Ethereum Security Overview
Ethereum, the most valuable layer-1 (L1) blockchain with a total value locked of $28B (February 2023), is also generally regarded as the most secure L1 on the market today. After all, it has been kicking and steadily growing for over seven years, so it must be doing something right. But is Ethereum as secure as DeFi needs it to be?
In this article, part of our Blockchain Protocols series, we’ll review Ethereum’s security, discuss the potential issues that Ethereum faces, and project how Ethereum might evolve from here.
An Overview of Ethereum’s Security
The most critical factor in any blockchain’s security is its consensus mechanism. These mechanisms are how blockchains agree on a shared state of the digital ledger in a decentralized manner.
In simplest terms, consensus mechanisms are how a decentralized network can trustlessly agree on which blocks to add to the chain. Should the consensus mechanism be exploited, such as in a 51% attack, the damage to the chain is potentially catastrophic.
For the first seven years of Ethereum’s existence, it utilized a proof-of-work (PoW) consensus mechanism similar to Bitcoin. This means that Ethereum was secured by a decentralized network of nodes, known as miners, that competed to solve complex math problems. The network’s security came from the massive amounts of energy required to solve these math problems, as any 51% attacker would need to acquire 51% of the chain’s energy usage, an almost impossible task.
PoW works well, but its energy consumption and expensive hardware requirements that harm decentralization efforts led Ethereum to explore other options. That effort concluded with the completion of The Merge in September 2022, which transformed Ethereum into a proof-of-stake (PoS) blockchain.
This change to PoS is immense for Ethereum. Now, instead of miners, Ethereum is secured by stakers. These stakers stake 32 ETH for the right to be a validator. As validators, they are responsible for ensuring that new blocks are valid. Should they fail to do their job correctly, their ETH stake is slashed (taken from them) and bad validators get removed from the network.
In theory, PoS can be even more secure than PoW.
There are no expensive hardware requirements, which should allow more people to become validators, boosting the network’s decentralization, and by extension, its security.
The possibility of having your ETH slashed should make 51% attacks more costly compared to proof-of-work, as explored in depth by Vitalik here.
A minority user-activated soft fork protects users from a coalition of malicious validators.
Ultimately, regardless of whether it was using PoW and PoS, Ethereum’s security has proven to be quite robust. Unfortunately, there are some potential threats.
Problems with Ethereum’s Security
Although the recent sanctioning of Tornado Cash by the U.S. Treasury Department was considered a gross overreach of power, it did remind crypto of what makes a blockchain special in the first place: censorship resistance and credible neutrality. In other words, the ability of the blockchain to function free of interference from outside actors.
Generally, the way to achieve maximum censorship resistance is to be as decentralized as possible. The more nodes that secure the network, the harder it is for outside actors to attack. This makes sense: it’s much harder to shut down 100 nodes than 1 node. Not much controversy here.
Unfortunately for Ethereum, the network has become centralized in key areas, making the chain vulnerable to censorship.
The first of these key areas is its PoS consensus mechanism. At the time of writing, the majority of staked ETH is controlled by the top 4 validators: Lido, Coinbase, Kraken, and Binance. This means that an outside actor, like the U.S. Government, only needs to attack/pressure/sanction four validators to effectively control Ethereum. It goes without saying that this is not ideal.
The second of these key areas is its MEV-boost relay system. For those unaware, MEV (Maximal Extractable Value) refers to the value that can be gained from block production and block ordering. It’s a complex topic, but what is essential to know is that MEV is widely seen as harmful to the chain.
The most popular way to mitigate the harmful effects of MEV is known as MEV-Boost. Initially built by Flashbots, MEV-Boost is a separate arena where MEV can take place outside of Ethereum, protecting regular users from its negative externalities.
Flashbots and MEV-Boost are great for mitigating MEV but bad for censorship resistance. Because of Flashbots’ dominance over MEV-Boost and their commitment to complying with OFAC, 50% of all blocks added to Ethereum are vulnerable to censorship. Said otherwise, all an outside actor would need to do to censor Ethereum is attack Flashbots. Not what you want to see.
It is clear that Ethereum’s centralization concerning staking and MEV-Boost puts it and the tens of billions of value on the chain at risk of censorship, and thus needs to be addressed ASAP.
So what can be done about it?
Final Remarks on Ethereum’s Security
Unfortunately, not much can be done in the short term to fix Ethereum’s centralization issues. Decentralization doesn’t happen overnight.
However, for the sake of DeFi, Ethereum must beef up its censorship resistance at all costs. It might not be fun, and it won’t be quick, but Ethereum is too important to crypto and DeFi for it to be so vulnerable to censorship.
With the work of the gigabrains over at The Ethereum Foundation, there’s bound to be true decentralization on the way. Let’s hope it happens sooner rather than later.