1

Asymmetric Mempool DoS Security:

Formal Definitions & Provable Secure Designs

Wanning Ding Yuzhe Tang Yibo Wang

Presentation at IEEE S&P, May 13, 2025

2

3

Transaction Lifecycle

1. User creates a transaction
2. It’s broadcast to the network

4

Introduction: What is Blockchain?

TX

Client

Propagate

Transaction Lifecycle

• User creates a transaction
• It’s broadcast to the network
• Validator nodes store it in the mempool
• Validators select transactions and build blocks

5

Introduction: What is Blockchain?

TX

Client

Propagate

Mempool

Validator

TX

TX

Transaction Lifecycle

• User creates a transaction
• It’s broadcast to the network
• Validator nodes store it in the mempool
• Validators select transactions and build blocks
• Block gets confirmed → transaction finalized

6

Introduction: What is Blockchain?

Block

TX

TX

Client

Propagate

Mempool

Validator

TX

TX

Mempool - critical subsystem in blockchain

• A buffer of unconfirmed txs to feed validators.
• What if a mempool out of service?

7

Introduction: What is Blockchain?

Block

TX

TX

Client

Propagate

Mempool

Validator

TX

TX

Mempool - critical subsystem in blockchain

• A buffer of unconfirmed txs to feed validators.
• What if a mempool out of service?
• Validator collecting near-zero block revenue.
• Web3 users unable to trade.

8

Introduction: What is Blockchain?

Block

TX

TX

Client

Propagate

Mempool

Validator

TX

TX

9

Introduction: Previous Works

K. Baqer, D. Y. Huang, D. McCoy, and N. Weaver. Stressing out: Bitcoin "stress testing". In FC Workshops, 2016.

M. Saad, L. Njilla, C. A. Kamhoua, J. Kim, D. Nyang, and A. Mohaisen. Mempool optimization for defending against DDoS attacks in PoW-based blockchain systems. In IEEE ICBC, 2019.

K. Li, Y. Wang, and Y. Tang. DETER: Denial of Ethereum txpool services. In ACM CCS, 2021.

K. Li, Y. Tang, J. Chen, Y. Wang, and X. Liu. Toposhot: Uncovering Ethereum’s network topology leveraging replacement transactions. In ACM IMC, 2021.

Y. Wang, Y. Tang, K. Li, W. Ding, and Z. Yang. Understanding Ethereum mempool security under asymmetric DoS by symbolized stateful fuzzing. In USENIX Security, 2024.

A. Yaish, K. Qin, L. Zhou, A. Zohar, and A. Gervais. Speculative denial-of-service attacks in Ethereum. In USENIX Security, 2024.

​

Arms race on mempool attacks:

• 1st gen. attack: DETER (CCS 21) & MemPurge (USENIX 24a)
• Quick code fix to mitigate 1st gen. attack
• 2st gen. attack (stealthier): MPFUZZ (USENIX 24b)

How to end this arms race?

10

Introduction: Previous Works

K. Baqer, D. Y. Huang, D. McCoy, and N. Weaver. Stressing out: Bitcoin "stress testing". In FC Workshops, 2016.

M. Saad, L. Njilla, C. A. Kamhoua, J. Kim, D. Nyang, and A. Mohaisen. Mempool optimization for defending against DDoS attacks in PoW-based blockchain systems. In IEEE ICBC, 2019.

K. Li, Y. Wang, and Y. Tang. DETER: Denial of Ethereum txpool services. In ACM CCS, 2021.

K. Li, Y. Tang, J. Chen, Y. Wang, and X. Liu. Toposhot: Uncovering Ethereum’s network topology leveraging replacement transactions. In ACM IMC, 2021.

Y. Wang, Y. Tang, K. Li, W. Ding, and Z. Yang. Understanding Ethereum mempool security under asymmetric DoS by symbolized stateful fuzzing. In USENIX Security, 2024.

A. Yaish, K. Qin, L. Zhou, A. Zohar, and A. Gervais. Speculative denial-of-service attacks in Ethereum. In USENIX Security, 2024.

​

Arms race on mempool attacks:

• 1st gen. attack: DETER (CCS 21) & MemPurge (USENIX 24a)
• Quick code fix to mitigate 1st gen. attack
• 2st gen. attack (stealthier): MPFUZZ (USENIX 24b)

How to end this arms race? Provable defense.

11

12

Eviction Attack: A benign tx is removed due to adversarial tx.

​

Security Definition: Attacks

Mempool

Benign tx0

Validator

Sender

tx0

13

Eviction Attack: A benign tx is removed due to adversarial tx.

​

Security Definition: Attacks

Mempool

Validator

Sender

Adversarial

tx1

Attacker

tx0

14

Eviction Attack: A benign tx is removed due to adversarial tx.

Security Definition: Attacks

Mempool

Validator

Sender

tx1

Attacker

tx0

15

tx1

tx2

Security Definition: An Eviction Attack (of Two Tx)

16

tx1

tx2

Security Definition: An Eviction Attack (of Two Tx)

17

tx1

tx2

tx1

tx2

Security Definition: All Eviction Attacks (of Two Tx)

18

tx1

tx2

tx1

tx2

Security Definition: Mitigating All Eviction Attacks (of Two Tx)

∀ S’ ∈ {S₁₂, S₂₁}, fees(S’) ≥ g(S)

Lower-bound tx fees in reachable mempool states

19

tx1

tx2

tx1

tx2

∀ S’ ∈ {S₁₂, S₂₁}, 21000*price(S’) ≥ g(S)

Security Definition: Mitigating All Eviction Attacks (of Two Tx)

20

21

Secure Design: Admit Tx

tx3

22

Secure Design: Admit Tx

tx3

23

Secure Design: Admit Tx by Price Only (PO)

tx3

∑price: 101

10

24

Secure Design: Admit Tx by Price + Dependency (AP)

tx3

25

Secure Design: Admit Tx by Price + Dependency (AP)

tx3

∑score: 2

11

26

tx3

tx4

tx3

tx4

∑score: 2

30

21

11

30

∑price: 30

Secure Design: Admit Tx by Price + Dependency (AP)

27

28

Evaluation: Security & Revenue Preservation

Security of AP: Validator revenue not decreased under attacks.

Utility preservation of AP: No change of revenue under normal txs.

Insecurity of Geth: Revenue decreases to 0 ETH under attacks.

Implement AP:

• Retrofit over Geth

Experiments:

• Under eviction attacks (USS’24)
• Report validator revenue

29

wding04

@syr.edu

ywang349

@syr.edu

ytang100

@syr.edu

• Presented the first suite of economic security definitions of public mempools on blockchains.

​

• Presented the first provable secure designs of mempool, named saferAD.

​

• Presented a rigid proof of saferAD satisfying our economic security definitions.

​

• Implemented saferAD to show its practicality in low performance and revenue preservation.

Conclusion