This work identifies a novel commitment attack in Ethereum’s LMD GHOST consensus, arising from a flaw in the timely voting reward mechanism: malicious block proposers can exploit external incentives—such as MEV—to coerce validators into voting for conflicting chains, enabling long-range reorganizations and undermining the intended balance of power between proposers and voters. To address this, the authors propose a coercion-resistant reward mechanism, grounded in game-theoretic modeling and formal verification of consensus safety. Their approach systematically identifies and empirically validates multiple attack vectors. The mechanism incurs no additional communication overhead, provably eliminates commitment attacks, and preserves fairness, decentralization, and mainnet deployability. Crucially, it achieves this without modifying the underlying protocol—making it the first practical, protocol-compliant solution to eradicate such threats.

Validators in permissionless, large-scale blockchains, such as Ethereum, are typically payoff-maximizing, rational actors. Ethereum relies on in-protocol incentives, like rewards for correct and timely votes, to induce honest behavior and secure the blockchain. However, external incentives, such as the block proposer's opportunity to capture maximal extractable value (MEV), may tempt validators to deviate from honest protocol participation. We show a series of commitment attacks on LMD GHOST, a core part of Ethereum's consensus mechanism. We demonstrate how a single adversarial block proposer can orchestrate long-range chain reorganizations by manipulating Ethereum's reward system for timely votes. These attacks disrupt the intended balance of power between proposers and voters: by leveraging credible threats, the adversarial proposer can coerce voters from previous slots into supporting blocks that conflict with the honest chain, enabling a chain reorganization. In response, we introduce a novel reward mechanism that restores the voters' role as a check against proposer power. Our proposed mitigation is fairer and more decentralized, not only in the context of these attacks, but also practical for implementation in Ethereum.