Figure 5: Stylized Prominent Risks and Vulnerabilities in DLTs.












            This taxonomy has been developed based on a survey of the most frequent risks permeating the DLT ecosystem world-
            wide.  Annex D is a summary of these general risks and vulnerability concerns, alongside resultant risks and potential
            mitigation measures. Others areas of concern are described in Table 5.

            decrease in scalability and/or security. Methods to   uses can cause dangers, such as coins being sent to
            increase scalability include Sharding and SegWIt:  Segwit addresses. 144
            Sharding is the process of partitioning or breaking up
            large databases into smaller, more manageable piec-  Mitigation and Recommendations:
            es or ‘shards.’ It is different than sidechains. Sharding   Increase the number of active nodes. Sharding
            is considered a Layer 1 solution as it is implemented   requires sufficient numbers of active nodes per each
            into the base-level protocol of the blockchain. It basi-  blockchain shard to ensure the security of transac-
            cally divides the network into teams. After fractioning   tions. 145
            the network, each node is responsible for process-
            ing its own transactions. Projects using sharding as   8.2.2   Issue: Bugs in DLT Code
            a scalability solution include Ethereum,  Zilliqa, and   DLTs show great promise in use in DeFi context, from
                                               138
            Cardano.  A shard must be able to fit within the size   secure disbursement of funds, to secure and trans-
                    139
            of the node which is managing it, or this may result   parent access to assets and record; raising of funds
            in single-shard takeover attacks.                  using crypto-based tokens; tracing of trade finance
                                        140
               The partitioning aspect of sharding raises a sig-  payments for small enterprises; to secure identities
            nificant potential problem: without downloading and   that can be used to access funds and credit. Espe-
            validating the entire history of a particular shard the   cially with a financial component to their use, secu-
            participant cannot necessarily be certain  that the   rity of DLTs and the tokens they enable is vital and
                                                 141
            state with which they interact is the result of some   necessary.
            valid sequence of blocks and that such sequence of   All software requires  traditional  and  acceptable
            blocks is indeed the canonical chain in the shard. 142  levels of attention to properly maintain and update
            Segregated Witness (SegWit) is a Layer 1, soft fork   the underlying code, methods and core develop-
            protocol upgrade created by Bitcoin Core devel-    ment concerns. This includes appropriate, secure
            opers to solve and patch Bitcoin’s data malleability   and responsible methods of review, reporting,
            problem and enhance the protocol’s extremely slow   response (such as to bug reports and communica-
            transaction  throughput  by  effectively increasing   tion with developers and the community), testing,
            block capacity. Substantial benefits are supposed to   deployment, maintenance, documentation, collabo-
            occur once majority adoption is reached.           ration, etc.
                                                                 While there do not appear to be major vulnerabil-
            Risks:                                             ities in the Bitcoin Blockchain and Ethereum internal
            Data on a DLT may be compromised/ Privacy and      technologies themselves, the nascent technologies
            Confidentiality of Data. Challenges with scalability   and implementation thereof invariably introduce
            means that compromises are usually made elsewhere,   vulnerabilities. These emanate in particular from
            such as the sacrifice of safety and security for speed   the abundance of new protocols that vary the ini-
            gains and increases the chances of data corruption   tial design with new features and complex logic to
            on a DLT.  SegWit though is not a universally adopt-  implement them This is exacerbated by the distrib-
            ed solution by a significant margin and may increase   uted nature of DLTs and the associated wide attack
            the risk that mining cartels will rise again.  There   surface and in many cases, and a rush to implement
                                                   143
            are also compatibility issues with non-adopters and   solutions that are not properly tested or are devel-




                                                                   Security Aspects of Distributed Ledger Technologies  25