NURGLE: Exacerbating Resource Consumption in Blockchain State Storage via MPT Manipulation
Zheyuan He, Zihao Li, Ao Qiao, Xiapu Luo, Xiaosong Zhang, Ting Chen
IEEE Symposium on Security and Privacy 2024 · Day 2 · Continental Ballroom 6
This talk, titled "NURGLE: Exacerbating Resource Consumption in Blockchain State Storage via MPT Manipulation," introduces a novel and insidious **Denial of Service (DoS)** attack targeting the fundamental state storage mechanisms of popular blockchain platforms like Ethereum and Binance Smart Chain (BSC). Presented by Zheyuan He, a master's student from the University of Electronic Science and Technology of China, alongside collaborators from The Hong Kong Polytechnic University and S group, the research uncovers a critical vulnerability rooted in the widely adopted **Merkle Patricia Trie (MPT)** data structure. The core of the attack lies in strategically manipulating the MPT to inflate its structural complexity, thereby forcing blockchains to consume significantly more computational resources for essential state maintenance and verification.
AI review
This research unveils NURGLE, a truly insidious and novel persistent DoS attack that exploits the Merkle Patricia Trie's structural properties and gas mechanism flaws in platforms like Ethereum. By strategically forcing node splitting, it inflates state storage complexity, leading to an enduring 11% resource overhead. This isn't theoretical; it's a critical, demonstrable vulnerability demanding immediate attention and gas model revisions.