$2.6 M | Security Challenges behind the Ridiculously ETH Transaction Fee

Image for post
Image for post

Translator: Jade

Weeks ago, three transactions in a roll with abnormal fees were spotted on Ethereum and shocked the whole crypto community. The three transactions involve relatively low amounts of transfer but exceptionally high transaction fees, with the highest one exceeding 2.6 million dollars. Now, let’s take a close look at the transaction fee on ETH, and analyze what exactly went wrong.

Why do we have transaction fees? The reason why transaction fees exist is to incentivize nodes and minors on the chain and prevent unnecessary small transactions. When conducting a transaction, the user needs to pay a certain amount of fee. Otherwise, the transaction will not be complete.

How to Calculation Transaction Fees

Transaction fees on ETH are called Gas, the resources consumed in a transaction. In transaction records on Etherscan, there are terms including Gas Limit, Gas Used by Transaction, and Gas Price. They refer to the maximum Gas that can be consumed in a transaction, the Gas actually consumed in a transaction, and the price of Gas per unit respectively.

Gas Limit is set to prevent contract bugs or vicious attacks leading to high Gas consumption. Once the Gas consumed exceeds the Gas Limit, minors will stop executing the command and stop loss. It can be viewed as insurance, terminating the transaction once the amount of Gas consumed is higher than the Gas Limit. The actual amount of Gas consumed is lower than the Gas Limit and the exceeding part will be refunded. Gas Used by Transaction is usually related to settings in the contract.

The unit of Gas Price is Gwei, and 1 ETH equals 1 billion Gwei. In general, Gas Price is very low and the creation of Gwei is to better and conveniently represent an insignificant amount of ETH. For instance, Gas Price in a transaction is set as 0.000000012 ETH, which is 12 Gwei, a simpler and better representation.

As shown in the screenshot above, a transaction fee is determined by Gas Used by Transaction and Gas Price, which can be demonstrated as follows: Transaction fee = Gas Used by Transaction * Gas Price. When you set a high Gas Price for a transaction, miners are likely to process your transaction first, and hence, your transaction will be confirmed quickly.

How to Set a Transaction Fee

Usually, users need to set two parameters when conducting a transaction: Gas Limit and Gas Price. Gas Limit is calculated by algorithm and Gas Price is normally influenced by transaction speed and the current network situation. Nowadays, most mainstream wallet Apps provide users with recommended values.

Token Pocket, for example, will list the transaction fees and estimated time required, corresponding to three different transaction pace: Slow, Recommend, and Fast, according to the current network state. The three-option design caters to users’ different needs and can help reduce the risk of incorrect manual input.

And of course, users can set the value of Gas Limit or Gas Price in Customize and TokenPocket will show the corresponding transaction fee and the time required, which greatly enhances user experience.

Analysis of the High Transaction Fee Incidents

Take the first of the three incidents as an example, whose transaction amount is only 0.55 ETH (around 136.4 USD), with an astonishingly high transaction fee of 10668.73ETH (around 2.6 million USD), which is apparently unreasonable.

High Gas Price caused a high transaction fee in this incident, which is around 0.50803485 Ether, or 500 million Gwei. Was is a mistake when inputting? However, the same thing happened again the very next day with the same address, which overturned the assumption of a typo. When customizing Gas Price, most wallets will remind users of abnormally high value.

Take Token Pocket as an example, when I set Gas Price to be 100 million Gwei, a reminder will pop up telling me it’s too high a value and what a recommended value would be.

With a closer look at the transaction record of the suspicious address, all addresses that trade with it are small accounts and were emptied after the tradings. Hence, there is a possibility that there is money laundering or hacker blackmail involved in this incident.

Assuming money laundering was the case, it would have involved pre-agreement between the address owner and the staking pool. When the staking pool completes the transaction verification and gets the transaction fee, the address owner would claim that it had been a mistake and ask the fee to be refunded. The staking pool could keep a part of the fee and the money laundering would complete. However, this doesn’t quite look like what actually happened. First, money laundering activity is supposed to be low-key and avoid attention as much as possible, which apparently was not the case. Second, there is a high uncertainty when assigning transactions, so the chance to collaborate with staking pools to be evil is really low.

Ethereum co-founder Vitalik addresses the high transaction fee incidents and assumes it was blackmail. His theory assumes that the sending address belongs to a cryptocurrency exchange, to which hackers have “captured partial access to exchange key.” Since they don’t have the full key, “they can’t withdraw but can send no-effect transactions with any gas price.” In essence, the hackers would leverage their ability to send transactions of the kind and “burn” all funds “unless compensated.” It’s important to note that this is just a theory, and what actually happened stays unknown to the public.

Vitalik’s Solution

Vitalik also proposed his solution to the recent incidents — EIP 1559. EIP 1559 is an Ethereum Improvement Proposal aimed at replacing the current fee model with a mechanism that adjusts a base network fee according to the network demand. The current fee model allows users to select the fee they want to pay to expedite their transactions. EIP 1559 can help reduce the frequency of such transactions with a high fee occurring. TokenPocket has a similar function which is friendly to new blockchain users and can help guard our assets.

The Ethereum Column is a big knowledge-sharing platform initiated by TokenPocket. It aims to provide community members with knowledge relating to blockchain and cryptocurrencies, as well as wallets. As a leading global wallet, TokenPocket provides crypto assets management service for millions of users worldwide. Column articles are written and submitted by TP Man and the copyright belongs to the author and TokenPocket. Please cite the source when reposting.

Written by

A leading multi-blockchain wallet based on #EOS #BTC #ETH #TRON #IOST, and etc. Play dapps, trading coins and financing in https://www.tokenpocket.pro

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store