Protection Against Denial of Service Attack

A DoS attack is typically attempted by flooding the targeted system with transaction requests. For example, a malicious actor may submit a large number of (valid or invalid) transactions from account/s within their control to attempt to overload the network.

Distributed blockchains are, by their nature, less vulnerable to DoS attack, or Distributed DoS (DDoS) attack, than centralized systems. Not only does the aBFT protocol allow for messages to be delayed or lost entirely, but it also makes the chain resilient to DDoS attacks. This relies, of course, on the chain being of a large enough size to provide the "coverage", i.e., to offer true decentralization. This is why the more centralized blockchains have been shut down repeatedly by DDoS attacks. The coin-based system FTM, for example, has functioned on less than 100 nodes securely.

The tokenomics strategy applied by the Netdex system is designed to prevent DDos attacks; see Section 4 Tokenomics. The transaction fee applied to each transaction provides a prohibitive cost to performing DOS attacks. Even a minimal transaction fee means that it is extremely costly to flood the transaction pool.

A variant of the DDoS attack is to overload the validator nodes with a flood of valid events. In the Bob → Alice and Bob → Jill transaction example above, Alice pays the fee for the successful transaction, and Jill does not pay for the unsuccessful attempt. The validator, however, will see its gas power decreased by the gas limit of both transactions – as a penalty for originating conflicting transactions. The gas power value will limit the maximum number of transactions per second (TPS) that may be instigated by a validator, therefore, preventing any validator node from supporting such an attack strategy.

Last updated