Censorship Attack

This is the most direct form of censorship, where a validator or miner intentionally excludes specific transactions from the blocks they produce. This can be based on the transaction's origin (e.g., a blacklisted address), its content, or its destination. Examples include:

• A miner refusing to process transactions from a sanctioned Tornado Cash address.
• A validator ignoring all transactions related to a specific decentralized application (dApp).

Censorship can be enforced through Maximal Extractable Value (MEV) strategies. Searchers or block builders can create blocks that reorder or omit transactions to extract profit, which can have a censoring side effect. A prominent example is the use of Flashbots bundles, where private transaction flows allow builders to exclude public mempool transactions, potentially censoring those they deem unprofitable or undesirable.

Attackers can attempt to censor transactions before they reach block producers by attacking the peer-to-peer (P2P) network. This involves:

• Eclipse attacks: Isolating a node from the honest network to control its view of transactions.
• DoS attacks: Flooding a node's mempool with spam to prevent it from receiving or relaying legitimate transactions.
• Propagation delays: Selectively delaying the gossip of certain transactions, making them stale.

In Proof-of-Stake systems, a coalition of validators holding more than one-third of the staked assets can prevent the chain from finalizing blocks that contain transactions they wish to censor. This creates finality delay. A more severe attack involves a chain reorganization (reorg), where validators with a supermajority (e.g., two-thirds) can revert finalized blocks to erase previously included transactions, a form of ex-post-facto censorship.

Censorship can be enforced off-chain through legal or economic coercion. Regulatory bodies may pressure centralized staking providers, exchange validators, or infrastructure providers (like RPC endpoints) to filter transactions. This creates a central point of failure and is a primary concern for decentralization. The threat often focuses on compliance with sanctions lists, forcing node operators to choose between network rules and local laws.

Understanding censorship requires knowledge of these related mechanisms:

• Decentralization: The primary defense against censorship.
• Mempool: The waiting area for pending transactions, a key attack surface.
• Proposer-Builder Separation (PBS): A design to mitigate MEV-based censorship.
• Censorship Resistance: A blockchain's fundamental property to resist such attacks.
• Governance Attacks: Attacks that change protocol rules to enable censorship.

A primary motivation where block proposers (validators or miners) intentionally exclude or reorder transactions to capture Maximum Extractable Value (MEV). This includes:

• Sandwich attacks: Censoring a victim's trade to profit from price impact.
• Time-bandit attacks: Reorganizing blocks to steal arbitrage opportunities.
• Transaction exclusion: Preventing a competing arbitrageur's transaction from being included.

Validators or relay operators may censor transactions to comply with jurisdictional regulations, such as sanctions lists. This is a significant concern for proof-of-stake networks where validator identity can be known. Key examples include:

• Filtering transactions from OFAC-sanctioned addresses.
• Pressure on centralized staking providers or infrastructure like RPC endpoints to implement blacklists.

An attacker with substantial hash power or stake can censor specific addresses or applications to disrupt service. This targets:

• Decentralized applications (dApps): Making a specific protocol unusable.
• Competing validators: Isolating them from the network.
• Governance proposals: Preventing voting transactions from being included. The goal is often competitive sabotage or coercion rather than direct financial gain.

Censorship can occur before a transaction reaches a block builder. Entities controlling network infrastructure can filter transactions at the mempool level.

• Relays in Ethereum's PBS (Proposer-Builder Separation) may refuse to pass certain bundles.
• RPC node providers can drop transactions from specific senders.
• P2P network peers can gossip-filter transactions, creating network partitions.

The most severe form aims to permanently alter chain rules or exclude a class of participants. This includes:

• 51% attacks: To rewrite history and erase transactions.
• Stake grinding: Manipulating validator selection to ensure only compliant validators propose blocks.
• Finality delays: In BFT chains, preventing the finalization of blocks containing certain transactions.

Networks employ cryptographic and economic defenses against censorship.

• Censorship resistance: A core design goal of proof-of-work and decentralized proof-of-stake.
• Proposer-Builder Separation (PBS): Separates transaction ordering from block proposing to dilute power.
• Encrypted mempools: Hiding transaction content until inclusion.
• Permissionless relay networks: Ensuring multiple, neutral paths for transaction propagation.

Following U.S. sanctions on the Tornado Cash smart contracts, a significant portion of Ethereum validators, including major staking services, began censoring transactions that interacted with the blacklisted addresses. This created a two-tiered mempool, where sanctioned transactions were excluded from blocks proposed by compliant validators, effectively delaying or preventing their execution. This is a prime example of regulatory-driven censorship at the consensus layer.

While not censorship in the traditional sense, MEV searchers and block builders can engage in transaction ordering attacks. By controlling block construction, they can:

• Exclude certain transactions entirely to manipulate prices or liquidations.
• Front-run user trades by inserting their own transactions first.
• Sandwich attack a victim's transaction. This selective inclusion/exclusion based on profitability is a form of economic censorship.

An attacker can attempt to flood the network's mempool with high-fee, meaningless transactions. This creates congestion that makes it economically or technically difficult for legitimate, lower-fee transactions to be included in blocks. While not a targeted filter, the effect is the censorship of ordinary users who cannot outbid the spam. This highlights the importance of block space markets and fee mechanisms as anti-censorship tools.

A 51% attack is the ultimate censorship vector. An entity controlling a majority of a Proof-of-Work network's hash rate can:

• Orphan blocks containing specific transactions, removing them from the canonical chain.
• Prevent new transactions from being confirmed by refusing to include them. This demonstrates that consensus security is the foundational defense against the most severe forms of censorship.

Ethereum's move to Proposer-Builder Separation (PBS) via MEV-Boost was designed, in part, to combat censorship. It creates a competitive market for block building, making it harder for a single entity to control transaction inclusion. A validator (proposer) chooses from blocks built by many builders. If one builder censors, the proposer can select an uncensored block from another, preserving credible neutrality.

Advanced protocols are developing technical countermeasures. crLists (censorship resistance lists) are a proposed Ethereum upgrade where validators can be forced to include transactions from a public mempool. If a builder tries to censor, the proposer can attach a crList, mandating the inclusion of those pending transactions in the next block. This uses cryptographic proofs to enforce inclusion guarantees.