Blockchain Security Vulnerabilities keep you up at night?
Blockchain seems to be one of the most highly secure networks conceived but yet, there are several Blockchain security vulnerabilities which was observed as recently called out by a group of researchers.
When asked whether blockchain which is a network of global online ledgers are really secured? Its proponent responded by saying yes because it assigns smart contracts or transactions to an immutable ledger which is verifiable by multiple parties.
However, a paper which was published recently reveals some vulnerability which may subject blockchain entries to hacking, inefficiencies as well as other criminal activity. The paper which was published by Peng Jiang, Xiaoqi Li and Xiapu Luo shows that blockchain has are several vulnerabilities which users need to be aware of so that their cryptocurrencies can be stored safely.
It’s locked — but its rusty. Is it Safe?
As blockchain increasingly becomes part of the business operations, it is crucial to have a closer look so as to examine the potential security liabilities which comes along with this emerging technology.
With an increase in the number of decentralized applications, the privacy leakage risk of blockchain will be more serious, said Li and his co-authors. A decentralized application as well as the process of communication between the internet and application is both faced with privacy leakage risks. They urge greater adoption of techniques to address the challenge which include: “code obfuscation, application hardening and the execution of trusted computing.”
Major risk factors for Blockchain Security Vulnerabities
For beginners, the efficiency of blockchain themselves may become overloaded with complex consensus mechanism as well as invalid data. Li and his companions noted that the consensus mechanism which was employed across the internet is computing resource hogs.
For example, most popular consensus mechanisms which are used in blockchain are proof of work, which is referred to as a “waste of computing resources” by the researcher. They usually say that there are efforts to develop more efficient and hybrid consensus mechanisms that combine PoW and Proof of Stake (PoS).
In addition to that, blockchain will produce a lot of information, data, transaction data, contract bytecode which may be useless and outdated. “There are several smart contracts which contain no code or totally the same code in Ethereum, and many smart contracts won’t be executed after its deployment. An efficient data cleanup and detention mechanism can be used to enhance the execution efficiency of the blockchain systems.”
Blockchain “relies mainly on the distribution consensus mechanism so that a mutual trust can be established. However, the level of vulnerability in the consensus mechanism is 51%, this can be exploited by the attackers to control the entire blockchain.
To be specific, in PoW-based blockchain, if a single miner’s hashing power accounts for more than 50% of the total hashing power of the entire blockchain, then it can result to the launching of the 51% attack. Hence, the concentration of mining power in some mining pools may result in the fear of an inadvertent situation, such as a single pool controls more than half of all the computing power.”
Private key security
Whenever you are using blockchain, the private key of the user is regarded as the identity and security credential, which is generated and also maintained by the user rather than a third-party agency. For instance, when creating a cold storage wallet in Bitcoin blockchain, it is a must for the user to import his or her private key.
The user’s private key can be recovered by an attacker because it does not generate enough randomness during the signature process. Once the user’s private key is lost, the user won’t be able to recover it again. Since blockchain does not depend on any centralized third-party trusted institutions, if the private key of the user is stolen, it would be very difficult to track the behavior of the criminal so as recover the modified blockchain information.
Users can either buy or sell any product through third-party trading platform which supports Bitcoin. Since there is a high level of anonymity in this process, it is very difficult to track the behavior of the user, let alone be subject to legal sanctions. The frequent criminal activities today with Bitcoin include ransomeware, underground markets as well as money laundering.
Transaction privacy leakage
“The unfortunate thing here is that the privacy protection which are measured in blockchain are not very robust,” Li and his co-authors state. “Criminal smart contracts can facilitate the leakage of confidential information, theft of cryptographic keys, and other real-world crimes such as terrorism, arson, murder, etc.”
Vulnerabilities in smart contracts
“During the running of programs in the blockchain, smart contracts may have security vulnerabilities which are caused by program defects.” For instance, a survey showed that 8,833 out of 19,366 Ethereum smart contracts are vulnerable to bugs like transaction-ordering dependence timestamp dependence, re-entrancy vulnerability and mishandled exceptons.
Under-optimized smart contracts
Whenever a user has an interaction with a smart contract which is deployed in Ethereum, a certain amount of “gas” will be charged. Gas can also be exchanged with “Ether,” which is the cryptocurrency in Ethereum. This would result into “useless-code related patterns,” and “loop-related patterns.” This consists of “dead code, opaque predicate, as well as expensive operations in a loop.”
“Ethereum sets the gas value based on the execution time, memory occupancy, bandwidth as well as other parameters. Generally, the gas value is proportional to the computing resources consumed by the operation. However, it is challenging to accurately measure the consumption of computing resources of an individual operation, and therefore some gas values are not set appropriately. For instance, some IO-heavy operation’s gas values are set too low, and hence these operations can be executed in quantity in one transaction. In this way an attacker can initiate a Denial of Service attack on Ethereum.”
So, what do you think? Does these Blockchain Security Vulnerabilities change your mind about wallet handling?
Subscribe to Soqqle - The Best Educational Game in 2018
Get the latest posts delivered right to your inbox