Exploring the Attack Surface of Blockchain: A Systematic Overview

TL;DR

This paper systematically analyzes the attack surface of public Blockchain systems, identifying vulnerabilities related to cryptography, architecture, and applications, and discusses potential attack vectors and mitigation strategies.

Contribution

It provides a comprehensive overview of attack types, their interrelations, and defense measures, offering a structured understanding of Blockchain security challenges.

Findings

Identified key attack vectors like 51% attack, DDoS, and smart contract exploits.

Mapped causal relationships between different attack types.

Summarized existing and proposed defense mechanisms against Blockchain attacks.

Abstract

In this paper, we systematically explore the attack surface of the Blockchain technology, with an emphasis on public Blockchains. Towards this goal, we attribute attack viability in the attack surface to 1) the Blockchain cryptographic constructs, 2) the distributed architecture of the systems using Blockchain, and 3) the Blockchain application context. To each of those contributing factors, we outline several attacks, including selfish mining, the 51% attack, Domain Name System (DNS) attacks, distributed denial-of-service (DDoS) attacks, consensus delay (due to selfish behavior or distributed denial-of-service attacks), Blockchain forks, orphaned and stale blocks, block ingestion, wallet thefts, smart contract attacks, and privacy attacks. We also explore the causal relationships between these attacks to demonstrate how various attack vectors are connected to one another. A secondary contribution of this work is outlining effective defense measures taken by the Blockchain technology or proposed by researchers to mitigate the effects of these attacks and patch associated vulnerabilities