Practical Vulnerabilities in Byzantine Fault-Tolerant Blockchain Consensus Protocols

Blockchain technology has gained widespread use across various industries, including finance and medicine. Private blockchains, particularly those utilizing Byzantine fault tolerant (BFT) protocols, are in high demand by both commercial organizations and governments. This article examines the impact of Denial of Service (DoS) attacks on BFT protocols by consensus participants. While BFT protocols can theoretically tolerate up to one third adversaries in a partial synchronous setting, their practical implementations rely on hidden assumptions of instant message processing time and infinite available memory to store a message queue. These assumptions can become vulnerabilities when a malicious node floods consensus messages. In this paper, we propose a protocol for conducting a Byzantine node DoS attack (BDoS) and demonstrate its feasibility for a popular blockchain framework. We show that even a single adversary can break the protocol by BDoS. After it, we also provide modifications that effectively reduce the attack’s impact, bridging the theory-practice gap for BFT protocols.