According to research performed by the Decentralized Systems Lab some Proof of Stake blockchain networks using the UTXO model along with the consensus rules of longest chain are at risk of malicious activity overloading and crashing masternodes on the networks relatively easy. This vulnerability called “fake stake” attacks is typical for PoSv3 cryptocurrency networks.
What is a “Fake Stake” attack?
Masternodes by default have to be a full node in the first place. In order to explain what “fake stake” attacks are and how they work, an explanation on a specific difference between Proof-of-Work and Proof-of Stake consensus methods has to be made.
In the Proof of Work networks, masternodes periodically query the network regarding the information in the blocks is relative and correct. When a node needs to go back and re-confirm older blocks it queries the network for the history of the blockchain and that way, it avoids the risk of being fed bogus information before relocating resources towards validation of the block and storing it in its RAM or hard drive.
On the other hand, some Proof of Stake networks are susceptible to these types of attack as they do not check the blocks and information before allocating resources. The node directly accepts the block into its RAM memory and later into the hard drive. Here comes the main difference between the Proof of Work and some Proof of Stake nodes. While the Proof of Work nodes tend to “forget” previous blocks, needing only the current and previous blocks, the Proof of Stake node always keeps the full history of the blockchain on its hard drive and immediately accepts blocks in its RAM. That is how the bloat of information happens and how a node can be deliberately crashed.
How Do “Fake Stake” Attacks Affect Masternodes?
Most masternodes are connected to a lot of peers and process information all the time either as a validator or as a provider of services such as InstantSent, PrivateSend etc. Additionally, most users host their masternodes on a VPS server that covers the minimum requirements or run several nodes on one VPS.
With that said, a malicious entity, with little to no investment and the appropriate software can overload nodes in the Proof of Stake network with bogus/junk information and the masternodes will just start using their computing resources. This way extensive bloating is created and eventually completely crashing and taking down the node. This is easily possible to carried out on a large scale with just a small resource investment.
Fortunately, most blockchain networks have already released or will soon release updates that negate these loopholes. If you haven’t updated your wallets yet, it is strongly recommended to do so soon.