Proof of Authority (PoA) is a type of permissioned consensus algorithm with a fixed committee. PoA has been widely adopted by communities and industries due to its better performance and faster finality. In this paper, we explore the \textit{unfairness} issue existing in the current PoA implementations. We have investigated 2,500+ \textit{in the wild} projects and selected 10+ as our main focus (covering Ethereum, Binance smart chain, etc.). We have identified two types of order manipulation attacks to separately break the transaction-level (a.k.a. transaction ordering) and the block-level (sealer position ordering) fairness. Both of them merely rely on honest-but-\textit{profitable} sealer assumption without modifying original settings. We launch these attacks on the forked branches under an isolated environment and carefully evaluate the attacking scope towards different implementations. To date (as of Nov 2021), the potentially affected PoA market cap can reach up to $681,087$ million USD. Besides, we further dive into the source code of selected projects, and accordingly, propose our recommendation for the fix. To the best of knowledge, this work provides the first exploration of the \textit{unfairness} issue in PoA algorithms.
翻译:当局的证据(PoA)是固定委员会的一种允许的协商一致算法。 《PoA》已被社区和行业广泛采用,因为其业绩更好,最终性更快。 在本文中,我们探讨了当前《PoA》执行中存在的\ textit{unfairness}问题。我们已经调查了2500+\ textit{在野外}项目,并挑选了10+作为我们的主要焦点(覆盖Etheum、Binance智能链等)。我们已经确定了两种类型的命令操纵攻击,以分别打破交易水平(a.k.a.交易订单)和区块级(海员职位订单)的公平性。它们都仅仅依靠诚实但/ textitilitive{bilty} 封印假设,而没有修改原始设置。我们在孤立的环境中发动了这些袭击,并仔细评估了不同执行的打击范围。截至2021年11月,可能受影响的《PoA》市场上限可能高达681,087亿美元。此外,我们进一步潜入选定项目的源代码,并因此提出我们关于修正的首期探索问题的建议。