According to Lior Yaffe, a low network participation in Ethereum 2.0 could leave it open to an attack by whales.
Entities with a large amount of ETH could shut down the Ethereum 2.0 network.
As the end of the year approaches, the end of the wait for Ethereum 2.0, phase 0, is also approaching. In the crypto world, this is currently one of the most anticipated events that is triggering quite some hype. However, the developer of the Ardor network, Lior Yaffe, believes that he has found a vulnerability in the upgrade that could further delay the release.
In an interview, Yaffe explained how one of the most repeated concerns, the lack of security and centralization, could become a reality for Eth2.0. Yaffe is a participant in the latest public multi-client testnet for Ethereum 2.0, known as Medalla. While studying some situations that have occurred in the testnet, Yaffe came up with a scenario in which the network is attacked by an ETH whale.
Because of the conditions required for the Ethereum 2.0 net to operate, including a minimum required participation of 66%, Yaffe believes that a single entity could have enough ETH to bring the network below this percentage. This would bring serious consequences for the network and its users, Yaffe explained:
Let’s assume that 10% of the ETH is now staking and that network participation is 75% (which is pretty much what we see on testnet now). In this case to drop the participation rate by 9% to halt the chain only requires control of 0.9% of the ETH in circulation. Certainly achievable by a large whale or a mid size exchange.
Will whales control Ethereum 2.0?
A successful attack on the Ethereum 2.0 network, explained the developer, would require an amount of ETH equal to the difference in the level of participation of the network and the minimum 66% required. However, the malicious entity could face the limitation that prevents a single address from staking more than 32 ETH at the same time.
Yaffe ruled out that this limitation may deter or prevent an attacker from breaching the security of the network. Such an entity or user would only need to move the amount of ETH it controls to many addresses. That way, the malicious actor could still keep control of its ETH and attack the network. As the developer said he has already witnessed this scenario on Medalla. Once Ethereum 2.0 is released, if the amount of ETH stake is low, there will be entities with potentially significant control over the network, as Yaffe added:
Entities that currently hold more than 0.16% of Ethereum tokens, Binance, Coinbase, Vitalik, each one of them now have the right to shut down the network whenever they like.
About the possibility of the vulnerability raised by Yaffe, the developer Raul Jordan disagreed. Jordan believes that the level of participation will be much higher than the minimum required:
(…) more than 16,384 validators at mainnet, my bet is likely around 25,000 at genesis, so the amount needed would be higher.
Jordan stated that the level of participation at launch could be around 99%. Therefore, an attack with the conditions required by Yaffe would be too costly. In that sense, Jordan said that an attacker would need about $100 million to get 33% of the delegated ETH to affect the network. This, Jordan believes, will serve as a major deterrent to anyone who wants to attack the eth2.0 network and, against their own interest, lose a lot of money.