This paper provides a comprehensive survey of the security threats to blockchain systems, focusing on both common and specific risks. The authors, from various institutions in Hong Kong and China, conduct a systematic examination of security risks and real attacks on popular blockchain systems, including Bitcoin and Ethereum. They also review existing security enhancement solutions and suggest future research directions.
The paper is structured into several sections:
1. **Overview of Blockchain Technologies**: This section introduces the fundamental trust mechanisms (consensus mechanisms) and block propagation processes in blockchain systems. It discusses the two main consensus mechanisms—Proof of Work (PoW) and Proof of Stake (PoS)—and the different block propagation mechanisms used in various blockchain systems.
2. **Risks to Blockchain**: The authors divide common blockchain risks into nine categories and detail the causes and potential consequences. These risks include 51% attacks, private key security issues, criminal activities, double spending, and transaction privacy leakage. Specific risks unique to blockchain 2.0, such as criminal smart contracts and vulnerabilities in smart contracts, are also discussed.
3. **Attack Cases**: Real attacks on blockchain systems are surveyed, including selfish mining attacks, DAO attacks, BGP hijacking attacks, eclipse attacks, liveness attacks, and balance attacks. Each attack is analyzed in detail, highlighting the vulnerabilities exploited.
4. **Security Enhancements**: The paper reviews several security enhancement solutions, such as SMARTPOOL, a decentralized mining pool system; a quantitative framework for analyzing performance and security trade-offs; OYENTE, a tool for detecting bugs in Ethereum smart contracts; and HAWK, a framework for developing privacy-preserving smart contracts.
The authors conclude by emphasizing the importance of continued research and development in enhancing the security of blockchain systems to address the evolving threats and challenges.This paper provides a comprehensive survey of the security threats to blockchain systems, focusing on both common and specific risks. The authors, from various institutions in Hong Kong and China, conduct a systematic examination of security risks and real attacks on popular blockchain systems, including Bitcoin and Ethereum. They also review existing security enhancement solutions and suggest future research directions.
The paper is structured into several sections:
1. **Overview of Blockchain Technologies**: This section introduces the fundamental trust mechanisms (consensus mechanisms) and block propagation processes in blockchain systems. It discusses the two main consensus mechanisms—Proof of Work (PoW) and Proof of Stake (PoS)—and the different block propagation mechanisms used in various blockchain systems.
2. **Risks to Blockchain**: The authors divide common blockchain risks into nine categories and detail the causes and potential consequences. These risks include 51% attacks, private key security issues, criminal activities, double spending, and transaction privacy leakage. Specific risks unique to blockchain 2.0, such as criminal smart contracts and vulnerabilities in smart contracts, are also discussed.
3. **Attack Cases**: Real attacks on blockchain systems are surveyed, including selfish mining attacks, DAO attacks, BGP hijacking attacks, eclipse attacks, liveness attacks, and balance attacks. Each attack is analyzed in detail, highlighting the vulnerabilities exploited.
4. **Security Enhancements**: The paper reviews several security enhancement solutions, such as SMARTPOOL, a decentralized mining pool system; a quantitative framework for analyzing performance and security trade-offs; OYENTE, a tool for detecting bugs in Ethereum smart contracts; and HAWK, a framework for developing privacy-preserving smart contracts.
The authors conclude by emphasizing the importance of continued research and development in enhancing the security of blockchain systems to address the evolving threats and challenges.