Content pfp
Content
@
0 reply
0 recast
0 reaction

Pawel Pokrywka pfp
Pawel Pokrywka
@pawelpokrywka
Idea: Protecting Your Validator from Attacks During Block Proposal to Prevent MEV Theft Recently, I read a paper on validator deanonymization (linked in the last comment). TL;DR: An attacker could find the IP address used by your validator. Then, when you're about to propose a block with significant MEV (Miner Extractable Value), the attacker can launch a cheap DoS (Denial of Service) attack on your internet connection. You would miss the opportunity to propose a block. The attacker would then DoS the next validator and repeat this until their validator is selected. This would allow them to propose a block, essentially stealing your winning lottery ticket and grabbing all the MEV.
3 replies
0 recast
4 reactions

Pawel Pokrywka pfp
Pawel Pokrywka
@pawelpokrywka
Solo stakers are most vulnerable to these DoS attacks. My idea is to use a public VPN to combat this. If you use a VPN, an attacker targeting your IP performs a DoS attack that stops at the VPN provider's infrastructure (which should be fairly resistant). Your internet connection should remain safe. So far, so good. You're protected - unless you open your ports for incoming connections (which is encouraged because it helps the Ethereum network). If you have your ports forwarded (some VPNs, especially torrent-friendly ones, allow this), the attacker could easily saturate your bandwidth by directing a DoS attack at those ports. The VPN won't protect you in this case. Unless you implement this trick: The moment you know you're going to propose a block, close the VPN ports and re-open them right after the proposal.
1 reply
0 recast
1 reaction

Pawel Pokrywka pfp
Pawel Pokrywka
@pawelpokrywka
You'll be protected against DoS during block proposal. You'll still be vulnerable to DoS during normal attestation, but this is acceptable. There are no economic incentives to attack you under normal circumstances. I'd like to implement a tool to do this, but I probably won't have enough time, so I'm just posting the idea publicly. If someone would like to implement it, there's one thing that needs research: What happens to established connections when you close VPN ports? If they remain alive, then everything would work. Otherwise, the node connectivity will be crippled, causing: - Temporary problems for connected nodes - Potentially prohibiting your node from proposing a block
1 reply
0 recast
1 reaction