Cloud 101CircleEventsBlog
Get 50% off the Cloud Infrastructure Security training bundle with code 'unlock50advantage'

Over 200 Documented Blockchain Attacks, Vulnerabilities and Weaknesses

Published 10/26/2020

Over 200 Documented Blockchain Attacks, Vulnerabilities and Weaknesses
Written by Kurt Seifried, Chief Innovation Officer, CSA.


Blockchain attacks are very hot right now for one simple reason: it’s where the money is.

If you attack and compromise a database you need to take that data and then sell it to monetize your attack. If you compromise a web server you need to install some malware to harvest credit card details, and then monetize that data by selling it. But if you steal crypto currency? That’s literally money in the attackers wallet now.

The good news: law enforcement is getting better at tracing these transactions and following the money, the bad news: the blockchain industry is not very mature when it comes to identifying vulnerabilities and weaknesses.

Attacks rely on a vulnerability being present so that they can exploit it. These vulnerabilities are implemented in software (web services, smart contracts, the underlying blockchain system, etc.) and can be any number of weaknesses such as logic bugs, reentrancy issues, integer overflows and so on.

There is no comprehensive list of Blockchain weaknesses

And there is no comprehensive public list of weaknesses. There are a number of projects trying to do this, the US Government Department of Homeland Security actually sponsors one such effort, the Common Weakness Enumeration database (https://cwe.mitre.org/) database and there is a Solidity focuses Smart Contract Weakness Classification and Test Cases available from the SWC Registry (https://swcregistry.io/).

Why is a public list of such weaknesses important?

Simple. How do you find and fix weaknesses in software if you don’t have a name to call them, let alone the ability to properly describe the weakness and possible mitigations or solutions to them? Also like most things in life given the choice between using a public database or building your own data set most security scanning tools use the CWE database as their baselines for security flaws that they try to detect and offer guidance on remediating.

This means that Blockchain and smart contract security scanning tools will (probably) detect common and known issues like integer overflows and memory leaks. But they may not detect Blockchain and smart contract specific vulnerabilities as well since there is no good, comprehensive, public database to use as a source.

CSA's has documented over 200 Blockchain weaknesses

The Cloud Security Alliance is of course working on this issue, we currently have a rough list of almost 200 weaknesses that apply to Blockchain and smart contracts, and about half of which are not in any other public database of weaknesses. You can view the full list of weaknesses here →

The goal is to make this list of weaknesses more detailed and comprehensive, and encourage other public databases (such as CWE or SWC Registry) to include then so that ultimately automated tools will include support for them, making it easier for developers and end users to find, understand and fix vulnerabilities because attackers find and exploit them. If you are interested in joining this project please reach out to us, specifically the Attack Vectors/terms glossary sub Working Group, for more information please see https://csaurl.org/DLT-Security-Framework_sub_groups

The document Top 10 Blockchain Attacks, Vulnerabilities & Weaknesses compiles this research and gives an in-depth understanding of the most important weaknesses.

Preview of Blockchain Weaknesses

Name of weakness

Description

API Exposure

If an API is improperly exposed an attacker can attack it

Block Mining Race Attack

A variation on the Finney attack

Block Mining Timejack Attack

By isolating a node the time signal can be manipulated getting the victim out of synchronization

Block Reordering Attack

Certain cryptographic operations (such as using CBC or ECB incorrectly) allow blocks to be re-ordered and the results will still decrypt properly

Blockchain Network Lacks Hash Capacity

The Blockchain/DLT network lacks hashing capacity, an attacker can rent sufficient hashing power to execute a 51% Attack

Blockchain Peer flooding Attack

By creating a large number of fake peers in a network (peer to peer or otherwise) an attacker can cause real nodes to slow down or become non responsive as they attempt to connect to the newly announced peers.

Blockchain Peer flooding Attack Slowloris variant

By creating a large number of slow peers (real systems that respond very slowly to network requests) in a network an attacker can cause real nodes to slow down or become non responsive as they attempt to connect to the newly announced peers. Unlike fake peers that do not exist these slowloris peers are real but communicate slowly enough to hold sockets and resources open for minutes or hours.

Blockchain reorganization attack

Also referred to as an alternative history attack

Consensus 34% Attack

34% Attack against BFT network, a specific instance of Consensus Majority Attack

Consensus 51% Attack

51% Attack against DLT network, a specific instance of Consensus Majority Attack

Consensus Attack

Attacks against the consensus protocol and system in use can take many forms and are not limited to gaining control of the consensus mechanism but can also be used to slow down consensus for example

Consensus Delay Attack

Consensus Delay Attacks can allow malicious miners to gain time in order to execute other attacks

You can view the full list of Blockchain weaknesses here →

Learn more about the top 10 weaknesses here →

CSA Blockchain Working Group

Learn about the work CSA is doing to secure blockchain and distributed ledger technologies. You can learn more about the work CSA is doing, download research, and view webinars and blogs on this topic on the Blockchain working group page.

Share this content on your favorite social network today!