A security analysis of Avalanche consensus
Spring is coming - When does the snow melt?
In a recent paper authored by Ignacio Amores Sesar and Enrico Tedeschi of the Arctic University of Norway, we formulate the consensus protocol of the Avalanche Network in pseudocode and analyze its properties.
As with so many blockchains, the protocol in the Avalanche Network has only been documented in a whitepaper or a preprint and via the code up to now. We show that Avalanche consensus from the whitepaper has a liveness vulnerability, in the sense that it is open to a denial-of-service (DoS) attack. This vulnerability would make it an easy target for an attacker. We suggest a fix called Glacier in the paper. The Avalanche Network implements another protocol variant and also avoids this problem, as pointed out by the developers. However, there is no security analysis for this variant yet.
For more information, see our preprint When is Spring coming? A Security Analysis of Avalanche Consensus, which is to be published at the OPODIS 2022 conference.