Attacks Your Blockchain Company Should Protect Against
2023-03-06 by
zoe
Today is Cyber Monday, a day for online deals in the United States.
Money spent on a given purchase is not the only concern for many of us, when we make transactions.
Some Transaction Security and Privacy Concerns on the Blockchain
Our transactions, both online and in person, come with various types of concerns, including but not limited to those related to security and privacy.
Blockchain may add further complexity to existing concerns, including the rise of the following types of cyber attacks:
- Economic denial of service (EDoS), whereby sophisticated attackers can modify the contract’s unspent transaction output (UTXO) faster than the victims can react, thus blocking them from interacting with it
- False deposits: A bad actor may be able to generate a deposit event without making a real deposit, or make a deposit with a valueless token, which enables that bad actor to withdraw value from the bridge on the other side.
- Validator flaws: An attacker may try to create fake deposits capable of defeating the processes that cross-chain bridges put in place to validate deposits before funds can be transferred.
- Validator takeover: By controlling a majority of votes among validators, a hacker can approve any transfers.
- Social engineering, which may enable attackers to access privileged accounts, to gain private information and perform transactions and other actions that they should not be able to perform
Some Considerations in Developing Effective Solutions
The following technical solutions and design patterns may be helpful for safe, effective transactions on the blockchain.
- Malleable transactions: Make transactions suitably malleable, so that intermediaries (at equilibrium, miners) can compete to get the transactions accepted by the blockchain in exchange for a fee
- Automated UTXO unlocking scripts: Implement a design pattern of writing UTXO unlocking scripts wherein transactions are suitably malleable to enable users to interact with contracts as if the blockchain were using an Account/Balance model; Automating this process simplifies the work of developers and users and makes it easier for posting intermediaries (miners) to recognize transactions.
- Quick, private intersctions: Enable users to interact with each other and exchange assets with each other quickly, privately, and across blockchains.
- Interoperability among state channels: Empower users to interoperate with existing state channel networks like the Bitcoin Lightning Network.
MuKn’s Account View On UTXO Model (AVOUM) and Generalized State Channels solutions empower various types of participants, across multiple blockchains, with the above features.
References
- AVOUM (Account View on UTXO Model)
- AVOUM whitepaper
- Chenilles Network
- Coindesk article on attacks against cross-chain bridges
Money spent on a given purchase is not the only concern for many of us, when we make transactions.