directed acyclic graph (DAG) instead of a chain, it permits some parallelism. Thus, the parties may
output the same transactions in a different order, unless these transactions causally depend on each other.
Only the latter must be ordered in the same way.
The consensus protocol of a blockchain is of crucial importance for its security and for the stability
of the corresponding digital assets. Analyzing such protocols has become an important topic in current
research. Although Bitcoin appeared first without formal arguments, its security has been widely under-
stood and analyzed meanwhile. The importance of proving the properties of blockchain protocols has
been recognized for a long time [7].
However, there are still protocols released today without the backing of formal security arguments.
The Avalanche whitepaper [28] introduces a family of consensus protocols and offers rigorous security
proofs for some of them. Yet the Avalanche protocol itself and the related Snowman protocol, which
power the platform, are not analyzed. Besides, several key features of this protocol are either omitted or
described only vaguely.
In this paper, we explain the Avalanche consensus protocol in detail. We describe it abstractly
through pseudocode and highlight features that may be overlooked in the whitepaper (Sections 3–4).
Furthermore, we use our insights to formally establish safety properties of Avalanche. Per contra, we
also identify a weakness that affects its liveness. In particular, Avalanche suffers from a vulnerability in
how it accepts transactions that allows an adversary to delay targeted transactions by several orders of
magnitude (Section 5), which may render the protocol useless in practice. The problem results from de-
pendencies that exist among the votes on different transactions issued by honest parties; the whitepaper
does not address them. The attack may be mounted by a single malicious party with some insight into
the network topology. Finally, we suggest a modification to the Avalanche protocol that would prevent
our attacks from succeeding and reinstantiate liveness of the protocol (Section 6). This version, which
we call Glacier, restricts the sampling choices in order to break the dependencies, but also eliminates the
parallelism featured by Avalanche.
The vulnerability has been acknowledged by the Avalanche developers. The deployed version of the
protocol differes however from the protocol in the whitepaper in a crucial way. It implements another
measure that prevents the problem, as we explain as well (in Appendix B).
2 Related work
Despite Avalanche’s tremendous success, there is no independent research on its security. Recall that
Avalanche introduces the “snow family” of consensus protocols based on sampling [28, 3]: Slush,
Snowflake, and Snowball. Detailed proofs about liveness and safety for the snow-family of algorithms
are given. The Avalanche protocol for asset exchange, however, lacks such a meticulous analysis. The
dissertation of Yin [31] describes Avalanche as well, but does not analyze its security in more detail
either.
Recall that Nakamoto introduced Bitcoin [22] without any formal analysis. This has been corrected
by a long line of research, which established the conditions under which it is secure (e.g., by Garay,
Kiayias, and Leonardos [12, 13] and by Eyal and Sirer [11]).
The consensus mechanisms that stand behind the best-known cryptocurrencies are meanwhile prop-
erly understood. Some of them, like the proof-of-stake protocols of Algorand [14] and the Ouroboros
family that powers the Cardano blockchain [16, 9], did apply sound design principles by first introducing
and analyzing the protocols and only later implementing them.
Many others, however, have still followed the heuristic approach: they released code first and were
confronted with concerns about their security later. This includes Ripple [2, 1] and NEO [30], in which
several vulnerabilities have been found, or Solana, which halted multiple times in 2021–2022. Stellar
comes with a formal model [20], but it has also been criticized [17].
Protocols based on DAGs have potentially higher throughput than those based on chains. Notable
examples include PHANTOM and GHOSTDAG [26], the Tangle of IOTA (www.iota.org), Con-
flux [19], and others [15]. However, they are also more complex to understand and susceptible to a wider
2