Frontrunning Block Attack in PoA Clique: A Case Study

In this paper, we propose a frontrunning block attack against the Clique-based Proof of Authority (PoA) algorithms. Our attack can frontrun blocks from honest in-turn sealers by breaking the leader rotation’s proper order. By falsifying the priority parameters (both difficulty and delay time), a malicious non-in-turn sealer can always successfully occupy the leader position and produce advantageous blocks that may contain profitable transactions. As a typical instance, we apply our attack to a mature Clique-based project, HPB (with the market cap $10,128,116, as of Jan 2022). Experimental results demonstrate the effectiveness and feasibility. Then, we further propose fixes by checking sealer’s identity. Our investigation and suggestion have been submitted to its official team. We believe this work can act as, at least, a warning case for Clique variants to avoid repeating such design mistakes.