A P+ε attack is a theoretical economic exploit in a blockchain's consensus mechanism where an attacker can profitably bribe validators to deviate from the protocol by offering a reward (ε) that is marginally greater than the validator's honest staking reward (P). The core vulnerability lies in the incentive misalignment created when the cost of the bribe is less than the value the attacker extracts from the resulting chain reorganization or transaction censorship. This attack vector is particularly relevant to Proof-of-Stake (PoS) and delegated systems, where validators have significant capital at stake but can be tempted by off-chain, non-slashable payments.
LABS
Glossary
P+ε Attack
A P+ε attack is a bribery attack in token-based governance where an attacker can profitably bribe voters to approve a harmful proposal, as long as the attacker's profit (P) exceeds the bribe cost (ε).
Chainscore © 2026
definition
BLOCKCHAIN SECURITY
What is a P+ε Attack?
A P+ε attack is a sophisticated manipulation of a blockchain's consensus mechanism, specifically targeting the economic incentives of validators or miners.
The attack's feasibility depends on the cost of corruption versus the cost of honest participation. In a simple model, if a validator's reward for honest validation is P, an attacker only needs to offer P + ε (where ε is a small, positive amount) to make deviation rational for that validator, assuming no other penalties. This breaks the Nash equilibrium assumed by many consensus protocols. Crucially, the bribe ε can be paid via an untraceable off-chain channel, circumventing the protocol's built-in slashing conditions designed to punish on-chain misbehavior.
To mitigate P+ε attacks, protocol designers implement cryptoeconomic defenses that increase the cost of corruption. These include heavy slashing penalties that destroy a validator's staked capital, making the required bribe ε prohibitively large. Other defenses involve accountability measures like fraud proofs or data availability sampling, which allow the network to detect and punish malicious chain histories after the fact. The goal is to ensure the profit from an honest strategy always dominates any potential profit from a deviating strategy, even when off-chain bribes are possible.
A practical consideration is the collusion resistance of the validator set. A P+ε attack becomes more feasible if the attacker only needs to bribe a small, coordinated subset of validators (e.g., those controlling a supermajority in a given slot). Protocols like Ethereum's consensus mechanism address this through randomized committee selection and proposer-builder separation (PBS), which distribute influence and make large-scale, secret collusion more difficult and expensive to orchestrate.
The concept, formalized by researchers including Vitalik Buterin, highlights that blockchain security cannot rely solely on in-protocol rewards. It must create scenarios where coordinating an attack is more expensive than the value of the chain itself. This principle pushes the design of consensus mechanisms beyond simple reward schemes and towards robust, game-theoretically sound models that are resilient to off-chain coordination and bribery.
etymology
TERM ORIGIN
Etymology and Origin
The P+ε attack is a theoretical economic exploit in blockchain consensus mechanisms, named for its reliance on a minimal profit incentive.
The term P+ε attack derives from formal game theory and mechanism design literature, where the Greek letter epsilon (ε) conventionally represents an arbitrarily small positive quantity. In this context, P stands for the protocol's intended reward for honest behavior, while ε signifies a tiny, additional bribe offered by an attacker to deviate participants. The name was popularized in blockchain discourse following its formalization in academic papers analyzing the incentive compatibility of Proof-of-Stake (PoS) and other cryptoeconomic systems. It succinctly captures the attack's core premise: subverting consensus requires only a marginal extra payment over the honest reward.
The concept's origins are deeply tied to the Nothing at Stake problem and broader research into bribery attacks. Early blockchain designs assumed rational actors would follow protocol rules if honestly rewarded. However, theorists identified a flaw: if an attacker can profit from a chain reorganization (e.g., through a double-spend), they could redistribute a portion of that profit (ε) to validators, making betrayal more lucrative than honesty (P). This creates a Nash equilibrium where the dominant strategy for rational validators is to accept the bribe, breaking the system's security assumptions. The attack highlights the critical difference between cryptographic security and economic security.
The P+ε model was rigorously analyzed in pivotal works like "The Bitcoin Backbone Protocol" and subsequent research on PoS finality. It demonstrated that protocols relying solely on block rewards for security are vulnerable if the external value at stake in a transaction (e.g., a large double-spend) can be used to fund bribes. This insight directly influenced the design of modern PoS systems, which incorporate slashing penalties, bonding periods, and delegation mechanisms to significantly increase the cost (ε) an attacker must pay, making such bribes economically impractical. The term remains a cornerstone for evaluating the incentive compatibility of any decentralized consensus protocol.
key-features
MECHANISM
Key Features of a P+ε Attack
A P+ε attack is a sophisticated manipulation of decentralized governance systems, exploiting the economic incentives of voting to extract value from a protocol's treasury. It targets mechanisms where voting power is derived from staked assets.
01
The Core Economic Exploit
The attack exploits the gap between a voter's marginal cost and the marginal impact of their vote. An attacker identifies a proposal where the reward for voting 'yes' (ε) is slightly larger than the cost of voting (transaction fees). By bribing a large number of small voters (the +ε), they can swing the vote for a much larger personal profit (P) extracted from the treasury, even if the proposal is harmful to the protocol.
02
Relies on Vote-Buying (Bribery)
The "+ε" represents the bribe paid to token holders to delegate their voting power or vote a specific way. This is often facilitated by bribery markets or vote-buying platforms built on top of governance systems. The bribe need only be marginally higher than the voter's cost of participation to be effective, as most voters are economically rational and apathetic to small proposals.
03
Targets Low-Participation Governance
This attack is most effective in systems with chronically low voter turnout or where a small percentage of the total token supply determines the outcome. The attacker only needs to sway a critical mass of the active voting supply, not the total supply. Systems using quorum-based voting are particularly vulnerable if the quorum is low.
04
Example: The Mango Markets Exploit
A canonical real-world example occurred on Mango Markets in October 2022. The exploiter, who had drained the treasury, created a governance proposal to use the stolen funds to cover bad debt—in effect, a vote to legitimize the theft. By offering a bribe (ε) to token holders (MNGO) to vote 'yes,' they secured the proposal's passage, allowing them to keep ~$47 million (P) as a "bug bounty."
05
Defensive Mechanism: Conviction Voting
A primary defense is conviction voting, where a voter's influence increases the longer their tokens are locked in support of a proposal. This dramatically raises the attacker's cost, as they must bribe voters to lock funds for a long duration, and makes the attack slow to execute, allowing the community time to react.
06
Related Concept: Plutocracy
P+ε attacks are a symptom of plutocratic governance, where voting power is directly proportional to financial stake. This creates a system where the wealthy have disproportionate influence, and economic attacks become feasible. Mitigations often involve layering in elements of identity or reputation (e.g., proof-of-personhood) to decouple voting power from pure capital.
how-it-works
BLOCKCHAIN SECURITY
How a P+ε Attack Works
An explanation of the P+ε attack, a sophisticated economic exploit targeting decentralized oracle systems and blockchain voting mechanisms.
A P+ε attack is a game-theoretic exploit where an attacker can profitably manipulate an on-chain vote or oracle price feed by making a small, profitable side bet that outweighs the cost of their manipulation. The name derives from the attacker's profit P plus an arbitrarily small extra amount ε, representing the minimal incentive required to make the attack rational. Unlike brute-force 51% attacks, this is an economic attack that exploits poorly designed incentive structures, particularly in systems with low-cost voting and valuable, manipulable outcomes.
The attack functions by targeting mechanisms where the cost to vote or propose a value is low, but the financial impact of the outcome is high. A classic target is a decentralized oracle like an on-chain price feed. The attacker first places a large, leveraged bet in a derivative market (e.g., a prediction market or lending protocol) that will pay out based on the oracle's reported price. They then spend a relatively small amount to manipulate the oracle's voting round, submitting a false price that triggers their profitable side bet. Their profit from the bet (P) exceeds their cost to manipulate the vote, making the attack P + ε profitable.
This vulnerability is most acute in commit-reveal or low-stake voting schemes where cryptographic guarantees are separated from economic ones. Defenses focus on making manipulation prohibitively expensive. The primary solution is cryptoeconomic security through mechanisms like high stake weighting, where votes are weighted by the amount of value (stake) locked, or fraud proofs with costly slashing. Projects like Chainlink address this with a decentralized network of high-reputation nodes and on-chain aggregation, ensuring that manipulating the reported value would require collusion and capital far exceeding any potential P + ε profit from a side bet.
security-considerations
ATTACK VECTORS
Security Considerations & Defenses
A P+ε attack is a type of economic exploit where an attacker profits by manipulating a protocol's pricing mechanism with a small capital advantage (ε) to extract value disproportionate to their risk.
01
Core Mechanism
The attack exploits the convexity or non-linear payout of certain DeFi functions. An attacker identifies a scenario where a protocol's pricing (P) is slightly wrong. By adding a small amount of capital (ε), they can manipulate the price to a new equilibrium (P') that creates a guaranteed profit for them, often at the expense of other liquidity providers or the protocol's reserves.
- Key Insight: Profit is not from a direct hack, but from arbitraging the protocol's own internal mechanics.
- Example: In a bonding curve or AMM, depositing to skew the price before a large trade settles.
02
Classic Example: AMM Donation Attack
A canonical example involves a Constant Product Market Maker (CPMM) like Uniswap v2. If the on-chain price (P) deviates from the true market price, the pool is slightly unbalanced.
An attacker can:
- Donate a large amount of one token (ε) to the pool, drastically skewing the price (P').
- Execute a pre-planned swap that profits from this artificial skew.
- The profit comes from the virtual reserves now being mispriced, effectively stealing value from all other LP shares.
This demonstrates the vulnerability of passive liquidity to active manipulation.
03
Prerequisites & Attack Surface
For a P+ε attack to be viable, specific conditions must exist within the protocol's design:
- Price Oracle Reliance: Using a manipulable on-chain price (e.g., a single AMM pool) as an oracle for derivatives or lending.
- Synchronous Execution: The ability to perform multiple actions (donate, swap, settle) in a single transaction before the market can react.
- Non-Linear Payouts: Mechanisms like bonding curves, options pricing, or liquidity mining where outputs don't scale linearly with inputs.
- Low Slippage for Attacker: The attacker's initial capital outlay (ε) must be small relative to the profit, making it a high-leverage attack.
04
Defensive Strategies
Protocols implement several defenses to mitigate P+ε vulnerabilities:
- Time-Weighted Average Prices (TWAPs): Using oracle prices averaged over a period (e.g., 30 minutes) makes instantaneous manipulation prohibitively expensive.
- Circuit Breakers & Velocity Checks: Limiting large price movements within a single block or short timeframe.
- Virtual Reserves & Fee Adjustments: Incorporating fees or virtual balances that reduce the profitability of small donations (e.g., Uniswap v3's fee tiers can alter attack economics).
- Multi-Source Oracles: Aggregating prices from multiple independent sources (e.g., Chainlink) to avoid reliance on a single manipulable pool.
05
Relation to MEV
P+ε attacks are a specialized form of Maximal Extractable Value (MEV). They are often executed by searchers who bundle transactions to capture value created by state changes they induce.
- Distinction: While general MEV (e.g., arbitrage, liquidations) profits from existing market inefficiencies, P+ε creates the inefficiency through a strategic initial deposit.
- Execution: These attacks are typically submitted to block builders via private mempools (e.g., Flashbots) to avoid frontrunning and ensure the multi-step transaction executes atomically.
06
Historical Context & Impact
The concept was formally described in the 2022 research paper "A Note on the P+ε Attack: The Cost of Manipulating On-Chain Oracle Prices" by Chainsecurity. It provided a theoretical framework for understanding a class of exploits that had been observed in practice.
- Real-World Incidents: Variations of this attack have impacted protocols like MakerDAO (2019) where the ETH/USD oracle was manipulated, leading to an emergency shutdown.
- Lasting Effect: This research fundamentally changed how new DeFi protocols design their oracle systems and pricing mechanisms, emphasizing the need for manipulation resistance over pure cost efficiency.
examples
P+Ε ATTACK
Theoretical and Practical Examples
A P+ε attack is a type of governance attack where a malicious actor can profitably manipulate a decentralized protocol's governance by spending slightly more (P + ε) than the cost to acquire voting power, exploiting the economic difference between governance token value and the value of the assets it controls.
01
Core Economic Mechanism
The attack exploits a price discrepancy where the market capitalization of the governance token (P) is less than the total value of assets under its control (TVL). An attacker can:
- Borrow or buy enough tokens to pass a proposal.
- Propose and vote to drain the protocol's treasury or steal user funds.
- Profit if the stolen value exceeds their acquisition cost (P + ε). This creates a scenario where governance is not economically secure.
02
Theoretical Example: Treasury Drain
Consider a DeFi protocol with a $10M treasury but a governance token market cap of only $1M.
- Attack Cost (P): An attacker needs 51% voting power, costing ~$510k.
- Attack Execution: They propose a malicious governance vote to send the $10M treasury to their address.
- Profit: If the vote passes, they gain $10M for a $510k investment, netting ~$9.49M profit (minus the small epsilon for vote buying). This demonstrates the failure of the "skin in the game" defense when P < TVL.
03
Practical Defense: Governance Minimization
A primary defense is to limit the power of on-chain governance over critical, high-value functions. This is implemented by:
- Time-locked upgrades: Introducing significant delays (e.g., 1-2 weeks) for executing treasury transfers or core parameter changes, allowing the community to fork or exit.
- Multisig or veto councils: Using a small, trusted group with a time-bound mandate to veto clearly malicious proposals.
- Non-upgradable contracts: Making core logic immutable, removing governance power over it entirely. The goal is to reduce the attack surface and the ε profit.
04
Practical Defense: Economic Alignment
This defense aims to make an attack economically irrational by aligning P and TVL. Strategies include:
- Protocol-owned liquidity (POL): Using treasury assets to provide liquidity for the governance token, increasing its price floor and market cap (P).
- Revenue sharing / buybacks: Directing protocol fees to buy and burn or stake the governance token, increasing its value and scarcity.
- Staking with slashing: Requiring tokens to be staked (and subject to slashing for malicious votes) to participate in governance, increasing the attacker's cost and risk.
06
Key Takeaway: The Governance Security Trilemma
The P+ε attack highlights a fundamental tension in decentralized governance, often framed as a trilemma. A system can optimize for two, but not all three, of the following properties:
- Decentralization: No central point of control or failure.
- Security: Resistance to attacks like P+ε.
- Agility: Ability to quickly upgrade and adapt the protocol. Most protocols must make explicit trade-offs, such as sacrificing agility (with time locks) or pure decentralization (with veto councils) to achieve security against this class of attack.
COMPARATIVE ANALYSIS
P+ε Attack vs. Related Governance Issues
A comparison of the P+ε Attack mechanism against other common governance vulnerabilities, highlighting their distinct characteristics and mitigations.
| Feature / Characteristic | P+ε Attack | 51% Attack | Governance Takeover | Vote Buying |
|---|---|---|---|---|
Core Mechanism | Economic incentive manipulation in voting | Hashrate or stake majority for chain reorganization | Token majority to control governance parameters | Direct payment for delegate or direct votes |
Primary Target | On-chain governance systems with economic finality | Network consensus and transaction history | Treasury, protocol upgrades, and parameters | Voting outcomes in delegate or direct democracy models |
Resource Required | Marginal capital > voting reward (ε) |
|
| Capital to outbid other voters' preferences |
Attack Stealth | High - appears as rational voting | Low - obvious chain reorg | Medium - visible but 'legitimate' | Varies - can be on-chain or off-chain |
Key Mitigation | Commit-Reveal schemes, vote quarantines | Increased decentralization, chain monitoring | Progressive decentralization, veto mechanisms | Identity verification, anti-collusion frameworks |
Typical Timeframe | Single voting period | Ongoing during attack window | Permanent after token acquisition | Per proposal or voting epoch |
Example Protocol Context | Compound, MakerDAO governance | Proof-of-Work blockchains (historical) | Early-stage DAOs with concentrated supply | Delegated Proof-of-Stake (DPoS) systems |
P+ε ATTACK
Common Misconceptions
The P+ε attack is a sophisticated economic exploit targeting decentralized finance (DeFi) protocols, often misunderstood as a simple market manipulation or oracle failure. This section clarifies its precise mechanism and dispels common myths.
A P+ε attack is a type of economic exploit where an attacker manipulates a protocol's internal accounting to profit from a tiny price discrepancy (ε) by repeatedly depositing and withdrawing a large collateral position (P). It works by exploiting the price lag between an oracle price and the true market price during a transaction. The attacker uses a flash loan to deposit over-collateralized assets, triggering a price update that is slightly stale, then immediately liquidates their own position at a profit before the price corrects. This does not require breaking the oracle but exploits the latency in its update mechanism and the protocol's liquidation incentives.
P+Ε ATTACK
Frequently Asked Questions (FAQ)
A P+ε (P-plus-epsilon) attack is a sophisticated manipulation of decentralized governance mechanisms, exploiting the economic incentives of voting to achieve a desired outcome with minimal capital. This FAQ addresses its mechanics, real-world implications, and defensive strategies.
A P+ε attack is a game-theoretic exploit where an attacker spends just slightly more (ε) than the profit (P) they expect to gain from manipulating a governance vote's outcome, effectively bribing a marginal number of voters to swing the result. Unlike a simple bribe, it targets voters who are economically rational but apathetic, offering them a small, guaranteed payment to vote a specific way, which is more cost-effective than buying a majority of votes outright. The attack exploits the cost of voting and voter apathy, making it a significant threat to decentralized autonomous organizations (DAOs) and on-chain governance systems where proposal outcomes have direct financial consequences.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall