2025-06-13 –, Cinema 6
Proof-of-stake consensus protocols often rely on distributed randomness beacons (DRBs) to generate randomness for leader selection. This work analyses the manipulability of Ethereum's DRB implementation, RANDAO, in its current consensus mechanism. Even with its efficiency, RANDAO remains vulnerable to manipulation through the deliberate omission of blocks from the canonical chain. Previous research has shown that economically rational players can withhold blocks - known as a block withholding attack or selfish mixing - when the manipulated RANDAO outcome yields greater financial rewards.
We introduce and evaluate a new manipulation strategy, the RANDAO forking attack. Unlike block withholding, whereby validators opt to hide a block, this strategy relies on selectively forking out an honest proposer's block to maximize transaction fee revenues and block rewards.
In this paper, we draw attention to the fact that the forking attack is significantly more harmful than selfish mixing for two reasons. Firstly, it exacerbates the unfairness among validators. More importantly, it significantly undermines the reliability of the blockchain for the average user by frequently causing already published blocks to be forked out. By doing so, the attacker can fork the chain without losing slots, and we demonstrate that these are later fully compensated for. Our empirical measurements, investigating such manipulations on Ethereum mainnet, revealed no statistically significant traces of these attacks to date.
In Proof-of-stake Ethereum leaders (aka block proposers) are selected by a distributed randomness beacon (DRB) protocol called the RANDAO. If Ethereum's leader selection algorithm was fair, then a validator with X% of the stake would obtain, on average, X% of the proposed blocks. However, economically rational validators can manipulate the RANDAO, in order to increase their share of the proposed blocks, thus, increasing their profit, i.e., transaction fees, block rewards, and MEV. In this talk, we describe a new attack against Ethereum's RANDAO and investigate whether these manipulation strategies happened on Ethereum main net as of May, 2025.
István András Seres is a research assistant at Eötvös Loránd University. He is interested in the security and privacy challenges of cryptocurrencies. He completed research internships at IMDEA Software in 2021 and at a16zcrypto in 2023. He obtained his PhD in computer science in 2024.