New research from the Decentralized Systems Lab found that many proof-of-stake coins have serious security vulnerabilities.
In a new report by the University of Illinois at Urbana Champaign’s Decentralized Systems Lab, several attack vectors against many proof-of-stake coins were discovered. According to the report, many of these issues stem from applying Bitcoin’s setup to proof-of-stake coins:
“Many cryptocurrencies are in fact forks (or at least descendants) of Bitcoin’s codebase, with the PoS functionality grafted in. However, some design ideas are copied over insecurely, leading to new vulnerabilities that did not exist in the parent codebase.”
The discovered vulnerabilities mainly affected PoSv3 implementations, and allowed attackers to trick nodes into overcommitting resources, crashing the nodes:
“We call the vulnerabilities we found ‘Fake Stake’ attacks. Essentially, they work because PoSv3 implementations do not adequately validate network data before committing precious resources (disk and RAM). The consequence is that an attacker without much stake (in some cases none at all) can cause a victim node to crash by filling up its disk or RAM with bogus data. We believe that all currencies based on the UTXO and longest chain Proof-of-Stake model are vulnerable to these “Fake Stake” attacks.”
Two versions of this attack were discovered, affecting different sets of cryptocurrencies. One exploits node’s inability to determine a valid stake by the block header alone, thereby filling up the RAM or disk of the node. The second involves a legitimate stake in the coin that is moved several times, with each previous instance being used to spoof the stake still being in place.
Affected coins may not have performed due diligence in development
Today we’re making public a resource exhaustion vulnerability affecting more than a dozen proof-of-stake cryptocurrencies. TL;DR: they don’t adequately validate blocks before storing them in disk/ram. Our coordinated vulnerability disclosure began in november https://t.co/xJvzkxOlzr
— Andrew Miller 🦓🦓🦓 (@socrates1024) January 22, 2019
The Decentralized Systems Lab report found that the assumption false that using approaches that work for Bitcoin, a proof-of-work coin, will work for proof-of-stake coins, and that many of the projects found vulnerable seemed to share in this assumption:
“While the “fake stake” attacks are simple in principle, they underscore a difficult design challenge: some ideas that make sense in Proof-of-Work do not translate over securely to Proof-of-Stake. Given the high degree of code sharing from Bitcoin Core as “upstream” among PoSv3 cryptocurrencies, we think this deserves even more scrutiny.”
The usage of direct copying of Bitcoin code for what are intended to be radically different coins may suggest that developers of proof-of-stake coins may not completely understand the fundamental differences between the two consensus methods:
“To us, this suggests an awareness among PoS developers that the trade-offs and requirements in this design space are not yet fully understood. The challenge is that on one hand, we want to reject invalid blocks as soon as possible, but on the other hand, we don’t want to get stuck on a chain split or get delayed in processing what’s actually the main chain. A systematic way to deal with this remains an open problem for future work.”
Even more worrying, many development teams appear to have been asleep at the wheel and have not responded to the disclosure of these vulnerabilities, with four not responding and six not contacted because the lack of recent Github activity indicated stagnant or dead development:
“Five teams acknowledged the vulnerability, three are still investigating, three rebutted it (pointed out implementation changes that had a mitigating effect), and four teams gave no response. For the four teams that did not respond, we contacted them through channels we could find from their websites.”
Most notably, PIVX, at time of writing a top-80 cryptocurrency by market cap ranking, has not yet publicly responded to the vulnerability disclosure.
2019 may be the year of attacks on cryptocurrency networks
This year may see a significant increase in attacks against cryptocurrencies. In addition to these vulnerabilities found in proof-of-stake coins, proof-of-work coins may become increasingly attacked as well, as Siacoin’s lead developer predicted would happen in 2019. In a major attack, Ethereum Classic became a victim this year, representing a major disruption in a top-20 project.
Dash is well-positioned to resist potential attacks, with a high hashrate and dominating the use of the X11 mining algorithm. In the near future, Dash plans to implement an innovation known as ChainLocks, which would require a potential attacker to also control over half of the masternode network, a daunting task, especially considering over half of Dash’s coin supply, necessary for running masternodes, is already spoken for in other masternodes running the network.
While often confused for a proof-of-stake hybrid, Dash is a proof-of-work coin, and the addition of ChainLocks to leverage staked nodes to increase security does not open Dash up to proof-of-stake vulnerabilities of the kind discovered by the Decentralized Systems Lab, according to Dash Core lead developer Udjinm6:
“Masternodes do NOT produce blocks, and their collateral/proregtxes are NOT a part of the header/block validation. ChainLocks are post-header [implementation], so to say, they can’t produce a ChainLock vote on an invalid header.”
This unique improvement may make Dash among the most secure cryptocurrencies in the world.