Page 43 - FIGI: Security Aspects of Distributed Ledger Technologies
P. 43
Mitigation and Recommendations: may come with sacrifices and introduce risks and
vulnerabilities. This may manifest as the ‘tragedy
• Wait for Multiple Confirmation: It has become of the commons’ problem, where those with larg-
the standard for most merchants and providers to er stakes can profit at the expense of those with
wait to receive multiple confirmations before con- few. Similarly, legal and operational actions may
307
sidering a transaction complete when using POW be difficult where formalities are lacking, such as
consensus mechanisms such as Bitcoin, most being able to hire or protecting the legal rights of
296
often being at least 6 confirmations. Merchants the product which can include user safety and pre-
297
have been recommended to disable direct incom- vention of fraud. A spin-off issue from this issue
308
ing connections and select specific outgoing con- is the ability for the DLT developers to change /
nections; consider using a listening period to switch the governance model after the main-net
298
spot a double spend transaction which has prop- launch as occurred with EOS. 309
agated along the network; have a peer group of
299
observers and encourage rapid and efficient com- Risks:
munication across the network of double spends
and bad actors; engage in a cooperative mea- • Voting contract bugs could allow someone to
300
sure between peers which checks both the block- delete votes from the voting contract and freeze
chain and their own memory pool of transactions new participants out of the contract. 310
to scan for attempts at double spending. • Decentralization of standardized, traditional pro-
301
• The use of the Lightning Network and payment/ cesses can lead to unintended results (The DAO)
state channels can remove some of the traditional as well as the reduction of efficiency/effective-
problems with double-spend attacks. ness of traditional centralized hierarchical man-
• Monitoring of Activity: Mining pools and hash agement;
311
power is constantly monitored, such as by Chi- • Forking, because significant disagreement can
nese cyber-security firm SlowMist among others, result in severe consequences such as ‘forking,’
and several mining pools have already voluntarily where influential members become direct com-
refused to approach reaching near 50% hash pow- petitors;
312
er. Other industry monitors include Chainlink. • Voting irregularities can occur (bribes/ ‘game-the-
• Change Consensus Algorithm: The cost to mount oretic attacks’); 313
a 51% attacks against smaller crypto-currency, • Governance can effectively approach centraliza-
such as renting equipment, is estimated as low as tion as a result of influential stakeholders, founders
under USD 1,000 per hour against crypto-curren- and key developers -- transactional governance
314
cy such as Bitcoin Gold, Bytecoin, Verge-Scrypt, can be influenced by the presence of just a few,
315
Metaverse and Monacoin. There have been such as large mining operations and consortiums
302
plans by some crypto-currency, such as Ethere- of miners can take control of the network with as
um, to move to Proof of Stake theoretically makes few as 3-4 Bitcoin or Ethereum mining operations
a 51% attack much less appealing and possible. which have dominated over 50-60% of the net-
303
Group-IB recommends a different encryption work.
algorithm. Litecoin Cash has suggested a ‘hive’ • Low voter turnout - the process can be inefficient,
304
of worker bees to thwart 51% attacks. 305 voter/stakeholder participation can be limited; 316
• Overall, a negative image of a DLT project can
8.7.2 Issue: Governance Voting Dominance and result from difficulty in understanding ultimate-
Irregularities ly who may own or control a project, which can
lead to difficulties with trust and direct investment
Dimensions Affected: Network, Data Model, such as fundraising and backing. 317
Execution, Application
Mitigation and Recommendations:
Vulnerabilities: To ensure the security of the blockchain and clean
governance, private DLTs could use fewer nodes.
• Attempts to decentralize governance in larg-
er pools of diverse stakeholders, such as public
blockchains which have asymmetries in incen-
tives can gain measures of independence but
306
Security Aspects of Distributed Ledger Technologies 41