A Survey on EOSIO Systems Security: Vulnerability, Attack, and Mitigation

TL;DR

This paper provides a comprehensive survey of EOSIO blockchain security, analyzing past attacks, vulnerabilities, and mitigation strategies to enhance understanding and guide future security improvements.

Contribution

It systematically studies EOSIO security issues, compiles attack cases, identifies root causes, and offers best practices for developers and researchers.

Findings

Identified key vulnerabilities in EOSIO components

Analyzed major attack incidents and their root causes

Summarized effective mitigation strategies

Abstract

EOSIO, as one of the most representative blockchain 3.0 platforms, involves lots of new features, e.g., delegated proof of stake consensus algorithm and updatable smart contracts, enabling a much higher transaction per second and the prosperous decentralized applications (DApps) ecosystem. According to the statistics, it has reached nearly 18 billion USD, taking the third place of the whole cryptocurrency market, following Bitcoin and Ethereum. Loopholes, however, are hiding in the shadows. EOSBet, a famous gambling DApp, was attacked twice within a month and lost more than 1 million USD. No existing work has surveyed the EOSIO from a security researcher perspective. To fill this gap, in this paper, we collected all occurred attack events against EOSIO, and systematically studied their root causes, i.e., vulnerabilities lurked in all relying components for EOSIO, as well as the corresponding attacks and mitigations. We also summarized some best practices for DApp developers, EOSIO official team, and security researchers for future directions.