Transaction Censorship

Validators and searchers engage in transaction ordering to capture value, which can manifest as censorship. A common tactic is time-bandit attacks, where a validator reorgs the chain to exclude a profitable transaction they missed. More directly, validators may censor arbitrage or liquidation transactions to capture that value themselves in a subsequent block, denying the original sender their intended execution.

Validators may temporarily censor transactions to protect network health. This includes filtering:

• Spam transactions that bloat the chain or cause congestion.
• Malicious smart contract calls that could destabilize the network.
• Transactions with exceptionally low fees during peak demand to prioritize economic throughput. While often framed as a public good, this discretionary power can be abused to suppress legitimate activity.

Validators or dominant mining pools may impose censorship based on the content or perceived purpose of a transaction. This could target:

• Transactions funding specific political causes or organizations.
• Interactions with applications (e.g., gambling, privacy tools) deemed undesirable.
• Activity from certain geographic regions. This represents a direct form of content-based censorship, conflicting with the credo of permissionless innovation.

Some blockchain protocols have built-in slashing conditions or penalties that can force validators to censor. For example, a protocol might punish validators for including transactions that violate certain rules encoded at the consensus layer. This creates a form of programmatic censorship where the network's own economic incentives are designed to exclude specific transaction types, often for security reasons.

Dominant entities in the blockchain stack (e.g., large validator pools, RPC providers, or frontends) may censor transactions to harm competitors. This could involve blocking access to competing decentralized applications (dApps) or protocols. Such censorship creates centralization risks, as a few powerful actors can shape the economic landscape by controlling transaction flow, undermining the network's credible neutrality.

Censorship-Resistant Ordering mechanisms, such as Commit-Reveal Schemes and Threshold Encryption, are cryptographic techniques that prevent block producers from viewing or discriminating against transaction content before inclusion. A Commit-Reveal List (CRL) allows users to submit a commitment (hash) of their transaction first. Only after the commitment is included in a block is the full transaction revealed and executed, blinding validators to the transaction's details during the critical selection phase.

An Inclusion List is a protocol-enforced mechanism that allows a block proposer to mandate the inclusion of specific, otherwise-censored transactions in the next block. If a builder attempts to exclude transactions from the list, the proposer can reject the entire block. This shifts power back to the decentralized set of proposers, creating a credible threat that makes censorship attempts futile. Inclusion lists are a key anti-censorship feature planned for Ethereum.

A malicious majority of miners or validators (a 51% attack) can enact the most severe form of censorship: transaction deletion via chain reorganizations (reorgs). By secretly mining an alternative chain, the attackers can produce a longer chain that excludes specific transactions entirely, effectively rewriting history. This is a fundamental but expensive attack vector in both Proof-of-Work and Proof-of-Stake systems, defended against by the high economic cost of acquiring majority hash power or stake.

Transaction censorship is the act where a block producer (e.g., a miner or validator) refuses to include a valid transaction in a block they are proposing, despite the transaction paying the required fee. This is distinct from a network-wide outage; the network functions, but specific transactions are filtered out. The primary mechanism is control over block space—the entity building the next block has unilateral discretion over its content.

Censorship typically manifests through two main vectors:

• Technical Filtering: Validators run modified node software (e.g., MEV-Boost relays with block lists) to screen transactions based on origin (e.g., from a sanctioned Tornado Cash address) or content.
• Economic Pressure: Dominant mining pools or validator sets, often under regulatory duress, agree to collectively exclude certain transactions. This can approach 51% attack levels if a majority colludes, making censorship persistent.

Historical instances provide concrete examples of censorship risks:

• OFAC Sanctions Compliance: Following U.S. sanctions, major Ethereum MEV-Boost relays began filtering transactions involving sanctioned Tornado Cash addresses, leading to a measurable percentage of blocks being built compliantly.
• Miner Extractable Value (MEV): Searchers often bribe validators via PGA (Priority Gas Auctions) to censor competing transactions, reordering or excluding them to capture arbitrage value.

Protocols and users employ several techniques to resist censorship:

• Decentralized Block Building: Solutions like SUAVE aim to separate block building from proposal, reducing single-entity control.
• Censorship Resistance Metrics: Monitoring tools track the censorship resistance of validators by measuring inclusion of test transactions from blacklisted addresses.
• Commit-Reveal Schemes: Users can submit encrypted transactions that are only revealed after inclusion, hiding their content from censoring validators.

Censorship directly impacts two core blockchain security properties defined by the CAP theorem and Byzantine Fault Tolerance (BFT) models:

• Liveness: The guarantee that all valid transactions will eventually be included. Censorship is a liveness failure.
• Finality: The guarantee that included transactions cannot be reverted. Some consensus mechanisms (e.g., Tendermint) can theoretically finalize a censored block, making the attack more severe than in probabilistic finality chains.

Censorship shifts blockchain from a credibly neutral platform to a permissioned one, with significant downstream effects:

• Validator Centralization Risk: Regulatory pressure can force centralization among compliant operators, creating a single point of failure.
• Smart Contract Risk: DeFi protocols and bridges relying on timely transaction inclusion may fail if their operations are censored.
• Governance Attacks: Censorship can be used as a tool in governance attacks to silence token holders or prevent execution of unwanted proposals.

A mechanism that formalizes the competition for transaction ordering by allowing users to bid for block space directly with block builders. This creates a market that can circumvent a censorious validator by routing transactions through alternative, competitive channels.

• Key Concept: Proposer-Builder Separation (PBS) decouples block building from block proposing.
• Example: A user submits a transaction with a high priority fee to a private mempool or a builder network, making it economically irrational for a validator to ignore it.

A cryptographic technique that hides the content of a transaction until after it is included in a block, preventing censorship based on its data. The transaction is submitted in two phases.

• Commit Phase: A user publishes a hash of their transaction data (the commitment).
• Reveal Phase: After the commitment is included in a block, the user reveals the original data, which is then executed.
• Use Case: Effective for censored actions like voting in decentralized governance or participating in certain DeFi mechanisms.

Improving the resilience of the underlying network layer to make it harder for any single entity to filter transactions. This involves diversifying the nodes and connections that propagate transaction data.

• Dandelion++: A network protocol that anonymizes the origin of a transaction by routing it through a random path (the stem) before broadcasting it widely (the fluff phase).
• Network Incentives: Encouraging a robust, globally distributed set of full nodes and relays to prevent network-level choke points.

A protocol-level upgrade that bakes the separation of block building and proposing directly into the blockchain's consensus rules. This is considered the most robust long-term mitigation against validator-level censorship.

• Core Idea: The protocol itself manages the auction between builders (who create full blocks) and proposers (who simply select the highest-paying block).
• Benefit: It prevents a single validator from easily identifying and censoring specific transactions, as the proposer only sees complete block bids, not individual transactions.
• Status: A planned future upgrade for networks like Ethereum.

A method where transactions are encrypted before being sent to the network and can only be decrypted by a decentralized committee of validators after the block is proposed. This completely hides transaction content from individual validators and builders.

• Process: A user encrypts a transaction with a public key. A threshold of validators (e.g., 2/3) must collaborate to decrypt it after inclusion.
• Guarantee: No single entity can read the transaction to censor it, but the decentralized group can ensure it's valid before finalizing the block.
• Example: Proposed as a core component of encrypted mempools for maximal censorship resistance.