Finality Is a Spectrum That Invites Grinding Attacks

A series of 7-block and 5-block reorgs on Ethereum's beacon chain exposed the risks of probabilistic finality under PBS (Proposer-Builder Separation). Attackers exploited MEV arbitrage opportunities by intentionally forking the chain, demonstrating that ~12-second finality is not safe for high-value transactions.

• Attack Vector: MEV-Boost relay manipulation and timing attacks.
• Impact: Undermined trust in L2 bridge security and exchange deposits.
• Lesson: Finality gadgets like Ethereum's Casper FFG are essential, not optional.

Solana's optimistic confirmation model, which prioritizes speed, has led to repeated network-wide stalls and deep forks. Validators vote on blocks before they are finalized, creating a ~2-6 second window where a malicious superminority can grind the chain state.

• Attack Vector: Vote grinding and stake-weighted consensus manipulation.
• Impact: $10B+ DeFi TVL repeatedly exposed to double-spend risk during outages.
• Lesson: Throughput is meaningless without cryptoeconomic finality guarantees.

In 2022, a $10M bounty was claimed by exploiting Tendermint's 1/3+1 Byzantine fault tolerance. The attacker demonstrated that with 34% of stake, they could halt the chain and prevent finality indefinitely, grinding the network to a halt without slashing.

• Attack Vector: Liveness attack via stake concentration below the slashing threshold.
• Impact: Proof that economic finality (slashing) and safety finality are distinct and separable.
• Lesson: Interchain Security models must account for liveness failures, not just safety failures.

As a plasma-inspired commit chain, Polygon PoS relies on a centralized set of Heimdall validators to checkpoint state to Ethereum. If these validators are compromised or collude, they can grind out fraudulent checkpoints, putting ~$1B in bridge assets at risk with no timely fraud proof.

• Attack Vector: Checkpoint grinding via validator set takeover.
• Impact: Highlights the weak finality link in multi-chain architectures.
• Lesson: Ethereum's finality is the bottleneck; sidechains inherit its latency and security assumptions.

Avalanche's subnet model delegates finality to small, often undercollateralized validator sets. This creates finality islands where a subnet can achieve internal finality that is not recognized by the Primary Network, enabling cross-subnet double-spend attacks and breaking atomic composability.

• Attack Vector: Isolated finality and bridge message grinding between subnets.
• Impact: Fragmented security undermines the value proposition of a unified ecosystem.
• Lesson: Interoperability protocols like LayerZero and Axelar must bridge finality, not just data.

NEAR's Nightshade sharding design introduces cross-shard finality latency. A transaction finalized on one shard is only probabilistically final for others, creating a window for cross-shard arbitrage attacks similar to cross-chain MEV. This makes atomic cross-shard composability impossible without trust assumptions.

• Attack Vector: Timing attacks on cross-shard state transitions.
• Impact: Limits the design space for sharded DeFi and requires complex asynchronous programming models.
• Lesson: Single-slot finality (or near-equivalent) is a prerequisite for seamless sharding.

Chains like Ethereum with probabilistic finality (~12-15 minute window) allow validators to reorg blocks for profit. This creates a ~$100M+ annual attack surface for cross-chain bridges and oracles that assume faster settlement.\n- Time-Bandit Attacks: Adversaries can revert finalized bridge transactions after assets are released on another chain.\n- Oracle Manipulation: Price feeds can be invalidated, breaking DeFi positions.

These protocols use cryptoeconomic slashing and restaking to create faster, stronger finality guarantees atop existing chains. They turn finality from a consensus property into a tradable security commodity.\n- Economic Finality: $1B+ in restaked ETH can secure a sub-4-minute finality layer.\n- Universal Composability: Provides a shared security primitive for rollups, oracles, and bridges like LayerZero and Wormhole.

Applications requiring atomic state changes across chains (e.g., cross-chain DEX arbitrage, leveraged farming) fail when one chain finalizes before another. This is the core flaw in "fast bridge" designs that don't wait for source-chain finality.\n- Race Condition Exploits: Attackers can profit from the delta between optimistic execution and true finalization.\n- Fragmented Liquidity: Protocols like UniswapX must implement complex fallback logic to mitigate this risk.

These systems separate user intent from execution, allowing solvers to compete to fulfill cross-chain actions after finality is achieved. They internalize finality risk into the solver's economic model.\n- Risk Isolation: User funds are only released on the destination chain after cryptographic proof of source-chain finality.\n- Solver Competition: Creates a market for efficient, secure execution, reducing costs by ~20-30% versus naive AMBs.

Verifying finality from one chain on another (e.g., an Ethereum light client in a Cosmos app-chain) requires verifying ~1MB of consensus signatures per epoch. This is computationally prohibitive for most VMs, forcing reliance on trusted multisigs.\n- High Gas Cost: On-chain verification can cost >1M gas, making frequent updates unsustainable.\n- Centralization Pressure: Leads to reliance on ~8/15 multisigs in bridges like Polygon PoS and Arbitrum.

Zero-knowledge proofs compress the entire finality verification process into a ~10KB proof that can be verified in <100k gas. This makes trustless, frequent cross-chain state synchronization economically viable.\n- Trust Minimization: Replaces multisigs with cryptographic guarantees for bridges and interoperability hubs.\n- Universal Interop: Enables a mesh network of chains to share finality states, foundational for projects like Cosmos IBC and EigenDA.