure Against Fake Stake Attacks Affecting Proof of Stake Blockchains
According to the latest blog by IOHK, a group of researchers including Sanket Kanjalkar, Yunqi Li, Yuguang Chen, Joseph Kuo, and Andrew Miller found a vulnerability in more than 26 proof-of-stake (PoS) crypto implementations. However, Ouroboros protocol-based Cardano blockchain is not affected by this vulnerability due to the “formally-verified approach,” taken during its development.
Explaining the vulnerability, the blog states all the vulnerable system are using PoSv3 which mimics the functionality of PoS system where the creation of a block is proportional to the stake a user has in the system.
PoSv3 allows the users to add additional info to their candidate block in the form of a staking transaction.
“The more tokens they have available to use in their staking transaction, the easier it becomes for them to get a correct hash, and thus earn the right to create the next block.”
It further requires the verification of the hash of the block and the user’s staking transaction. Now, to verify this info, a blockchain node has to refer to the ledger and the history of the ledger. However, the blocks in PoSv3 systems are not validated immediately because it is “neither cached nor cheap to calculate.” These blocks are stored on disk on in memory when “they pass some heuristics.”
Now, the vulnerabilities can be “exploited in a number of ways, but ultimately involve fooling those heuristics and presenting lots of invalid blocks to a node, such that the node runs out of memory and crashes before it can correctly identify that the blocks are invalid.”
Outboros-based Cardano Free from the Flaw, How?
However, as we reported above, Cardano is free from this flaw that is affecting many proof-of-stake (PoS) blockchains. As for why, IOHK says it took a different approach for Cardano.
Instead of PoSv3, which is a modification of the bitcoin code, IOHK “relied on world-leading academics and researchers to create a new protocol and codebase from scratch, with the requirement that it should provide equivalent (or better) security guarantees than bitcoin, but rely entirely on the stakes. The result is the Ouroboros protocol, the first provably secure PoS protocol, upon which Cardano is built.”
Explaining how it is different, at the start of each epoch, which is a group of time slots, a lottery determines who will create a block for every slot. For validating a block, only the leader scheduled for the current epoch is required.
The blog further states the difference is to have a fundamentally different foundation that is based on “multiple peer-reviewed academic papers, and unprecedented collaboration between researchers and developers,” unlike PoS systems, which is modified to take stake into account.
“The formal and semi-formal methods involved in creating the upcoming Shelley release of Cardano ensure that its construction at code level evidently matches the protocol described in the peer-reviewed research papers, building in reliability and security by design – and avoiding the problems of PoSv3, which have arisen as a result of modifying an existing protocol instead of creating a thoroughly proven, bespoke protocol like Ouroboros.”