While awareness has been recently raised on Ethereum mempool security, the current state of the art lacks a comprehensive understanding of the subject: The only known attack, DETER (CCS'21), is manually discovered, and it remains an open problem whether attacks other than DETER exist that disable the mempool at an asymmetrically low cost. In this paper, we propose automatic exploit generation techniques to discover new mempool-DoS attack. By employing model checking, we discover a new attack pattern beyond DETER. By further leveraging attack synthesis techniques, we generate exploits from the patterns to adaptively bypass defenses adopted in real Ethereum clients. Our evaluation result shows that while the recent Ethereum clients (e.g., Geth V1.10.14 and OpenEthereum V3.3.5) have mitigated the existing DETER attacks, they are vulnerable to the newly discovered attacks that achieve high success rates (88% - 96%) and low costs (as low as zero Gas/Ether).

翻译：尽管近期以太坊内存池安全性引起了关注，但当前最新技术尚未对该主题形成全面理解：已知的唯一攻击DETER（CCS'21）是手动发现的，而是否存在除DETER之外能以不对称低成本禁用内存池的攻击仍是一个开放性问题。本文提出自动利用生成技术以发现新的内存池拒绝服务攻击。通过采用模型检测，我们发现了超越DETER的新攻击模式。进一步利用攻击合成技术，我们从这些模式中生成利用代码，以自适应地绕过真实以太坊客户端中采用的防御措施。评估结果表明，尽管近期以太坊客户端（如Geth V1.10.14和OpenEthereum V3.3.5）已缓解现有DETER攻击，但它们仍易受新发现攻击的影响，这些攻击具有高成功率（88%-96%）和低成本（低至零Gas/Ether）的特点。