AEON is often under the attack of a botnet. The botnet comes, mines at low difficulty many blocks and then leaves, while the rest of us is stuck with long blocktimes. But how does it work? How does the network react to such attacks? Those questions got my curiousity and thats why i made this post.

How does the blocktime work?

It is important to understand, that the blocktime is not a fix value for the network. It is only a guideline and therefor optimal value.

AEON has a blocktime of 240 seconds.

This means, that the network will adjust the difficulty to the hashrate of miners on the network to balance out the blocktime to the 240seconds.

If the hashrate increases, while the difficulty stays the same, the blocktime will be below 240 seconds and therefor blocks are found faster than usual. The network evens that out by increasing the network difficulty, which makes it harder for the miners to find a block. Once an average of 240seconds per block is reached, the difficulty rests.

Botnet Attack

Lets say, a botnet attacks AEON. The hashrate of the network doubles in short time. Since the difficulty will not adjust instantly, more blocks are found than usually.

Instead of every 4 minutes, the network finds now blocks every 2 minutes.

The botnet harvests those blocks and then leaves. Now the difficulty slowly adjusts to that attack and rises. Since the botnet hashrate is gone now, the remaining network has to deal with that increased difficulty. Blocks are found slower than usual.

Instead of every 4 minutes, the network finds now blocks every 11 minutes.

After a while, the difficulty will go down again and adjust to the remaining hashrate.

Now we are back to 4 minutes per block.

Difficulty adjustments

So whats the technical background of the difficulty? Why does it react delayed?

To be honest, I didnt find the AEON specific explanation for it….but I found the explanation of Monero. Since AEON is a monero fork, it is high likely, that AEON works the same way.

Monero uses a rolling window of the last 720 blocks. In essence, for each new block the difficulty is being retargeted based on the last 720 blocks. Thus, for example, block 1000720 will take blocks 1000000 to 1000720 for the difficulty calculation, whereas block 1000721 will take blocks 1000001 to 1000721. In addition, to mitigate the effect of dishonest and inaccurate timestamps, 20% of the outliers are cut-off for the calculation¹. A rolling window will reduce the variance of block time, because the network is able to adjust the difficulty every block. By contrast, with Bitcoin it would be possible to push out 5 minute blocks for a week or 1 hour blocks for 12 weeks until the difficulty retargets.

So this means, that it always calculates the difficulty on the average hashrate of the previous 720 blocks. That is why, the difficulty reacts delayed to botnets.

Hope this lil excursion was interesting to read and you learned something today:)

Thanks for your time!





