51 large

硬分叉如果出现两个并行链可能会导致重放攻击,建议大家紧跟 winning chain!!

rubyu2 · 于 发布 · 最后由 rubyu2回复 · 867 次阅读



I'd urge the Ethereum community as a whole to drop the losing fork, especially exchanges or other groups that could give financial incentive to keep up with the losing chain.


Short answer: Don't. Not everything is undoable in life, and undoing The DAO hack is hard enough without having to also provide infinitely many options for all time to all users. And there's great value in making the fork choice sticky. Let's converge quickly to the outcome where we are all on one major winning chain.




如果交易所已经在一个chain上支付了某个人,然后在另外一个chain上重新withdrawal会导致相同的花费。同样的任何一个fanction call都可以用这种方式来复制。


  • 51 large

    A Working Cross-Chain Attack With Nonces
    So, to get this working, we need

    A participant on both chains
    A way to iterate the attack victims nonce
    Good timing
    Note that we don't even need an exchange participating on the 'old' chain -- Only the attacker need use both chains. Let's imagine the following participants

    "Modern" Exchange only working on the main chain
    "Principled" Exchange only working on the old chain
    "Attacker" on both chains
    Now, how do we proceed?

    Attacker withdraws from the "Modern" exchange to an address they control on the main chain.
    Attacker replays the withdrawal, and any withdrawals needed to get the nonce up to the correct number on the "Principled" chain.
    The attacker now has the same coins on both chains.
    Attacker sends coins to the "Principled" exchange, sells, and turns those into Bitcoin.
    The universes have been merged, and the attacker has gotten extra value.

    Note that the nonce management is tricky; if the attacker can't get up to the proper nonce, the transaction will be held in the pool. If the "Modern" exchange participates on the "Principled" chain, they can increase the nonces past the withdrawal.

  • 51 large

    Cross-chain replay attacks will force people to either defend themselves against such attacks (as outlined in the next paragraph), or to select one of the chains and stick with that selection. If you don't employ any defenses, you should interact with smart contracts only on the chain where you think the economic majority will be. The fact that the minority chain can be abused via chain hopping provides an incentive to quickly converge to a single unified chain. This is not a bad thing -- it's known as a Schelling point and we should all converge to it.

    非常有意思的一点,少数派的chain会被自然淘汰,因为chain hopping。

  • 51 large
  • 51 large


    在testnet如果有AccountA发送到AccountTest,有人获得了tx之后,如果在public chain上AccountA确实存在funds,就可以使用重放攻击。