Stick a fork in it: Analyzing the Ethereum network partition Lucianna Kiffer Dave Levin Alan Mislove Northeastern University University of Maryland Northeastern University [email protected] [email protected] [email protected] ABSTRACT the inability of member nodes to communicate1) are han- As blockchain technologies and cryptocurrencies increase dled. In traditional distributed systems, network partitions in popularity, their decentralization poses unique challenges are generally a result of connectivity failures or software in network partitions. In traditional distributed systems, net- misconfigurations—i.e., are unintentional—and systems are work partitions are generally a result of bugs or connectivity typically designed to recover from such instances in as auto- failures; the typical goal of the system designer is to auto- matic a fashion as possible. Blockchain-based systems, how- matically recover from such issues as seamlessly as possi- ever, rely on purposeful “hard forks” to roll out protocol ble. Blockchain-based systems, however, rely on purposeful changes in a decentralized manner. If not all users agree “forks” to roll out protocol changes in a decentralized manner. with proposed changes, or not all users upgrade to the new Not all users may agree with proposed changes, and thus software, a persistent network partition can occur between forks can persist, leading to permanent network partitions. the nodes that support the newer version of the protocol and In this paper, we closely study the large-scale fork that those that do not. In this case, there will effectively be two occurred in Ethereum, a new blockchain technology that separate systems running in parallel, each with its own state allows for both currency transactions and smart contracts. and history. In fact, such a persistent fork occurred [4] in Bit- Ethereum is currently the second-most-valuable cryptocur- coin in the summer of 2017, meaning each user who existed rency, with a market capitalization of over $28B. We explore before the fork now has two “copies” of their wallet (one in the consequences of this fork, showing the impact on the the original Bitcoin, another in the new “Bitcoin Cash”) that 2 two networks and their mining pools, and how the fork lead they can spend independently. to unintentional incentives and security vulnerabilities. Ethereum—a blockchain-based system that currently en- joys the second-highest market cap of all cryptocurren- cies [16]—presents an interesting case study for examining 1 INTRODUCTION how blockchain-based systems react to hard forks. Ethereum The use of blockchains—for example, in systems like Bitcoin runs a blockchain of transactions similar to Bitcoin, but and Ethereum—is an increasingly popular approach to build- it does so to implement a distributed virtual machine that ing distributed systems. While currently most well-know as users can execute code on with a custom scripting language. the basis for cryptocurrencies, blockchains have also been Ethereum is of particular interest when it comes to forks proposed to serve as the basis for domain registries [1], med- because in July 2016 the system forked into two partitions, ical records [2], and asset registries [3], just to name a few. both of which still exist today; these two partitions represent Blockchains are, at their core, a mechanism for storing state two versions of the same currency and are dubbed Ethereum across a network of machines without any centralized trust. (ETH) and Ethereum Classic (ETC). Combined with proof-of-work-based limits to generating In this paper, we closely examine the dynamics around blocks (called mining), blockchains can provide a tamper- the ETH/ETC fork to better understand the behavior of the proof way to store information. participants, and the impact a fork has on the security and Unfortunately, the inherent decentralization of blockchain market value of the overall system. Overall, we make the systems poses a challenge in how network partitions (i.e., following observations: (1) Forks can lead to drastic, rapid partitions: ETC experienced a sudden loss of roughly 90% of Permission to make digital or hard copies of all or part of this work for the nodes in its network immediately after the fork. (2) Sta- personal or classroom use is granted without fee provided that copies bilization after forks can take days to occur: It took two days are not made or distributed for profit or commercial advantage and that for ETC to resume producing blocks at the target rate; an in- copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must flux of nodes re-joined ETC over the subsequent two weeks. be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific 1Here, a network partition means nodes can no longer communicate due permission and/or a fee. Request permissions from [email protected]. to a portion of the nodes adopting a new protocol; this is in contrast to a HotNets-XVI, November 30–December 1, 2017, Palo Alto, CA, USA “traditional” network partition where nodes are unable to send messages to © 2017 Copyright held by the owner/author(s). Publication rights licensed each other at all. to Association for Computing Machinery. 2In March 2013, Bitcoin also experienced a short-lived fork due to inconsis- ACM ISBN 978-1-4503-5569-8/17/11...$15.00 tent protocol versions that lasted approximately four hours before develop- https://doi.org/10.1145/3152434.3152449 ers intervened [5]. (3) Forks can persist, with divergent behavior afterwards: Transient forks Due to the distributed nature of blockchain ETC’s mining power has held constant since the fork, while systems, two miners will occasionally mine a block before ETH’s has increased tremendously. (4) The “market” between they are aware of the fact that the other did so as well. In the two networks appears to be operating efficiently, with this case, some of the miners will have different views of the expected return (in USD) on mining being almost identi- what the “real” new block is. However, this situation will cal between the two. (5) The fork unintentionally introduced ultimately be resolved: eventually, one of the two chains will a security vulnerability wherein attackers can rebroadcast become longer as future blocks are mined. Participants will transactions into the other network; this continues to this switch over to the longer chain and abandon the shorter one, day, and we quantify this behavior. (6) Pool-based mining effectively removing the fork. This type of fork is termed behavior in ETC has slowly reached a distribution similar to a transient fork and is not of interest to our study, as the that in ETH. protocol has built-in mechanisms to address it. As the 2017 Bitcoin fork [4] suggests, such network par- Hard forks titions are likely to be a fact of life with digital currencies Systems that use blockchains are often under based on public ledgers. Unfortunately, neither Ethereum nor active development and occasionally need to update the Bitcoin were designed to operate under a persistent fork. We software that nodes run. If these changes are backwards- soft forks believe our study to be an important first step towards better compatible, they are often termed ; in the cases anticipating and handling the unintended consequences of where the chain is not backwards compatible (e.g., if the net- persistent forks. work messages or blockchain data change), they are often termed hard forks. These changes are often rolled out as new software versions. In the case of hard forks, it is typical for 2 BACKGROUND the developers to release the updated software but announce Ethereum is one of the newest blockchain-based systems. a specific block number (or time) at which the change will The goal of such systems is typically to store state in a dis- actually be activated; doing so provides users with sufficient tributed and tamper-proof fashion. Blockchain-based sys- time to upgrade their software before the change happens. tems were first introduced in the 2008 Bitcoin white paper Typically, hard forks are adopted by virtually the entire com- by the pseudonym Satoshi Nakamoto [25]. At its core, a munity; recent events have shown, however, that some forks blockchain is a series of blocks, each containing a record of are not universally adopted. transactions (essentially, state changes) and a reference to the Ethereum, Ethereum Classic, and the DAO In this paper, previous block. Generating a new block is secured by cryp- we look closely at the Ethereum (ETH) and Ethereum Classic topuzzles, where each peer must expend effort to “win” the (ETC) fork, which was caused by a hard fork in July 2016 and right to generate a block. To ensure distributed agreement has persisted to this day. In order to understand this fork, in the case where multiple blockchains exist, participants in one needs to understand the DAO (Distributed Autonomous the network choose to believe the chain that represents the Organization). most work (typically by picking the longest chain). In brief, in April 2016, a collection of smart contracts making up the DAO was created to operate as a decentral- 2.1 Ethereum and forks ized crowdfunding platform for Ethereum projects. Any user Ethereum is different from previous blockchain systems. could send ether to the DAO in exchange for voting power Like Bitcoin, Ethereum is a network of peers (called min- over which projects to fund. However, in June 2016 a ma- ers) who collectively store the entire blockchain containing licious user exploited a vulnerability in one of the DAO’s every transaction that has ever taken place in the network.