Blockchain and decentralized finance

Where are the risks?

Fundamental threads and attack vectors

Fundamental threads and attack vectors

All blockchains in use today trace their roots back to the Bitcoin blockchain invented and proposed by the user of the pseudonym Satoshi Nakamoto.[1] Because the Bitcoin blockchain is much simpler than most of the later blockchains – it does not support smart contracts – it can be regarded as inherently more secure. The fact that it has been so widely used and analyzed also makes it unlikely that new security issues affecting Bitcoin will come to light. It should be realized that the flip side of this argument applies to later blockchains:

  • the fact they are more complex than Bitcoin means there is more scope for security vulnerabilities.
  • blockchains other than Ethereum and for complex products running on top of Ethereum, they may not have been analyzed in detail by enough experts to ensure that no obvious new security vulnerabilities will be found.

However, it is often forgotten that even Bitcoin has various theoretical weaknesses that could be exploited at some time in the future and that also apply to all later blockchains.

Sybil attack

A Sybil attack or 51% attack is where a single individual or organization gains control of enough nodes within a blockchain network to obtain overall control of what is written. For Bitcoin and most other cryptocurrencies, a Sybil attack requires control of over half the network; the smaller the cryptocurrency and hence the fewer nodes involved in a network, the easier a Sybil attack is to mount.

At least for the larger cryptocurrencies, it is unlikely that mounting a Sybil attack would be economically worthwhile. However, it is quite possible that one of the larger nation states could decide to take down one or more blockchain networks for political reasons and that they would be able to deploy the resources to do so. It is worth noting in this regard that Bitcoin and Ethereum mining was at times concentrated in the hands of a small number of Chinese-based mining pools that could offer governments such as the PRC an opportune starting point to mount a Sybil attack."[2]

Breaking of asymmetric encryption

Ownership on a blockchain is based on asymmetric encryption – a transaction assigns ownership to a public key, after which spending requires the use of the matching private key. Bitcoin, Ethereum and most other blockchains use asymmetric encryption based on elliptic curves, which is vulnerable to attacks using quantum computers. This implies that, as quantum computing becomes more feasible and cheaper, existing blockchains may become insecure long before the last bitcoins are minted.

For the time being, the use of quantum computing with large numbers is not technically possible; even when it becomes possible, it is likely to remain too expensive for the foreseeable future for it to be financially worth using it to crack cryptocurrencies. However, a government could choose to deploy it in order to bring a cryptocurrency down for political motives.

Breaking of cryptographically secure hashing

The integrity of a blockchain depends on the security of the hash function used to sign off blocks: an insecure hash function could be abused to insert a block with fake information at an arbitrary point in the blockchain as well as to mine for free on a proof-of-work-based blockchain like Bitcoin. In practice, a widely disseminated chain like Bitcoin could simply switch to a new, secure hash function for new blocks; there would probably be enough copies of the historical chain in the world to avoid disagreements about its content. 

The vulnerability to quantum analysis described previously does not apply to hashing algorithms, and there is no reason to believe that the algorithms used in most blockchains will be cracked any time soon. That said, there is never any way of foreseeing breakthroughs in mathematics.

Contact

Julian Ueding

Julian Ueding
IT Consultant
+49 172 4067413
Julian.ueding@msg.group

Insecure smart contracts

Insecure smart contracts

Smart contracts are based upon the ‘code is law’ principle, which sounds attractive until you realize that much if not most code written in the world is buggy when it is first released: there is a reason why the release cycles of most major software products include alpha and beta versions. Smart contracts are also by definition open-source, meaning that attackers have every opportunity to scan the contracts on a blockchain until they find one with vulnerabilities and then to strike.

Any sort of programming or logic error could conceivably strike a smart contract, but this section sets out several issues that have been observed – often repeatedly – in the past.

Numeric overflow

A computer stores a number as a finite sequence of bits. If arithmetic operations performed on numbers of finite size lead to a result that is too large to fit in the available space, the number ‘flips round’ starting back at zero. There are many variations on this basic theme and many of them have been used to hack smart contracts in the wild.[3]

Reentrancy

As smart contracts become more complicated, situations often arise where one smart contract calls another. If a smart contract transfers funds and calls another smart contract before updating its internal balance, it may be possible for an attacker to make the called smart contract call the original smart contract back again. This happens before the original smart contract’s balance has changed. Doing this repeatedly in a loop can lead to far more funds being transferred than the smart contract was originally intended to have access to. This was the technique behind the now infamous DAO Hack of 2016.[4]

Insufficient radomness

Smart contracts requiring a random number may find it difficult to obtain one and resort to generating the number from some attribute of the current block, like its timestamp. The problem here is that it can be possible for an attacker to set this attribute to a value of his or her choosing, thus controlling the generated random value.[5]

Interaction with the outside world

Interaction with the outside world

Blockchains and smart contracts do not execute in a vacuum, but rather interact with various other systems which represent further attack vectors.

Oracle manipulation

Smart contracts often refer to oracles to determine whether a predetermined condition (temperature, precipitation, exchange rate) is fulfilled or not. Either manipulating the oracle itself or redirecting oracle requests to another node e.g. via DNS spoofing[6] can enable an attacker to supply a smart contract with false information.

NFT index manipulation

A non-fungible token points to a specific asset such as a piece of digital art. Most blockchains are unable to store items like large images on-chain, meaning that what is stored is a token; the art is stored elsewhere and is referenced by the on-chain token. A secure implementation will ensure that the referencing token is not simply a string of bits but that it specifies the asset in an unambiguous fashion. Otherwise, the site hosting the asset could be hacked to replace the asset in question with something else and the blockchain contents would offer no way of proving what had happened.

Multi-chain attacks

A smart contract sometimes references one or more entities stored on a different blockchain from the one where the smart contract itself is hosted. Especially as the complexity of such a construct increases, if extreme care is not taken an attacker may find a way of executing part of the financial transaction on one chain but leaving the other chain untouched.

Block mechanics abuse

Block mechanics abuse

The mode of operation of a blockchain where transactions are amassed in blocks that the network then signs off as completed is vulnerable to various types of abuse. This is because information about transactions is made public and is visible to others before the transactions are effectively executed.

Front-running

An attacker who sees that a transaction is a candidate for inclusion into the next block can execute another transaction, intended for inclusion into the same block. That may change the financial fundamentals of the first transaction, making it less advantageous for its executor and more advantageous for the attacker. Alternatively, the attacker may be abled to replace the first transaction to his advantage. In many blockchains, the second transaction can be made to run before or instead of the first by bidding more gas.[7]

It is difficult for smart contracts to guard completely against front-running without at the same time reducing the capability of the contract to be called and used in real time (‘liveness’).

Flash loans

A flash loan is accompanied by a smart contract making the loan invalid if it is not paid back within the same block.[8] This means that the loan has no costs for either party, but can still be used for financial manipulation, e.g. to affect an exchange rate against which another, unrelated transaction is then executed, or more generally to spoof input to an automated oracle.

Insufficient gas griefing

The fact that Ethereum smart contracts only take effect if they are run with sufficient gas opens the door to an attacker offering just too little gas. Insufficient gas griefing is typically just an annoyance but can also enable a financially relevant attack if an action calls multiple sub-contracts and it is not ensured that either no sub-contracts or all sub-contracts are executed.[9]

Financial manipulation

Financial manipulation

Almost all types of financial manipulation that have historically been observed on traditional markets are also applicable to cryptocurrency markets, but the problems are compounded because:

  • cryptocurrencies operate outside a legal framework.
  • their market capitalization is often lower than for traditionally traded currencies and commodities, meaning that less money is required to manipulate them.

The sections below are just a few examples from within an extensive attack space.

 Fake news

An attacker may use fake news about external events or financial transactions to induce panic and cause others to buy or sell to his advantage. On a blockchain, fake news may also take the form of transactions that do not actually end up being executed (see “insufficient gas griefing”).

 Wash trading

Wash trading refers to the act of ‘fabricating trades or acting as a transaction counterparty’.[10] Fabricated trades, especially when all within a single block, can be used to exaggerate available liquidity, either to make an exchange seem more popular than it really is or to generate spurious input to an oracle.

 Quote stuffing

‘Quote stuffing is the practice of quickly entering and then withdrawing large orders in an attempt to flood the market with quotes and cause competitors to lose time in processing them.’[11] As explained in the section “Insufficient gas griefing”, the fact that it is possible to disseminate transactions that do not actually end up being executed makes cryptocurrency markets especially vulnerable to the practice.

Authentication and authorization

Authentication and authorization

In the original Bitcoin blockchain, the idea was that an asymmetric private key should not only act as a perfect means of authentication to an asset but that it should take on the role of the asset itself. In practice and especially with more complex blockchains, the reality is often anything but perfect.

 Private key loss

There can be few other situations where the loss of a credential is as catastrophic as when that credential represents bitcoins or ether. For example, in Wales a bitcoin miner threw away his computer when bitcoins were worth almost nothing and then had to accept the loss of around $280m when he was not allowed to dig up the landfill site where he believed his old computer to be.[12] This sort of situation is why in practice nowadays other credentials are normally involved in crypto trading that are at once less vulnerable to loss and more vulnerable to theft.

 Wallet credential theft

Most individual traders use wallet companies where access to a wallet containing the private keys is mediated by classic one- or two-factor authentication. It is crucial to understand that the authentication credentials are then vulnerable to the whole repertoire of standard application-, authentication- and network-based cyberattacks.[13]

 Admin credentials

The creators of some smaller blockchains build admin credentials into the system that can be used to override smart contracts that fall victim to attacks such as those laid out previously. This obviously goes against the original ‘code is law’ philosophy: the developers are then essentially government, judge and police for everything that happens on their blockchain. Although their reputation would be expected to motivate them not to abuse their power, they are obviously less to be trusted than most governmental control institutions. It is worth mentioning that if admin credentials are stolen, the whole blockchain becomes essentially worthless.

 Missing smart contract checks

Smart contracts should always check who is calling them and what the caller is attempting to achieve and that the operation is valid. Unfortunately, it will often only come to light that a smart contract is missing vital checks when it is too late, as when an Ethereum newbie possibly accidentally rendered ether worth $150m dollars permanently unusable.[14]

Und, sind Sie bereit für das NEXT BIG THING in DLT?

Wenn Sie wissen möchten, wie Sie Ihr Geschäft mithilfe von DLT ausbauen, einen Workshop zu spezifischen Themen abhalten oder einfach mehr über die Potenziale und Anwendungsmöglichkeiten der DLT erfahren möchten:

Sprechen Sie uns an!