Mempool flooding is a denial-of-service (DoS) attack on a blockchain network where an attacker broadcasts a high volume of low-fee or invalid transactions to the memory pool (mempool). The primary goal is to congest the network's pending transaction queue, causing legitimate transactions to be delayed or dropped, increasing transaction fees for all users, and potentially destabilizing node operations by consuming excessive memory and processing resources. This attack exploits the public and permissionless nature of most blockchain mempools.
LABS
Glossary
Mempool Flooding
Mempool flooding is a denial-of-service (DoS) attack that overwhelms a blockchain network by broadcasting a high volume of transactions to fill node mempools and disrupt normal operation.
Chainscore © 2026
definition
BLOCKCHAIN ATTACK VECTOR
What is Mempool Flooding?
Mempool flooding is a denial-of-service (DoS) attack on a blockchain network designed to overwhelm its transaction processing capacity.
The mechanics involve an attacker using automated scripts to generate and sign thousands of transactions, often spending from a single address or a set of addresses they control. These transactions typically offer the minimum gas price or transaction fee required for network acceptance, ensuring they are propagated by nodes but are not prioritized for inclusion in a block by miners or validators. By saturating the mempool, the attacker creates a backlog, forcing users to outbid the spam with higher fees to have their transactions confirmed in a timely manner.
Common motivations for mempool flooding include extortion (demanding payment to stop the attack), market manipulation (delaying specific arbitrage or liquidation transactions), and network disruption as a form of protest or competitive sabotage. A notable historical example is the Ethereum network congestion experienced during the 2017 CryptoKitties craze and various NFT minting events, where organic demand mimicked a flooding attack, causing severe delays and fee spikes, highlighting the network's vulnerability to transaction volume surges.
Networks defend against this attack through several mechanisms. Dynamic fee markets allow miners to prioritize higher-paying transactions, making sustained flooding expensive for the attacker. Mempool policies can limit the number of transactions from a single address or require a minimum fee for propagation. More advanced solutions include transaction expiration (timeouts), mempool partitioning, and fee-bumping protocols like Replace-By-Fee (RBF) which allow legitimate users to increase their bid without being stuck in the backlog.
For developers and node operators, understanding mempool flooding is critical for building resilient applications. Strategies include implementing robust fee estimation algorithms that react to congestion, designing contracts with gas-efficient code to reduce user costs during high-fee periods, and setting appropriate gas limits and priority fees (maxPriorityFeePerGas in EIP-1559 systems). Monitoring mempool size and average fee rates can provide early warning signs of an ongoing attack or periods of extreme organic demand.
how-it-works
BLOCKCHAIN ATTACK VECTOR
How Mempool Flooding Works
Mempool flooding is a network-level denial-of-service attack that targets a blockchain's transaction queue to disrupt normal operations.
Mempool flooding is a denial-of-service (DoS) attack where an attacker broadcasts a large volume of low-fee or invalid transactions to overwhelm a blockchain network's memory pool (mempool). The primary goal is to congest the network's transaction queue, causing legitimate transactions to be delayed, increasing fees for users, and potentially destabilizing node operations by consuming excessive memory and processing resources. This attack exploits the public and permissionless nature of most blockchain networks, where anyone can submit transactions.
The mechanics involve an attacker using automated scripts to generate and sign thousands of transactions, often spending from a single wallet or a set of coordinated wallets. These transactions typically offer the minimum gas price or transaction fee required to be accepted into the mempool, making them unprofitable for miners or validators to prioritize. By filling the mempool, the attacker creates a backlog, forcing users to outbid the spam with higher fees to get their transactions confirmed in a timely manner, effectively creating a fee market crisis.
Common techniques include dust transactions (sending tiny amounts to numerous addresses), creating transactions with nonce gaps to stall future transactions from the same address, or crafting contract-calling transactions that perform complex, resource-intensive computations on-chain. On networks like Ethereum, attackers may target specific smart contracts known to be gas-inefficient. Defensive measures by node operators include implementing mempool filtering rules, adjusting the mempool's size and expiration policies, and using fee estimation algorithms that can identify and ignore spam patterns.
The impact of a successful mempool flooding attack extends beyond high fees. It can lead to chain reorganization (reorg) risks if miners mine empty blocks to avoid the congested mempool, reduce network throughput, and cause a poor user experience. Historically, such attacks have been used as a precursor to more sophisticated exploits, like time-bandit attacks, or to create cover for front-running or arbitrage opportunities by manipulating transaction ordering during periods of extreme congestion.
From a network health perspective, mempool flooding tests the resilience of a blockchain's peer-to-peer (p2p) gossip protocol and its economic incentives. Robust networks implement DoS protection at the client level (e.g., Geth's txpool settings) and may employ transaction prioritization logic that favors higher fee-per-byte ratios. Ultimately, while mempool flooding is a persistent threat, it highlights the ongoing balance in blockchain design between censorship resistance, network performance, and spam prevention.
key-features
MEMPOOL FLOODING
Key Features & Characteristics
Mempool flooding is a network-level attack where an actor broadcasts a large volume of low-fee transactions to congest the pending transaction pool, disrupting normal operations.
01
Primary Attack Vector
The core mechanism involves broadcasting a high volume of transactions, often with spam content or dust outputs, to fill the network's mempool. This creates a backlog, increasing confirmation times and fees for legitimate users. Attackers may use automated scripts to generate thousands of transactions per second.
02
Economic Denial-of-Service (EDoS)
This attack functions as an Economic Denial-of-Service. By saturating the mempool, it forces users to pay higher gas fees or priority fees to outbid the spam, making routine transactions economically prohibitive. The goal is to degrade network utility without directly attacking consensus.
03
Common Motivations
- Market Manipulation: To delay or prevent specific transactions (e.g., liquidations, arbitrage).
- Protocol Disruption: To hinder competitors or specific dApps.
- Fee Extortion: Creating artificial congestion to profit from fee volatility.
- Testing/Research: Stress-testing network limits or mempool implementations.
04
Defensive Mechanisms
Networks implement several defenses:
- Mempool Limits: Capping total size or transaction count.
- Minimum Fee Requirements: Requiring a base fee to enter the mempool.
- Transaction Replacement Policies: Rules like Replace-By-Fee (RBF) can be gamed or used defensively.
- Peer-to-Peer (P2P) Gossip Rules: Limiting how transactions are propagated.
05
Related Concepts
- Gas War: A competitive, organic bidding war for block space, distinct from a malicious flood.
- Dusting Attack: Sending tiny, traceable amounts to many addresses, often part of a flood.
- Time-Bandit Attack: A related consensus attack that exploits reorganization, sometimes preceded by flooding.
- Mempool Sniping: Exploiting the visibility of pending transactions, which flooding can obscure.
06
Real-World Example
In September 2022, the Ethereum network experienced significant congestion partially attributed to mempool flooding from the USDC blacklist function. The transferWithAuthorization function calls generated a massive spike in pending transactions, creating delays and fee spikes for all users, showcasing how a single contract action can trigger flood-like conditions.
primary-motivations
MEMPOOL FLOODING
Primary Motivations & Goals
Mempool flooding is a network-level attack where an actor broadcasts a large volume of low-fee or invalid transactions to congest a blockchain's pending transaction pool. This section details the primary objectives behind such actions.
01
Denial-of-Service (DoS) Attack
The primary goal is to deny service to legitimate users by saturating the mempool. This creates a backlog, causing:
- Increased confirmation times for regular transactions.
- Spikes in transaction fees as users compete for block space.
- Potential temporary network paralysis, degrading the user experience and trust in the chain.
02
Front-Running & Sandwiching
Attackers flood the mempool with their own transactions to manipulate transaction ordering for profit. Key techniques include:
- Priority Gas Auctions: Bidding up gas prices to ensure a target transaction (e.g., a large DEX swap) is processed adjacent to their own.
- Sandwich Attacks: Placing one transaction before and one after a victim's swap to profit from the resulting price movement.
- Mempool congestion makes these predatory strategies more effective by obscuring the victim's transaction.
03
Spam for Consensus Manipulation
Flooding can be used to stress-test or manipulate network consensus, particularly in Proof-of-Stake systems. Goals include:
- Testing validator resilience and network throughput limits.
- Attempting to induce validator slashing by causing them to miss blocks or propose invalid ones under load.
- Creating conditions for chain reorganizations by delaying block propagation, though this is highly resource-intensive.
04
Fee Market Manipulation
By artificially inflating demand for block space, an attacker can manipulate the base fee (in EIP-1559 chains) or general fee market. Potential motives are:
- Increasing protocol revenue from fee burns if holding a related asset.
- Forcing economic pressure on competitors or specific dApps that rely on predictable transaction costs.
- Creating a false signal of high network activity.
05
Distraction for Concurrent Exploit
Mempool flooding can act as a smokescreen for a separate, critical attack. While network operators and users are distracted by the congestion, the attacker may:
- Execute a flash loan attack or governance exploit on a decentralized protocol.
- Perform large-scale arbitrage that might otherwise be noticed and front-run.
- The noise makes it harder to detect and react to the primary malicious transaction in real-time.
06
Extortion or Protest
In some cases, flooding is a form of protest or an attempt at extortion. An actor might:
- Threaten continued spam unless a ransom is paid (a rare but documented occurrence).
- Protest against protocol decisions or governance outcomes by disrupting normal operation.
- Demonstrate a vulnerability publicly to force a fix, acting as a white-hat stress test.
security-considerations
MEMPOOL FLOODING
Security Considerations & Network Impact
Mempool flooding is a network-level attack where a malicious actor broadcasts a large volume of low-fee or invalid transactions to congest the network's pending transaction queue, degrading performance and potentially enabling other exploits.
01
Mechanism of Attack
The attacker generates and propagates a high volume of transactions, often with zero or minimal fees, to fill the mempool of network nodes. This creates a backlog, increasing transaction confirmation times for legitimate users and consuming node resources for validation and storage. The goal is to create artificial congestion without incurring significant cost.
02
Primary Security Goals
Flooding attacks aim to achieve several disruptive outcomes:
- Denial-of-Service (DoS): Render the network unusable for regular users by maxing out block space and node memory.
- Fee Market Manipulation: Force legitimate users to pay higher gas fees or priority fees to outbid the spam.
- Preparation for Front-Running: Create a crowded mempool to obscure targeted transactions before a sandwich attack or other MEV extraction.
03
Network Impact & Symptoms
Observable effects of a mempool flood include:
- Skyrocketing Average Fees: As users compete for limited block space.
- Increased Pending Transaction Count: Mempool size grows exponentially.
- Node Performance Degradation: Increased CPU, memory, and bandwidth usage can cause nodes to fall out of sync.
- User Experience Collapse: Wallets fail to estimate accurate fees, and transactions remain stuck for hours or days.
04
Common Mitigation Strategies
Networks and node operators employ several defenses:
- Minimum Fee Requirements: Nodes can set a minimal gas price to accept transactions, filtering out zero-fee spam.
- Mempool Limits: Enforcing size or count limits on the mempool, with eviction policies for the lowest-fee transactions.
- Transaction Gossip Rules: Protocols like Ethereum's
txpoolmanagement and peer scoring to penalize nodes propagating spam. - Fee Market Algorithms: EIP-1559's base fee mechanism provides some inherent resistance by dynamically burning fees from spam.
05
Related Attack: Dusting
A subset of flooding where an attacker sends tiny amounts of a native token or ERC-20 tokens to a vast number of addresses. While not always congesting the mempool, it:
- Clutters wallet histories and UTXO sets.
- Can be used for chain analysis and address clustering.
- May be a precursor to phishing or scam attempts targeting the dusted addresses.
06
Example: The Ethereum "Shanghai DoS" Attacks (2016)
A historical case where attackers exploited low gas costs for certain opcodes (like EXTCODESIZE and BALANCE) to create computationally cheap transactions that were expensive for nodes to process. This flooded the mempool and caused Geth and Parity clients to crash, leading to significant protocol upgrades and gas cost re-pricing in subsequent hard forks.
mitigation-strategies
MEMPOOL FLOODING
Common Mitigation Strategies
To counter mempool flooding attacks, which aim to congest the network with low-fee transactions, blockchains and node operators deploy various technical and economic defenses.
01
Minimum Fee Requirements
Network nodes can enforce a minimum fee or minimum gas price to accept a transaction into their local mempool. This simple filter prevents spam transactions that offer negligible or zero fees from consuming node resources. For example, Geth clients can set the --miner.gasprice flag to reject transactions below a specified threshold.
02
Mempool Size Limits
Nodes implement strict memory limits on their transaction pools. When the mempool reaches capacity, the node employs an eviction policy, typically removing the lowest-fee-per-byte transactions first. This creates a competitive fee market where only transactions willing to pay for priority are retained, naturally filtering out spam.
03
Transaction Replacement Policies
Protocols like Bitcoin use Replace-By-Fee (RBF) with strict rules (e.g., higher fee, same inputs/outputs) to prevent flooding via transaction replacement attacks. Ethereum's use of nonces ensures only one transaction per account nonce is valid in the mempool, preventing multiple conflicting transactions from spamming the pool.
04
DoS-Resistant Peer-to-Peer Protocols
Upgrading the underlying P2P gossip protocol is a fundamental defense. Implementations like Ethereum's eth/66 and later introduce transaction announcements via compact blocks, request/response quotas, and peer scoring. Nodes penalize or disconnect peers that send excessive invalid or low-quality transactions, isolating malicious actors.
06
Economic Finality & Preconfirmations
Emerging solutions aim to provide economic finality or soft confirmations before a transaction reaches the canonical chain. Protocols like EigenLayer's EigenDA or Espresso Systems use cryptographic attestations and staking slashing conditions. This allows users to receive a secure guarantee their transaction will be included, reducing the incentive to spam the public mempool for priority.
ATTACK VECTOR COMPARISON
Mempool Flooding vs. Other DoS Attacks
A comparison of denial-of-service (DoS) attack types targeting blockchain network layers.
| Attack Feature | Mempool Flooding | Network Layer DoS | Consensus Layer DoS |
|---|---|---|---|
Primary Target | Transaction processing nodes | Peer-to-peer network | Block validation & consensus |
Attack Vector | High-volume, low-fee transaction spam | Connection exhaustion, packet flooding | Invalid block propagation, stake grinding |
Resource Exhausted | Node memory & CPU for mempool validation | Network bandwidth & connection slots | Block validation compute power |
Impact on Finality | Delays transaction inclusion | Slows block & transaction propagation | Can halt or fork the chain |
Mitigation Tactic | Minimum fee requirements, mempool limits | Peer scoring, connection limits | Slashing penalties, proof-of-work cost |
Typical Cost to Attack | Low (transaction fees only) | Medium (botnet or cloud resources) | Very High (staking collateral or hash power) |
Layer of OSI Model | Application Layer (Layer 7) | Network/Transport Layer (L3/L4) | Application Layer (Consensus Logic) |
historical-examples
MEMPOOL FLOODING
Historical Examples & Case Studies
These case studies illustrate how mempool flooding has been used as a denial-of-service vector and a tactic in financial attacks on blockchain networks.
02
The 2017 BCH/BSV Mempool Spam Attack
A sustained spam attack on the Bitcoin Cash (BCH) and later Bitcoin SV (BSV) networks. Attackers broadcasted hundreds of thousands of tiny, dust transactions to fill blocks and bloat the UTXO set. The goal was to increase node operational costs and disrupt network usability, demonstrating how cheap transaction fees on high-throughput chains can be exploited for denial-of-service.
04
Arbitrum Nitro Sequencer Outage (2024)
A sophisticated attack where an actor flooded the Arbitrum sequencer inbox with a massive volume of transactions. This mempool spam aimed to exploit a race condition in transaction ordering to gain a financial advantage in a pending airdrop. The event caused a temporary sequencer outage and led to protocol improvements for handling inbox congestion and transaction ordering fairness.
05
Solana's Bot Spam & Failed Transactions
Repeated incidents, notably around popular NFT mints, where arbitrage bots and users spam the network with millions of transactions per second. This mempool flooding overwhelms the network's leader schedule, causing widespread transaction failure and degraded performance. These events have driven the development of solutions like localized fee markets (priority fees) and QUIC protocol implementation.
06
The Role in MEV Extraction
Mempool flooding is a tactical tool in Maximal Extractable Value (MEV) strategies. Searchers may flood the mempool with decoy transactions to:
- Obscure their target transaction from competitors.
- Create artificial congestion to delay rival arbitrage or liquidation bundles.
- Manipulate gas prices to influence transaction ordering. This turns the mempool into a competitive battlefield for block space.
MEMPOOL FLOODING
Frequently Asked Questions (FAQ)
Common questions about mempool flooding, a network-level attack that disrupts transaction processing by overwhelming a blockchain's pending transaction pool.
Mempool flooding is a network-level attack where an attacker broadcasts a large volume of low-fee or invalid transactions to overwhelm a blockchain's mempool, the waiting area for unconfirmed transactions. The attack works by saturating the network's memory and bandwidth, causing legitimate transactions to be delayed or dropped. Attackers often use spam transactions with easily predictable or reused nonces to generate them cheaply. The primary goal is to create network congestion, increase transaction confirmation times, and potentially force users to pay higher gas fees to have their transactions prioritized by miners or validators.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall