BunnyFinder: Finding Incentive Flaws for Ethereum Consensus
Rujia Li
Network and Distributed System Security (NDSS) Symposium 2026 · Day 2 · Program Analysis
Ethereum's 2022 shift from Proof of Work to **Proof of Stake (PoS)** moved its security assumption from computational power to economic incentives -- validators are assumed to behave honestly because following the protocol should be economically beneficial. But what if the incentive mechanism itself is flawed? This talk introduces **BunnyFinder**, the first semi-automated framework for discovering incentive flaws in Ethereum's PoS consensus protocol. Instead of looking for code-level bugs, BunnyFinder injects adversarial strategies into protocol execution and uses **reinforcement learning** to adaptively explore which strategies become profitable over time.
AI review
A genuinely novel approach to finding protocol-level economic attacks in Ethereum's PoS consensus using RL-guided adversarial strategy exploration. The 3,000+ incentive flaws out of 9,000 simulations is a striking hit rate that suggests the incentive design is far more brittle than assumed. The Staircase-2 and Periodical Vector attacks are practical, the Ethereum Foundation acknowledged and funded the work, and the approach of injecting adversarial behaviors rather than code faults is a clean conceptual contribution.