A Survey on the Security of Blockchain Systems

1. Introduction

Since the debut of Bitcoin in 2009, its underlying technique, blockchain, has shown promising application prospects and attracted lots of attentions from academia and industry. Being the first cryptocurrency, Bitcoin was rated as the top performing currency in 2015 and the best performing commodity in 2016.

The introduction of Turing-complete programming languages to enable users to develop smart contracts running on the blockchain marks the start of blockchain 2.0 era. With the decentralized consensus mechanism of blockchain, smart contracts allow mutually distrusted users to complete data exchange or transaction without the need of any third-party trusted authority.

Since blockchain is one of the core technology in FinTech (Financial Technology) industry, users are very concerned about its security. Some security vulnerabilities and attacks have been recently reported. Loi et al. discover that 8,833 out of 19,366 existing Ethereum contracts are vulnerable. Note that smart contracts with security vulnerabilities may lead to financial losses.

2. Overview of Blockchain Technologies

This section introduces the main technologies employed in blockchain, including consensus mechanisms, block propagation and synchronization, and the development stages of blockchain technology.

2.1 Consensus Mechanism

Being a decentralized system, blockchain systems do not need a third-party trusted authority. Instead, to guarantee the reliability and consistency of the data and transactions, blockchain adopts the decentralized consensus mechanism. In the existing blockchain systems, there are four major consensus mechanisms: PoW (Proof of Work), PoS (Proof of Stake), PBFT (Practical Byzantine Fault Tolerance), and DPoS (Delegated Proof of Stake).

2.2 Block Propagation and Synchronization

In the blockchain, each full node stores the information of all blocks. Being the foundation to building consensus and trust for blockchain, the block propagation mechanisms can be divided into several categories: advertisement-based propagation, sendheaders propagation, unsolicited push propagation, relay network propagation, and push/advertisement hybrid propagation.

2.3 Technology Development

From the birth of the first blockchain system Bitcoin, the blockchain technology has experienced two stages of development: blockchain 1.0 and blockchain 2.0.

In the blockchain 1.0 stage, the blockchain technology is mainly used for cryptocurrency. In the blockchain 2.0 stage, smart contract is introduced so that developers can create various applications through smart contracts.

3. Risks to Blockchain

We divide the common blockchain risks into nine categories, and detail the causes and possible consequence of each risk.

3.1 Common Risks to Blockchain 1.0 and 2.0

3.1.1 51% Vulnerability

The blockchain relies on the distributed consensus mechanism to establish mutual trust. However, the consensus mechanism itself has 51% vulnerability, which can be exploited by attackers to control the entire blockchain.

3.1.2 Private Key Security

When using blockchain, the user's private key is regarded as the identity and security credential, which is generated and maintained by the user instead of third-party agencies.

3.1.3 Criminal Activity

Bitcoin users can have multiple Bitcoin addresses, and the address has no relationship with their real life identity. Therefore, Bitcoin has been used in illegal activities including ransomware, underground markets, and money laundering.

3.1.4 Double Spending

Although the consensus mechanism of blockchain can validate transactions, it is still impossible to avoid double spending. Double spending refers to that a consumer uses the same cryptocurrency multiple times for transactions.

3.1.5 Transaction Privacy Leakage

Since the users' behaviors in the blockchain are traceable, the blockchain systems take measures to protect the transaction privacy of users. Unfortunately, the privacy protection measures in blockchain are not very robust.

3.2 Specific Risks to Blockchain 2.0

3.2.1 Criminal Smart Contracts

Criminals can leverage smart contracts for a variety of malicious activities, which may pose a threat to our daily life. CSCs (Criminal Smart Contracts) can facilitate the leakage of confidential information, theft of cryptographic keys, and various real-world crimes.

3.2.2 Vulnerabilities in Smart Contract

As programs running in the blockchain, smart contracts may have security vulnerabilities caused by program defects. Common vulnerabilities include transaction-ordering dependence, timestamp dependence, mishandled exceptions, and reentrancy vulnerability.

3.2.3 Under-Optimized Smart Contract

When a user interacts with a smart contract deployed in Ethereum, a certain amount of gas is charged. Unfortunately, some smart contracts' development and deployment are not adequately optimized, leading to unnecessary gas consumption.

3.2.4 Under-Priced Operations

In Ethereum, each operation is set to a specific gas value. However, it is difficult to accurately measure the consumption of computing resources of an individual operation, and therefore some gas values are not set properly, enabling DoS attacks.

4. Attack Cases

This section surveys real attacks on blockchain systems and analyzes the vulnerabilities exploited in these attacks.

4.1 Selfish Mining Attack

The selfish mining attack is conducted by attackers (i.e., selfish miners) for the purpose of obtaining undue rewards or wasting the computing power of honest miners. The attacker holds discovered blocks privately and then attempts to fork a private chain.

4.2 DAO Attack

The DAO is a smart contract deployed in Ethereum on 28th May of 2016, which implements a crowd-funding platform. The DAO contract was attacked only after it has been deployed for 20 days. Before the attack happened, DAO has already raised 150 million US$. The attacker stole about 60 million US$ by exploiting the reentrancy vulnerability.

4.3 BGP Hijacking Attack

BGP (Border Gateway Protocol) is a de-facto routing protocol and regulates how IP packets are forwarded to their destination. To intercept the network traffic of blockchain, attackers either leverage or manipulate BGP routing.

4.4 Eclipse Attack

The eclipse attack allows an attacker to monopolize all of the victim's incoming and outgoing connections, which isolates the victim from the other peers in the network. Then, the attacker can filter the victim's view of the blockchain.

4.5 Liveness Attack

Aggelos et al. propose the liveness attack, which is able to delay as much as possible the confirmation time of a target transaction. They also present two instantiations of such attack on Bitcoin and Ethereum.

4.6 Balance Attack

Christopher et al. propose the balance attack against PoW-based blockchain, which allows a low-mining-power attacker to momently disrupt communications between subgroups with similar mining power.

5. Security Enhancements

This section summarizes security enhancements to blockchain systems, which can be used in the development of blockchain systems.

5.1 SmartPool

Loi et al. propose a novel mining pool system named SmartPool, which is implemented as a smart contract in Ethereum. Compared with traditional P2P pools, SmartPool offers advantages in decentralization, efficiency, and security.

5.2 Quantitative Framework

Arthur et al. propose a quantitative framework to analyze PoW-based blockchain's execution performance and security provisions. The framework has two components: blockchain stimulator and security model.

5.3 Oyente

Loi et al. propose Oyente to detect bugs in Ethereum smart contracts. Oyente leverages symbolic execution to analyze the bytecode of smart contracts and it follows the execution model of EVM.

5.4 Hawk

Ahmed et al. propose HAwk, a novel framework for developing privacy-preserving smart contracts. Leveraging HAwk, developers can write private smart contracts without using any code encryption or obfuscation techniques.

5.5 Town Crier

Zhang et al. propose TC (Town Crier), which is an authenticated data feed system for data interaction between smart contracts and off-chain data sources. TC acts as a bridge between HTTPS-enabled data source and smart contracts.

6. Future Directions

Based on the systematic examination on the security of current blockchain systems, we list a few future directions to stir up research efforts into this area.

• More Efficient Consensus Mechanisms: Developing more efficient consensus mechanisms will make a significant contribution to the development of blockchain.
• Enhanced Privacy Protection: With the growth of the number of feature-rich dAPPs, the privacy leakage risk of blockchain will be more serious.
• Data Cleanup and Detection: An efficient data cleanup and detection mechanism is desired to improve the execution efficiency of blockchain systems.

7. Conclusion

In this paper, we focus on the security issues of blockchain technology. By studying the popular blockchain systems (e.g., Ethereum, Bitcoin, Monero, etc.), we conduct a systematic examination on the security risks to blockchain. For each risk or vulnerability, we analyze its causes and possible consequence.

Furthermore, we survey the real attacks on the blockchain systems, and analyze the vulnerabilities exploited in these attacks. Finally, we summarize blockchain security enhancements and suggest a few future directions in this area.

References

The paper includes 71 references to academic papers, technical reports, and online resources related to blockchain security, attacks, and enhancements.