Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Smart Contracts. Show all posts

The United States is Monitoring Vulnerabilities in Bitcoin

 

The United States has shown a keen interest in the cybersecurity aspects of Bitcoin, particularly honing in on a vulnerability associated with the Ordinals Protocol in 2022. The National Vulnerability Database (NVD), overseen by the National Institute of Standards and Technology (NIST), a branch of the U.S. Department of Commerce, has brought attention to this issue for public awareness. This underscores the growing focus of government agencies on the security dimensions of cryptocurrencies.

The vulnerability at the core of this development is specific to certain versions of Bitcoin Core and Bitcoin Knots. It enables the bypassing of the datacarrier limit by disguising data as code. In practical terms, this vulnerability could result in the Bitcoin network being inundated with non-transactional data, potentially causing congestion in the blockchain and affecting performance and transaction fees. This concern is not merely theoretical, as evidenced by the exploitation of the Ordinals inscriptions in 2022 and 2023.

The Ordinals gained prominence in late 2022, involving the embedding of additional data onto a satoshi, the smallest Bitcoin unit, similar to the concept of nonfungible tokens (NFTs) on the Ethereum network. However, the increased usage of Ordinals transactions has led to heightened network congestion, resulting in elevated transaction fees and slower processing times. For blockchain enthusiasts, these issues are not just technical glitches but critical challenges that could influence the future trajectory of Bitcoin.

Luke Dashjr, a Bitcoin Core developer, has been outspoken about this vulnerability, likening it to receiving a flood of junk mail that obstructs essential communications. This metaphor aptly encapsulates the essence of the vulnerability, disrupting the otherwise streamlined process of Bitcoin transactions.

In response to these concerns, a patch has been developed in Bitcoin Knots v25.1. However, Dashjr notes that Bitcoin Core remains vulnerable in its upcoming v26 release. He expresses hope that the issue will be addressed in the v27 release next year. The implications of this vulnerability and its subsequent patching are substantial. Rectifying the bug could limit Ordinals inscriptions, although existing inscriptions would persist due to the immutable nature of the network.

This situation underscores a broader theme in the cryptocurrency world: the constant evolution and the need for vigilance in maintaining network security. The involvement of U.S. federal agencies in tracking and cataloging these vulnerabilities may signify a step toward more robust and secure blockchain technologies. While the identification of Bitcoin's vulnerability by the NVD serves as a cautionary tale, it also presents an opportunity for growth and improvement in the cryptocurrency ecosystem.

Understanding the Drawbacks of Blockchain Smart Contracts

 

Blockchain technology has grabbed the attention of companies across the globe. Due to its benefits, such as immutability and transparency, traditional companies outside of banking, like BMW and Bosch, have begun to experiment with smart contracts to produce more efficient supply chains and better engineering products.

A number of parties' agreements can be formalised and carried out using smart contracts, which are simply software codes included into a particular blockchain. This eliminates the need for a third party middleman, saves time, and enables multi-party consensus-based validation. They can be applied to many other tasks, including transferring deeds, playing chess, and creating wills.

But despite the disruptive potential and highly praised abilities blockchain promises, the number of heists targeting smart contracts has increased more than 12-fold over the past two years. Why are there so many more heists now if they are so intelligent?

Let's define the connection between smart contracts and blockchain for better comprehension. 

Decentralisation 

Consider each smart contract in a blockchain network similar to Amazon's AWS platform as a server. Blockchain makes it more difficult for attackers to employ conventional hacking techniques like Trojan horses, physical attacks, and ransomware because there isn't a single centralised site for them to exploit. By removing the single point of failure in a network, blockchain combats these. 

While it's not technically possible to hack a blockchain network, many distributed applications and smart contracts that blockchain enables can. 

Large sums of value are being funnelled through smart contracts as a result of the progressively expanding success and influence of decentralised finance (DeFi), making them tempting to hackers. And as the number of tokenized real-world assets increases, this threat is expected to grow. Because funds stolen via smart contracts are extremely difficult to recover, hacking poses a severe threat to this emerging blockchain sector. 

Smart contract threats

Smart contracts, like all code, are susceptible to human mistake. These faults can be typos, misrepresentations of specifications, or more serious mistakes that can be utilised to hack or "trick" the smart contract. There is no guarantee that the contracts have been peer-reviewed or validated, as opposed to blockchain. 

A smart contract audit may be able to spot errors in the coding, but other dangers are more difficult to detect. For instance, the default-visibility vulnerability is a typical error that happens when the visibility of functions is not specified and some functions are left public. For instance, hackers may gain access to the mint feature and produce billions of relevant tokens. Fortunately, by conducting an audit to make sure that all functions are set to private by default, this vulnerability may be avoided. 

Reentrancy attacks pose different, more complex and dangerous threats as a result of coding flaws. This occurs when an attacker deploys a malicious smart contract to communicate with the one holding the funds through the external function calls of the smart contract.

Mitigation tips

Not to mention that most smart contract administrators grant themselves certain admin capabilities, usually to make post-launch updates. Administrators must utilise their private keys to gain access to these rights. These private keys are yet another risk, and if they are not properly stored (i.e., in an offline cold vault), hackers who acquire access can alter the smart contract and send funds anywhere they want. 

Recently, the European Parliament mandated that a kill switch mechanism be used to mitigate damage in the event that a smart contract is hacked. While the authorities intended to provide users greater control over their personal data, the act has raised worries among the Web3 community. 

A kill switch might obliterate the entire smart contract and any value that was put on it if it were not done properly. A pause function that, in the event of a security threat, could freeze the smart contract and restart it after the problem is fixed would be a superior solution.

If the pause feature is used, the administrator is recommended to use two different private keys. Because as soon as the contract's private key (used to pause it) is live, it opens itself up to assault. Separating the pause and unpause admin keys and keeping them offline increases the security of the smart contract by removing potential weak points. 

The DeFi and blockchain ecosystems are subject to security risks, as are all technological platforms. As we've seen with the advent of DeFi platforms and protocols, smart contracts provide advantages, but these advantages can be mitigated by being aware of their weaknesses, conducting thorough research, and adhering to the recommendations in this article. With time, improved security standards will emerge, strengthening the use cases for smart contracts and bringing forth a more stable blockchain environment.