Launching Ethereum proof-of-work hard fork after the temporary execution of Marj on Thursday, September 24, can be accompanied by a big problem. the danger Replay attack and stealing assets from investors who intend to sell their proof-of-work Ethereum tokens. However, there are solutions to protect against these unwanted attacks.
To Report In crypto, blockchain splits that often occur due to differing views among community members of a cryptocurrency are known as hard forks. Some Ethereum miners, unwilling to abandon the proof-of-work mechanism, have announced plans to launch a proof-of-work hardfork 24 hours after the merger.
Ethereum proof-of-work hard fork
A DeFi strategist with the nickname Olimpio wrote on his Twitter:
Blockchain [به ۲ بخش] will be divided. Ethereum will continue down the path of Proof of Stake, with miners forking it and creating Proof of Work Ethereum.
This means that there will be two identical instances of the entire Ethereum blockchain, he explained. In fact, from all Ethereum, ERC-20 tokens, transactions and the (current) state of DeFi programs, two versions of Proof of Stake and Proof of Work will be created.
Users who had Ethereum tokens before the integration; New hardfork tokens will likely automatically receive proof-of-work in their wallets. However, the process of claiming and receiving these tokens will be different depending on each blockchain.
If centralized exchanges such as Binance, Coinbase, and Poloniex decide to list this token, their users will likely receive Ethereum Proof of Work (ETHW) tokens without any problems.
Olympio warned that although hardforked tokens can be bought or sold, selling them would be unnecessary and likely not profitable.
He expects Ethereum proof-of-work forks to die soon after the merger, as the miners promoting the hardfork don’t seem very competent.
However, Olympio says that if you plan to sell these tokens, you may become an unintended victim of replay attacks.
What is a replay attack?
Replay attack (Replay Attack) occurs when an attacker secretly accesses a secure network connection and eavesdrops on it. This allows an attacker to sabotage the receiver by delaying or retransmitting the packet data. (In this attack, the attacker puts his attack in place of the sender and uses the established communication channel.)
Replay attacks are possible after merging. “Transactions signed and sent to the proof-of-stake and proof-of-work chains are identical and valid on both networks,” Web 3.0 security firm Quantstamp Labs wrote in a blog post.
These attacks can have multiple consequences and basically affect every transaction on the Ethereum network. Users on decentralized exchanges may inadvertently sign a transaction that grants an attacker access to ERC-20 tokens or NFTs.
For example, imagine that you send 100 proof-of-work Ethereum to the Binance exchange. In this situation, a bot can also send your 100 Ethereum Proof of Stake on the Ethereum mainnet to the same Binance address.
In this particular example, your assets may not be lost forever and you may be able to recover them because the exchange has all the private keys; But there will most likely be chaos and mistrust, the purpose of which is to divert attention from the real, tangible and important achievement that will be achieved on the day of integration.
However, post-merger attackers cannot freely withdraw assets from users’ accounts unless users provide them with appropriate conditions.
Quantstamp said that this issue occurs at the Ethereum protocol level; Regardless of whether your account’s private keys are held in a warm wallet, hardware wallet, or custodial wallet.
Can we prevent replay attacks?
Olympio said that I will not 100% support Ethereum Proof of Work. However, for those users who insist on using Ethereum Proof of Work tokens, there are ways to prevent unwanted replay attacks.
You need to make sure that your signed transactions on one chain (Proof of Stake or Proof of Work) fail naturally if resubmitted on the other chain.
To do this, Quantstamp Labs has suggested that Transfer all your holdings on both chains to accounts specific to those networks. This is the most effective approach to preventing replay attacks, Olympio says.
How to do this?
After the merge, send Ethereum Proof of Stake from your main wallet to a second wallet that you own. You can now submit your Proof of Work Ethereum to the exchange for sale. Now, if an attacker tries to use your transaction data on the proof-of-stake network, they will fail; Because you have already transferred your Ethereums to the second wallet.
The security company added:
In fact, transfers must be made in both the proof-of-stake and proof-of-work chains. If the transaction only takes place on one network, the attacker can execute the attack in exactly the same way by replaying it on another network.
Nance can be used as an effective solution to reduce the severity of rebroadcast attacks. A nonce is a number in the sequence of transactions sent by a wallet through the Ethereum network. The first transaction sent from each wallet has a nonce number equal to zero, and each subsequent transaction increases the nonce by one number. This means that there are no gaps between Nance numbers.
Proponents of divergence between nances (on two networks) argue that if one blockchain outpaces the use of nances for an account, the sequence of transactions in the other blockchain will fall behind. Therefore, attempts to replay transactions will fail due to gaps in the sequence of nonces between the two networks.
However, if an attacker can perform transactions on another chain and match the account nonces, a replay attack is possible.
Will Ethereum Fork Affect Layer 2 Protocols?
In response to this question, Olympio emphasizes that nothing will happen. All these protocols will be secure and will not be affected by the hard fork.
Each second layer protocol is a separate blockchain that extends the Ethereum network. These protocols are solutions that contribute to the greater scalability of the Ethereum blockchain by improving the speed of transaction processing and reducing the cost of fees.
According to data from the Ethereum Foundation’s website, a total of more than $5.1 billion of Ethereum is locked on Layer 2 protocols.
Brian Pasfield, Chief Technology Officer of Fringe Finance, told BIncrypto: “Most layer 2 protocols have centralized components.”
I don’t think many people are aware of the risks that Ethereum’s move to Proof of Stake will create. By expanding the attack surface for the authorities (lawmakers), this can open their hands in censoring Ethereum transactions using second layer solutions.
Read more: 3 fraud methods that have become common on the eve of the Ethereum update