Ethereum Merge makes network more vulnerable to attack – Security expert

The security expert said that while PoS isn’t “theoretically” as secure as PoW, he admits it still has “sufficient practical security.”

Despite the Ethereum Merge being touted as a major upgrade to the blockchain network, its transition to proof-of-stake theoretically makes it more vulnerable to exploit.

Speaking to Cointelegraph, the security researcher explained that unlike proof-of-work (PoW) systems, a proof-of-stake (PoS) system informs node validators in advance what blocks they will validate, thus enabling them to plan attacks.

The security expert, who asked not to be named, is a blockchain developer and security researcher working on a proof-of-stake layer-2 blockchain.

The researcher explained that an exploit could theoretically occur on the post-Merge Ethereum blockchain if validators manage to line up two consecutive blocks to validate.

If you control two consecutive blocks, you can start an exploit on block N and finish it on block N+1 without having any arbitrage bot coming in and fixing the price that you have manipulated in between.

“From an economic security standpoint, [this vulnerability] makes these attacks relatively easier to pull off.”

The expert said that while it’s also possible for miners to validate consecutive blocks in PoW networks – that comes down to “pure luck” and gives the miner no time to plan an attack.

As a result, the security researcher argues that Ethereum will be forgoing some strength in security when the Merge takes effect:

As we stand right now [with] the Ethereum proof-of-work versus Ethereum proof-of-stake, Ethereum proof-of-work does have stronger security [...] and economic guarantees.

“But that being said [...] proof-of-stake [still] has sufficient practical security [and] it doesn't really matter that it's theoretically not as secure as proof-of-work. It's still a very secure system,” he added.

The security expert added that “Ethereum is working on fixing [the consecutive block issue].

It is a hard problem to solve, but if that gets done, then proof-of-stake security will [further] increase [as] they’ll have protection against those attack vectors.”

Ethereum validators are subject to slashing in PoS, as the consensus rules were designed to economically incentivize validators to correctly validate incoming transactions and any conduct to the contrary would see their ETH stake slashed.

The Ethereum Merge is finally set to take place on Sept. 15 at about 2:30am UTC, according to Blocknative’s Ethereum Merge Countdown. The transition to PoS is set to make the Ethereum network more scalable and energy-efficient.