ensure in this context keep all these transactions   looking for a specific transaction ID (but not seman-
               on-chain and the settlement near instantaneous.  tic equivalents) that a transaction had not completed
            •  Greater certainty around the concepts of settle-  when, in fact, it had.
                                                                                171
               ment and settlement finality applied to crypto-as-
               sets is needed.                                 Risks:
            •  Use of the transaction assurance, for example   By deliberately launching transaction malleability
               insurance of custodians                         attacks on multiple exchanges at once, perhaps using
            •  There may be a need to distinguish between per-  software deliberately designed to create mutant
               missioned and permissionless DLTs in that respect,   transactions could cause short-term problems for
               in particular, specific governance issues with per-  the market as any uncertainty or doubt about market
               missionless DLTs, which makes them less suitable   stability will have an effect on market prices, espe-
               to the processing of financial instruments, at least   cially with such an illiquid, volatile asset class.
               in their current form. 161
            •  Central Bank DLT prototypes have used the BFT   Mitigation and Recommendations:
               consensus protocol to ensure finality of pay-   Cost-based prevention, e.g. consensus algorithms
               ments. 162                                      make it expensive to perpetrate this attack.

            8.3.2   Issue: Changes In The Order Of             8.3.3   Issue: Accuracy of Oracle Input/Output
            Transactions                                       Data

            Dimensions Affected: Consensus, Data Model         Dimension Affected: Data Model

            Specific Threat: Transaction (Data) Malleability   Specific Threat: Oracles are compromised
            A  transaction  (data) malleability attack  lets  some-  Blockchain applications are unable to directly access
            one change the unique ID of a Bitcoin transaction   and retrieve information from sources outside of the
            before it is confirmed on the Bitcoin network, making   blockchain. An oracle serves as a conduit between
            it possible for someone to pretend that a transac-  an external data source and blockchain applications,
            tion didn’t happen.  The goal then is to deceive a   such as smart contracts and DApps. 172
                             163
            merchant or payor into paying twice for the same     In contrast to the blockchain philosophy which
            transaction by leading the target into believing that   mandates operation in a decentralized, trustless
            the original transaction failed.  The founder of Mt.   environment, using an oracle introduces both a trust-
                                       164
            Gox claimed that transaction malleability was a    ed intermediary and trusted data source with the
            primary cause of the spectacular heist of USD 473   possibility both will be provided from a single, cen-
            million of Bitcoin stolen from the exchange.  The   tralized source.
                                                    165
            claim was analyzed and separately confirmed as a
            problem in the Bitcoin protocol,  currently fixed in   Vulnerabilities:
                                         166
            a soft fork  and in the SegWit solution (which is still   Corrupted data is seeded into/out of DLTs via inse-
                     167
            not fully adopted within the Bitcoin network)  as   cure oracles
                                                      168
            well as the Lightning Network. 169                 While oracles generally provide critical input and
                                                               output capabilities for data on a DL, they are also the
            Vulnerability:                                     weakest link as they are not secure. They may give
            The vulnerability lies mainly with DL protocols    rise to greater opportunity for liability and damag-
            such as Bitcoin (and Litecoin)  which use transac-  es if faulty data is used and there are losses, which
                                       170
            tion identification (‘TXID’) in the process of send-  could precipitate a damage claim. 173
            ing funds, meaning that instead of withdrawing a     Oracles require trust both regarding the ora-
            value  from  an  account,  the  Bitcoin  protocol  points   cle itself (as a trusted intermediary to a blockchain
            to a prior input (the ‘deposit’) which is the source   application) as well as from the data sources them-
            of where an address received funds to match to the   selves. An oracle is vulnerable to the presence of bad
            existing output (the ‘spend’). The problem allows   behavior that occurs at/from its data source and
            for the transaction identification to be changed to   could impact what occurs on the blockchain,
            a variation that is a semantic equivalent before the
            original transaction is confirmed on the network. This
            lends the appearance to the sender, who may be only



           28    Security Aspects of Distributed Ledger Technologies