Despite the Ethereum Merge being touted as a major upgrade to the blockchain network, its transition to proof-of-stake theoretically makes it more vulnerable to exploit.
Speaking to Cointelegraph, the security researcher explained that unlike proof-of-work (PoW) systems, a proof-of-stake (PoS) system informs node validators in advance what blocks they will validate, thus enabling them to plan attacks.
The security expert, who asked not to be named, is a blockchain developer and security researcher working on a proof-of-stake layer-2 blockchain.
The researcher explained that an exploit could theoretically occur on the post-Merge Ethereum blockchain if validators manage to line up two consecutive blocks to validate.
“If you control two consecutive blocks, you can start an exploit on block N and finish it on block N+1 without having any arbitrage bot coming in and fixing the price that you have manipulated in between.”
“From an economic security standpoint, [this vulnerability] makes these attacks relatively easier to pull off.”
The expert said that while it’s also possible for miners to validate consecutive blocks in PoW networks — that comes down to “pure luck” and gives the miner no time to plan an attack.
As a result, the security researcher argues that Ethereum will be forgoing some strength in security when the Merge takes effect:
“As we stand right now [with] the Ethereum proof-of-work versus Ethereum proof-of-stake, Ethereum proof-of-work does have stronger security […] and economic guarantees.”
“But that being said […] proof-of-stake [still] has sufficient practical security [and] it doesn’t really matter that it’s theoretically not as secure as proof-of-work. It’s still a very secure system,” he added.
The security expert added that “Ethereum is working on fixing [the consecutive block issue].
It is a hard problem to solve, but if that gets done, then proof-of-stake security will [further] increase [as] they’ll have protection against those attack vectors.”
The Ethereum Merge is finally set to take place on Sept. 15 at about 2:30am UTC, according to Blocknative’s Ethereum Merge Countdown. The transition to PoS is set to make the Ethereum network more scalable and energy-efficient.
