Blockchain vulnerabilities

From WEB3 Vulnerapedia
Jump to navigation Jump to search

Blockchain Cryptography vulnerabilities

Blockchain Network Layer vulnerabilities

Blockchain Virtual Machine vulnerabilities

Consensus Layer vulnerabilities


Blockchain vulnerabilities

Some of the blockchain vulnerabilities are

Transaction malleability - Allows attackers to change the transaction details after submission, but before it's added to the blockchain.

Replay attacks - Allows attackers to replay old transactions on a blockchain network.

Insufficient gas attacks - Attackers can modify the transaction when it does not have enough gas to complete.

Sybil attack - Attackers create a large number of fake identities on a blockchain network to control the network or disrupt it.

Time Attacks

  • Timestamp dependency vulnerabilities: These vulnerabilities occur when the logic of a smart contract depends on the current time. If the time is changed, the contract may behave in an unexpected way. This can be used to steal funds or to manipulate the contract.
  • Timelock dependency vulnerabilities: These vulnerabilities occur when the logic of a smart contract depends on a future time. If the timelock is not properly implemented, it can be exploited by attackers.
  • Timejacking attacks: These attacks exploit the fact that the time on different nodes in a blockchain network can be different. By submitting a transaction with a timestamp that is in the future, an attacker can trick other nodes into thinking that the transaction is valid.
  • Timejacking vulnerability: This is a vulnerability that allows an attacker to change the time on a blockchain network. This can be used to double spend funds, or to invalidate transactions.
  • Call stack exhaustion attacks: These attacks exploit the fact that smart contracts have a limited call stack depth. If a contract is called too many times, it can crash and lose funds.
  • Unchecked return value vulnerability: These attacks exploit the fact that smart contracts often do not properly check the return values of functions. If a function returns an unexpected value, it can be used to steal funds or to manipulate the contract.
  • Unchecked input data attacks: These attacks exploit the fact that smart contracts often do not properly check the validity of input data. If invalid data is passed to a contract, it can be used to steal funds or to manipulate the contract.
  • Gasless send attacks: These attacks exploit the fact that some smart contracts do not properly check the gas limit of transactions. If a transaction is sent with a gas limit of 0, it will not cost anything to execute, and the attacker can use this to steal funds from the contract.
  • Spoofing attacks: These attacks exploit the fact that it is possible to spoof the sender address of a transaction. This can be used to send funds to a contract that the attacker controls, even if the funds were intended for a different contract.
  • Cross-chain attacks: These attacks exploit the fact that different blockchains can interact with each other. If a vulnerability is found in one blockchain, it can be used to attack another blockchain.
  • Code injection attacks: These attacks exploit the fact that it is possible to inject malicious code into a smart contract. This code can then be executed when the contract is called, and it can be used to steal funds or to manipulate the contract.
  • Phishing attacks: These attacks exploit the fact that users are often tricked into revealing their private keys or other sensitive information. This information can then be used to steal funds from the user's wallet.
  • Phishing attack: This is a type of attack that involves tricking users into revealing their personal information, such as their passwords or seed phrases. This information can then be used to steal their funds.
  • Race conditions: These vulnerabilities occur when two or more transactions try to access the same data at the same time. This can lead to unexpected results, such as funds being lost or double-spent.
  • Deadlocks: These vulnerabilities occur when two or more transactions are waiting for each other to finish, but neither one can finish because the other one is waiting for it. This can lead to transactions being stuck in limbo and never being processed.
  • Out-of-gas attacks: These attacks exploit the fact that smart contracts have a limited amount of gas that they can use to execute. If a transaction runs out of gas before it can complete, it will fail and the funds will be lost.
  • Block withholding attacks: These attacks exploit the fact that nodes in a blockchain network need to agree on the order of blocks in order for the network to function properly. By withholding blocks, an attacker can prevent other nodes from seeing them and can effectively censor transactions.
  • Spurious consensus: This vulnerability occurs when a blockchain network reaches consensus on a block that is invalid. This can happen due to a variety of factors, such as a vulnerability in the consensus algorithm or a malicious attack.
  • Transaction ordering attacks: These attacks exploit the fact that the order of transactions in a blockchain can be changed. By changing the order of transactions, an attacker can change the outcome of a transaction or even steal funds.
  • Double-spending attacks: These attacks exploit the fact that blockchain transactions are not always final. By sending a transaction and then quickly sending another transaction that spends the same funds, an attacker can double-spend the funds.
  • 51% Attack: These attacks occur when an attacker controls more than 50% of the hash power of a blockchain network. This gives the attacker the ability to censor transactions, reverse transactions, and even create new blocks.
  • Reentrancy attacks: These attacks exploit vulnerabilities in smart contracts that allow attackers to call functions in a contract multiple times, even if the contract is not supposed to allow that. This can be used to steal funds or to manipulate the contract.
  • Reentrancy vulnerability: This is a type of vulnerability that occurs when a smart contract calls itself recursively. This can allow an attacker to withdraw funds from the contract multiple times, even though they only have the funds to withdraw once.
  • Integer overflow attacks: These attacks exploit vulnerabilities in smart contracts that deal with integers. If an integer is assigned a value that is too large, it can overflow and cause the contract to behave in an unexpected way. This can be used to steal funds or to manipulate the contract.
  • Logic errors: These attacks exploit vulnerabilities in the logic of smart contracts. For example, a contract might not properly check the validity of input data, or it might not properly handle errors. This can be used to steal funds or to manipulate the contract.
  • Front-running attacks: These attacks exploit the fact that transactions on a blockchain are processed in a chronological order. By submitting a transaction before an attacker's transaction, a malicious actor can front-run the attacker and steal the funds that the attacker was trying to steal.
  • DOS attacks: aim to prevent users from accessing a blockchain network or a smart contract. This can be done by flooding the network with traffic, or by attacking individual nodes.
  • Call stack exhaustion attacks: These attacks exploit the fact that smart contracts have a limited call stack depth. If a contract is called too many times, it can crash and lose funds.
  • Unchecked return value vulnerability: These attacks exploit the fact that smart contracts often do not properly check the return values of functions. If a function returns an unexpected value, it can be used to steal funds or to manipulate the contract.
  • Unchecked input data attacks: These attacks exploit the fact that smart contracts often do not properly check the validity of input data. If invalid data is passed to a contract, it can be used to steal funds or to manipulate the contract.
  • Cross-chain attacks: These attacks exploit the fact that different blockchains can interact with each other. If a vulnerability is found in one blockchain, it can be used to attack another blockchain.
  • Code injection attacks: These attacks exploit the fact that it is possible to inject malicious code into a smart contract. This code can then be executed when the contract is called, and it can be used to steal funds or to manipulate the contract.
  • Deadlocks: These vulnerabilities occur when two or more transactions are waiting for each other to finish, but neither one can finish because the other one is waiting for it. This can lead to transactions being stuck in limbo and never being processed.
  • Spurious consensus: This vulnerability occurs when a blockchain network reaches consensus on a block that is invalid. This can happen due to a variety of factors, such as a vulnerability in the consensus algorithm or a malicious attack.
  • Transaction ordering attacks: These attacks exploit the fact that the order of transactions in a blockchain can be changed. By changing the order of transactions, an attacker can change the outcome of a transaction or even steal funds.
  • Routing attack: This is an attack that targets the way that transactions are routed through a blockchain network. This can be used to prevent transactions from being processed, or to redirect funds to an attacker's wallet.
  • Eclipse attack: This is an attack that involves isolating a node from the rest of the network. This can be used to prevent the node from receiving updates, or to prevent it from participating in consensus.
  • Long range attack: This is an attack that targets proof-of-stake blockchain networks. It involves an attacker accumulating a large amount of stake over a long period of time, and then using that stake to attack the network.