Page 43 - FIGI: Security Aspects of Distributed Ledger Technologies
P. 43

Mitigation and Recommendations:                      may come with sacrifices and introduce risks and
                                                                 vulnerabilities. This may manifest as the ‘tragedy
            •  Wait  for  Multiple  Confirmation:  It  has  become   of the commons’ problem, where those with larg-
               the standard for most merchants and providers to   er stakes can profit at the expense of those with
               wait to receive multiple confirmations before con-  few.  Similarly, legal and operational actions may
                                                                     307
               sidering a transaction complete when using POW    be difficult where formalities are lacking, such as
               consensus mechanisms such as Bitcoin,  most       being able to hire or protecting the legal rights of
                                                   296
               often being at least 6 confirmations.  Merchants   the product which can include user safety and pre-
                                               297
               have been recommended to disable direct incom-    vention of fraud.  A spin-off issue from this issue
                                                                                308
               ing connections and select specific outgoing con-  is the ability for the DLT developers to change /
               nections;  consider using a listening period to   switch the governance model after the main-net
                       298
               spot a double spend transaction which has prop-   launch as occurred with EOS. 309
               agated along the network;  have a peer group of
                                      299
               observers and encourage rapid and efficient com-  Risks:
               munication across the network of double spends
               and bad actors;  engage in a cooperative mea-   •  Voting contract bugs could allow someone to
                             300
               sure between peers which checks both the block-   delete votes from the voting contract and freeze
               chain and their own memory pool of transactions   new participants out of the contract. 310
               to scan for attempts at double spending.        •  Decentralization of standardized, traditional pro-
                                                  301
            •  The use of the Lightning Network and payment/     cesses can lead to unintended results (The DAO)
               state channels can remove some of the traditional   as well as the reduction of efficiency/effective-
               problems with double-spend attacks.               ness of traditional centralized hierarchical man-
            •  Monitoring of Activity: Mining pools and hash     agement;
                                                                         311
               power is constantly monitored, such as by Chi-  •  Forking, because significant disagreement can
               nese cyber-security firm SlowMist among others,   result in severe consequences such as ‘forking,’
               and several mining pools have already voluntarily   where influential members become direct com-
               refused to approach reaching near 50% hash pow-   petitors;
                                                                        312
               er. Other industry monitors include Chainlink.  •  Voting irregularities can occur (bribes/ ‘game-the-
            •  Change Consensus Algorithm: The cost to mount     oretic attacks’); 313
               a 51% attacks against smaller crypto-currency,   •  Governance can effectively approach centraliza-
               such as renting equipment, is estimated as low as   tion as a result of influential stakeholders, founders
               under USD 1,000 per hour against crypto-curren-   and key developers  -- transactional governance
                                                                                  314
               cy such as Bitcoin Gold, Bytecoin, Verge-Scrypt,   can be influenced by the presence of just a few,
                                                                                                           315
               Metaverse  and  Monacoin.   There  have  been     such as large mining operations and consortiums
                                       302
               plans by some crypto-currency, such as Ethere-    of miners can take control of the network with as
               um, to move to Proof of Stake theoretically makes   few as 3-4 Bitcoin or Ethereum mining operations
               a 51% attack much less appealing and possible.    which have dominated over 50-60% of the net-
                                                         303
               Group-IB recommends a different encryption        work.
               algorithm.  Litecoin Cash has suggested a ‘hive’   •  Low voter turnout - the process can be inefficient,
                        304
               of worker bees to thwart 51% attacks. 305         voter/stakeholder participation can be limited; 316
                                                               •  Overall,  a  negative  image  of  a  DLT  project  can
            8.7.2    Issue: Governance Voting Dominance and      result from difficulty in understanding ultimate-
            Irregularities                                       ly who may own or control a project, which can
                                                                 lead to difficulties with trust and direct investment
            Dimensions Affected: Network, Data Model,            such as fundraising and backing. 317
            Execution, Application
                                                               Mitigation and Recommendations:
            Vulnerabilities:                                   To ensure the security of the blockchain and clean
                                                               governance, private DLTs could use fewer nodes.
            •  Attempts to decentralize governance in larg-
               er pools of diverse stakeholders, such as public
               blockchains  which have  asymmetries in incen-
               tives  can gain measures of independence but
                   306


                                                                   Security Aspects of Distributed Ledger Technologies  41
   38   39   40   41   42   43   44   45   46   47   48