Permissionless Proof-of-Stake (PoS) economic security is predicated on the high cost of violating consensus safety or liveness. We show that liquid staking introduces additional risks that are not captured by standard PoS economic security arguments. Through an empirical study of Ethereum data, we find that the operational performance of liquid staking pools is positively associated with subsequent normalized liquid staking token (LST) returns. Motivated by this, we present a cross-layer attack: a low-stake adversary can manipulate the consensus protocol to degrade a target pool's performance and take application-layer positions that profit if the market reprices the corresponding \gls{LST} in-line with the historically observed association. To make the consensus layer manipulation concrete, we develop a deep reinforcement learning (DRL) framework to automatically discover attack strategies. Our evaluation shows that the learned strategies can recover near-optimal theoretical attacks and uncover new manipulation behaviors that significantly degrade target pool performance. We further characterize feasible application-layer monetization channels and analyze leveraged shorting in detail using Monte Carlo simulations, showing that such attacks can be profitable with over one-half probability for LSTs of major staking pools. Our findings reveal a previously overlooked attack surface in PoS systems with liquid staking and expose a gap between consensus and economic security.

翻译：无许可权益证明（PoS）的经济安全性基于违反共识安全性或活跃性的高成本。我们证明，流动性质押引入了标准PoS经济安全论证未能涵盖的额外风险。通过对以太坊数据的实证研究，我们发现流动性质押池的操作绩效与随后的标准化流动性质押代币（LST）收益率呈正相关。受此启发，我们提出一种跨层攻击：低风险攻击者可操纵共识协议以降低目标池的绩效，并持有应用层头寸——若市场按照历史观察到的关联性重新定价相应LST，此类头寸将获利。为使共识层操纵具体化，我们开发了深度强化学习（DRL）框架来自动发现攻击策略。评估表明，学习到的策略可恢复接近最优的理论攻击，并揭示出显著降低目标池绩效的新型操纵行为。我们进一步描述了可行的应用层变现渠道，并利用蒙特卡洛模拟详细分析杠杆做空，结果显示此类攻击对主要质押池的LST有超过一半的概率实现盈利。我们的发现揭示了包含流动性质押的PoS系统中此前被忽视的攻击面，并暴露出共识安全与经济安全之间的差距。