We introduce the Condorcet attack, a new threat to fair transaction ordering. Specifically, the attack undermines batch-order-fairness, the strongest notion of transaction fair ordering proposed to date. The batch-order-fairness guarantees that a transaction tx is ordered before tx' if a majority of nodes in the system receive tx before tx'; the only exception (due to an impossibility result) is when tx and tx' fall into a so-called "Condorcet cycle". When this happens, tx and tx' along with other transactions within the cycle are placed in a batch, and any unfairness inside a batch is ignored. In the Condorcet attack, an adversary attempts to undermine the system's fairness by imposing Condorcet cycles to the system. In this work, we show that the adversary can indeed impose a Condorcet cycle by submitting as few as two otherwise legitimate transactions to the system. Remarkably, the adversary (e.g., a malicious client) can achieve this even when all the nodes in the system behave honestly. A notable feature of the attack is that it is capable of "trapping" transactions that do not naturally fall inside a cycle, i.e. those that are transmitted at significantly different times (with respect to the network latency). To mitigate the attack, we propose three methods based on three different complementary approaches. We show the effectiveness of the proposed mitigation methods through simulations, and explain their limitations.

翻译：我们提出了一种名为Condorcet攻击的新型威胁，该攻击专门针对公平交易排序。具体而言，这种攻击破坏了批处理顺序公平性（batch-order-fairness），这是迄今为止提出的最强交易公平排序概念。批处理顺序公平性保证：如果系统中大多数节点先收到交易tx再收到tx'，则tx应在tx'之前排序；唯一的例外（由于不可能性结论）是当tx与tx'落入所谓的"Condorcet循环"时。此时，tx、tx'以及循环内的其他交易被归入同一批次，批次内部的不公平性将被忽略。在Condorcet攻击中，攻击者试图通过向系统施加Condorcet循环来破坏系统的公平性。本研究表明，攻击者仅需向系统提交最少两笔原本合法的交易，即可强制形成Condorcet循环。值得关注的是，即使系统中所有节点均诚实行为，攻击者（例如恶意客户端）仍能实现这一点。该攻击的一个显著特征在于，它能够"捕获"那些本不会自然落入循环的交易——即那些（相对于网络延迟）在显著不同时间传输的交易。为缓解此攻击，我们提出了三种基于互补思路的方法。通过仿真实验证明了所提缓解方法的有效性，并分析了其局限性。