What are possible Information risks factor of Blockchain and are the assurance measures in place?
What are possible Information risks factor of Blockchain and are the assurance measures in place?
Share
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Emi Hanado
Here are some key know risk factors
Blockchain efficiency:
For instance, the most popular consensus mechanism used in blockchain is Proof of Work, which the researchers call a “waste of computing resources.” They say there are efforts to develop more efficient and hybrid consensus mechanisms that combine PoW and Proof of Stake (PoS). In addition, blockchains will produce a lot of data — block information, transaction data, contract bytecode — that may be outdated and useless. “There are a lot of smart contracts containing no code or totally the same code in Ethereum, and many smart contracts are never be executed after its deployment. Efficient data cleanup and detection mechanism are desired to improve the execution efficiency of blockchain systems.”
“51% vulnerability:”
Blockchain “relies on the distributed consensus mechanism to establish mutual trust. However, the consensus mechanism itself has 51% vulnerability, which can be exploited by attackers to control the entire blockchain. More precisely, in PoW-based blockchains, if a single miner’s hashing power accounts for more than 50% of the total hashing power of the entire blockchain, then the 51% attack may be launched. Hence, the mining power concentrating in a few mining pools may result in the fears of an inadvertent situation, such as a single pool controls more than half of all computing power.”
Private key security: ”
When using blockchain, the user’s private key is regarded as the identity and security credential, which is generated and maintained by the user instead of third-party agencies. For example, when creating a cold storage wallet in Bitcoin blockchain, the user must import his/her private key.” An attacker could “recover the user’s private key because it does not generate enough randomness during the signature process. Once the user’s private key is lost, it will not be able to be recovered. Since the blockchain is not dependent on any centralized third-party trusted institutions, if the user’s private key is stolen, it is difficult to track the criminal’s behaviors and recover the modified blockchain information.”
Criminal activity and cybersecurity
This is a continuous topic although Blockchain may be the safer option than centalized option.
“Through some third-party trading platforms that support Bitcoin, users can buy or sell any product. Since this process is anonymous, it is hard to track user behaviors, let alone subject to legal sanctions.” Frequent criminal activities with Bitcoin include ransomware, underground markets and money laundering.
Double spending. ”
Although the consensus mechanism of blockchain can validate transactions, it is still impossible to avoid double spending, or using the same cryptocurrency multiple times for transactions. The attacker can exploit the intermediate time between two transactions’ initiation and confirmation to quickly launch an attack.”
Transaction privacy leakage.
Unfortunately, the privacy protection measures in blockchain are not very robust,” Li and his co-authors state. “Criminal smart contracts can facilitate the leakage of confidential information, theft of cryptographic keys, and various real-world crimes (e.g., murder, arson, terrorism, etc.)”
Vulnerabilities in smart contracts. “As programs running in the blockchain, smart contracts may have security vulnerabilities caused by program defects.” For example, one study found that 8,833 out of 19,366 Ethereum smart contracts are vulnerable to bugs such as transaction-ordering dependence, timestamp dependence, .mishandled exceptions, and .re-entrance vulnerability.”
Under-optimized smart contracts:
“When a user interacts with a smart contract deployed in Ethereum, a certain amount of “gas” is charged. Gas can be exchanged with “Ether,” which is the cryptocurrency in Ethereum. This results in “useless-code related patterns,” and “loop-related patterns.” This consists of “dead code, opaque predicate, and expensive operations in a loop.”
Under-priced operations:
“Ethereum sets the gas value based on the execution time, bandwidth, memory occupancy, and other parameters. In general, the gas value is proportional to the computing resources consumed by the operation. However, it is difficult to accurately measure the consumption of computing resources of an individual operation, and therefore some gas values are not set properly. For example, some IO-heavy operations gas values are set too low, and hence these operations can be executed in quantity in one transaction. In this way, an attacker can initiate a Denial of Service attack on Ethereum.”