Attack and protection schemes on fabric isomorphic crosschain systems

Lv, Zhuo; Wu, Di; Yang, Wensheng; Duan, Li

doi:10.1177/15501477211059945

Cited by 8 publications

(5 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Attackers can repeatedly submit the same inclusion proof over and over again to try to prove a statement more than once. Numerous unbacked assets can be created, or multiple tokens can be unlocked, triggered by a single burn event [58], [76], [92], [130], [176].…”

Section: Submission Of Repeated Inclusion Proofs (mentioning

confidence: 99%

“…). Attackers might try to repeatedly submit the same inclusion proof over and over again to try to prove a statement more than once [58], [76], [92], [130], [176] -i.e., a Replay Attack. For instance, after locking an asset 𝑋 on the source chain, the attacker might present the corresponding Merkle proof multiple times to mint multiple representations of 𝑋 on the destination chain.…”

Section: Submission Of Repeated Inclusion Proofs (mentioning

confidence: 99%

“…These solutions should be enforced by the overall protocol architecture -i.e., guarantee atomicity by design. It can be either enforced by decentralized watchers ( 21 ) [50], [135], centralized systems ( 8 ) [37], [73], [176], third-party networks with custom rules built-in to the consensus mechanism( 22 ) [188], or cryptographic primitives set up jointly between users and operators ( 23 ) [74], [98], [103], [105]. This vulnerability can also be inserted through a buggy smart contract implementation.…”

Section: Submission Of Repeated Inclusion Proofs (mentioning

confidence: 99%

See 2 more Smart Citations

SoK: Security and Privacy of Blockchain Interoperability [Extended Version]

Augusto,

Belchior,

Correia

et al. 2024

Preprint

View full text Add to dashboard Cite

Recent years have witnessed significant advancements in cross-chain technology. However, the field faces two pressing challenges when it comes to security and privacy. Hacks on cross-chain bridges have led to monetary losses of around 3 billion USD, highlighting flaws in security models governing interoperability mechanisms (IMs) and the ineffectiveness of incident response frameworks. Additionally, the exploration of privacy within cross-chain scenarios remains relatively unexplored. Hackers benefit from extensive privacy, whereas users and bridge operators experience restricted privacy, thereby broadening the potential attack surface for adversaries. In this paper, we present the most comprehensive study to date on the security and privacy of blockchain interoperability. Our study employs a rigorous systematic literature review, yielding a corpus of 178 relevant documents, including 58 academic papers and 120 gray literature documents, out of a pool of 531. We systematically categorize 56 interoperability solutions based on a newly created taxonomy focusing on security and privacy considerations. Our dataset, comprising academic research, disclosures from bug bounty programs, and audit reports, exposes 45 cross-chain vulnerabilities, 25 theoretical attacks, and 88 mitigation strategies. Leveraging this data, we analyze 14 notable bridge hacks accounting for over USD 2.9 billion in losses, mapping them to the identified vulnerabilities. Our findings reveal that a substantial portion (65.8\%) of stolen funds originates from projects secured by permissioned intermediary networks with unsecured cryptographic key operations. Regarding privacy, we demonstrate that achieving unlinkability in cross-chain transactions is contingent on the underlying ledgers providing some form of confidentiality. In conclusion, our study offers critical insights into the challenges and vulnerabilities within the realm of cross-chain interoperability. We pinpoint promising directions for future research that can guide both industry practitioners and academics toward substantial advancements in this field. Our work underscores the urgency of enhancing security and privacy measures in cross-chain technology to mitigate the substantial financial risks associated with bridge hacks and to foster user trust in the blockchain ecosystem.

show abstract

Section: Submission Of Repeated Inclusion Proofs (mentioning

confidence: 99%

Section: Submission Of Repeated Inclusion Proofs (mentioning

confidence: 99%

Section: Submission Of Repeated Inclusion Proofs (mentioning

confidence: 99%

See 1 more Smart Citation

SoK: Security and Privacy of Blockchain Interoperability [Extended Version]

Augusto,

Belchior,

Correia

et al. 2024

Preprint

View full text Add to dashboard Cite

show abstract

“…). Attackers might try to repeatedly submit the same inclusion proof over and over again to try to prove a statement more than once [75], [89], [92], [130], [176] -i.e., a Replay Attack. For instance, after locking an asset 𝑋 on the source chain, the attacker might present the corresponding Merkle proof multiple times to mint multiple representations of 𝑋 on the destination chain.…”

Section: Submission Of Repeated Inclusion Proofs (mentioning

confidence: 99%

“…These solutions should be enforced by the overall protocol architecture -i.e., guarantee atomicity by design. It can be either enforced by decentralized watchers ( 21 ) [50], [135], centralized systems ( 8 ) [37], [72], [176], third-party networks with custom rules built-in to the consensus mechanism( 22 ) [179], or cryptographic primitives set up jointly between users and operators ( 23 ) [73], [98], [103], [105]. This vulnerability can also be inserted through a buggy smart contract implementation.…”

Section: Submission Of Repeated Inclusion Proofs (mentioning

confidence: 99%

SoK: Security and Privacy of Blockchain Interoperability

Augusto,

Belchior,

Correia

et al. 2023

Preprint

View full text Add to dashboard Cite

Recent years have witnessed significant advancements in cross-chain technology. However, the field faces two pressing challenges when it comes to security and privacy. Hacks on cross-chain bridges have led to monetary losses of around 3 billion USD, highlighting flaws in security models governing interoperability mechanisms (IMs) and the ineffectiveness of incident response frameworks. Additionally, the exploration of privacy within cross-chain scenarios remains relatively unexplored. Hackers benefit from extensive privacy, whereas users and bridge operators experience restricted privacy, thereby broadening the potential attack surface for adversaries. In this paper, we present the most comprehensive study to date on the security and privacy of blockchain interoperability. Our study employs a rigorous systematic literature review, yielding a corpus of 178 relevant documents, including 58 academic papers and 120 gray literature documents, out of a pool of 531. We systematically categorize 56 interoperability solutions based on a newly created taxonomy focusing on security and privacy considerations. Our dataset, comprising academic research, disclosures from bug bounty programs, and audit reports, exposes 45 cross-chain vulnerabilities, 25 theoretical attacks, and 88 mitigation strategies. Leveraging this data, we analyze 14 notable bridge hacks accounting for over USD 2.9 billion in losses, mapping them to the identified vulnerabilities. Our findings reveal that a substantial portion (65.8\%) of stolen funds originates from projects secured by permissioned intermediary networks with unsecured cryptographic key operations. Regarding privacy, we demonstrate that achieving unlinkability in cross-chain transactions is contingent on the underlying ledgers providing some form of confidentiality. In conclusion, our study offers critical insights into the challenges and vulnerabilities within the realm of cross-chain interoperability. We pinpoint promising directions for future research that can guide both industry practitioners and academics toward substantial advancements in this field. Our work underscores the urgency of enhancing security and privacy measures in cross-chain technology to mitigate the substantial financial risks associated with bridge hacks and to foster user trust in the blockchain ecosystem.

show abstract