Replay Attacks: What to Consider Before Selling Your Post-Merge ETH Fork Tokens

Ethereum, the blockchain behind the world’s second-largest crypto asset of the same name, will almost certainly split, creating two separate coins running on two separate chains: proof-of-work (PoW) and proof-of-stake (PoS). 

Such a split, often influenced by divergent views among crypto community members, is referred to as a ‘hard fork.’ Or just ‘fork.’ Some Ethereum miners reluctant to get rid of the old consensus mechanism have now signaled plans to ‘fork’ the blockchain once it ‘Merges’.

Forking Ethereum

“The chain will split. Ethereum will continue normally on PoS, and miners will fork it and create $ETHW,” tweeted pseudonymous DeFi strategist Olimpio.

3 days for the Ethereum Merge

ETH will be forked, that’s a fact. Everyone will have ETH and $ETHW in their wallets

Can $ETHW be sold?

Short answer: yes
Long answer: it’s simply an unnecessary risk, and probably not worth it

Here is how to do it – and why you shouldn’t

— olimpio.lens (@OlimpioCrypto) September 12, 2022

What this means, Olimpio explained, is that the entire Ethereum blockchain will have two identical instances – all Ether, ERC20 tokens, and transactions, as well as all DeFi positions will exist in proof-of-work and proof-of-stake.

Users that held ethereum before the Merge may automatically receive a balance of tokens of the new proof-of-work forks in their wallets. The process of claiming these tokens will vary depending on the chain.

Assets on a centralized exchange such as Poloniex or Coinbase will likely receive the forked tokens without much hustle, should the exchange decide to list those specific tokens.

Olimpio cautioned that while forked tokens can be bought or sold, “it’s probably unnecessary risk and probably not worth it.” He expects PoW Ethereum forks to collapse right after the Merge because “miners promoting PoW ethereum don’t seem very competent.”

Or you could fall victim to unintended replays, he says.

What are replay attacks?

According to experts, a replay attack happens when bad actors sneak up on a secure network connection and intercept it, giving them access to delay or resend another data transaction to subvert the receiver.

In the context of the Merge, replay attacks are a realistic possibility. “Transactions signed and submitted to the PoS and PoW chains will be identical and can be executed on both chains,” Web3 security firm Quantstamp Labs explained in a blog post.

This could have multiple consequences. Users might sign away their non-fungible tokens or ERC20 tokens on decentralized exchanges (DEX) to an attacker unawares. Essentially, any transaction on Ethereum could be affected, it said.

For example, imagine you send 100 proof-of-stake ether to an exchange like Poloniex to sell, Olimpio says a bot can send your 100 real ETH on the Ethereum mainnet to the same Poloniex address.

“In this particular example, what will happen is that funds might not be lost forever (since Poloniex holds all the keys), but chaos and uncertainty will most likely occur, driving attention away from the real, tangible, and important milestone accomplished that day [the Merge],” he stated.

However, “attackers cannot freely withdraw assets from user accounts following the Merge without the users themselves creating suitable conditions for the attackers.”

Quantstamp said this was an issue at the protocol level, “regardless of whether the account’s private keys are managed by a hot wallet (such as MetaMask), a hardware wallet, or a custody provider…”

How to avoid unintended replays

“I would 100% stay out of ETH proof-of-work,” Olimpio advised. However, for those users that ‘insist’ on interacting with PoW fork tokens, it is possible to protect against unintended replays.

Ensure that transactions signed on one chain (PoW or PoS) will naturally fail if replayed on the other chain. To do that, Quantstamp Labs suggested moving all assets on both chains to new accounts dedicated to those chains. It is the most effective approach, it says.

Olimpio explained how.

“After the Merge, send your ETH on proof–of-stake from your main wallet to a second wallet you control. Now you send your proof-of-work ether to Poloniex to dump. If someone tries to replay this on PoS, the transaction will fail since you already moved it before to your second wallet.”

The transfer will need to occur on both the PoW and PoS chains. “If it occurred on only one chain, an attacker could replay the transfer on the other chain and execute the attack the exactly same way,” Quantstamp added.

It discounted the use of nonces as a sufficient fix for replay attacks. A nonce is a number in the sequence of transactions sent by an account over the Ethereum network. The very first transaction from an account has nonce 0. Every transaction after that increases the nonce by 1, meaning there can be no gaps.

Nonce divergence proponents argue that if one chain advances the nonce for an account, the other chain will be behind in the transaction sequence, and therefore, the attempt to replay transactions would fail because of the gap in the nonces.

But “if the attacker is able to execute transactions on the other chain and make the nonces of the account match, replays would be possible again,” said Quantstamp.

What will the fork mean for ETH on layer two protocols?

“Nothing. All safe. Unaffected,” Olimpio asserted.

A layer two (L2) is a separate blockchain that extends Ethereum – meaning it helps to scale the Ethereum blockchain by improving transaction speeds and lowering transaction costs.

There is a total of more than $5.1 billion worth of ETH locked in layer two protocols, as per data from the Ethereum Foundation website.

“Most of the L2s have centralized components to them,” Brian Pasfield, CTO of Fringe Finance, told Be[In]Crypto.

“Therefore I do not think many are considering the risks that Ethereum’s move to PoS poses insofar as it introduces additional attack surfaces for authorities…which will result in transaction censorship,” he added.

For Be[In]Crypto’s latest Bitcoin (BTC) analysis, click here.

The post Replay Attacks: What to Consider Before Selling Your Post-Merge ETH Fork Tokens appeared first on BeInCrypto.

Related Posts

How Crypto Twitter reacted to Kim Kardashian’s $1.26M SEC fine

Some pointed out the regulator’s supposed hypocrisy, others told crypto-influencers to lawyer up, whilst a few poked fun at the reality TV star. The crypto community reacted…

Tether commercial paper exposure now under $50M, says CTO

Tether is also looking to become more transparent, having hired a new accounting firm to conduct regular audit and attestation reports to ensure its stablecoin is properly…

Disclosures Show Shopify’s CEO Bought $3M Worth of Coinbase Shares During the Past 2 Months

Public records show that Shopify’s CEO Tobias Lütke has purchased close to $3 million in Coinbase shares during the last 60 days. Lütke became a Coinbase board…

Biden to Speed up Crypto Regulation as UN Warns of Induced Recession

The Biden administration has urged Congress to accelerate the rollout of a regulatory framework for crypto and digital assets as a United Nations report warns of a…

ARK Invest To Offer Crypto Separately Managed Accounts (SMAs) to Financial Advisors

On October 03, Cathie Wood’s ARK Invest announced a collaboration with Eaglebrook Advisors to offer its first crypto separately managed accounts (SMAs) to financial advisors and wealth…

John McAfee is the Creator of Bitcoin: TikTok Influencer Makes Wild Claim. Or is it?

John McAfee is the creator of Bitcoin. This is the remarkable claim of a TikTok influencer who calls himself Harry the Soul Coach. He says, “John McAfee…

Generated by Feedzy