US Defense Agency Report: Blockchain is not as decentralized as you think

According to Trail of Bits, distributed ledger technology (DLT) and blockchains including Bitcoin and Ethereum may be more vulnerable to centralization risks than initially thought.

The security firm released a report on Tuesday titled “Is Blockchain Decentralized?” commissioned by the U.S. government’s Defense Advanced Research Projects Agency (DARPA).

The report aims to investigate whether blockchains, including Bitcoin and Ethereum, are truly decentralized, although the report appears to focus primarily on Bitcoin.

Among its main findings, the security firm found outdated bitcoin nodes, unencrypted blockchain mining pools and most unencrypted bitcoin network traffic passing through only a limited number of ISPs, potentially gaining access to various actors The space for over-centralized control of the network.

bitcoin node

The report states that a subnet of Bitcoin nodes is primarily responsible for reaching consensus and communicating with miners, and that “the vast majority of nodes make no meaningful contribution to the health of the network.”

It also found that 21% of Bitcoin nodes were running an older version of the Bitcoin Core client, which was known to suffer from vulnerabilities such as consensus errors. It states that “it is critical that all DLT nodes run on the same latest version of the software, otherwise consensus errors may occur and cause blockchain forks.”

A Bitcoin node is any computer that stores and validates blocks in the blockchain. Nodes are used to monitor the health and security of the Bitcoin blockchain and verify the accuracy of transactions. The current version that all nodes should be running is Bitcoin Core 22.0.

Another conclusion of the report is that Bitcoin’s mining pool protocol, Stratum, is unencrypted and largely unauthenticated.

This means that malicious attacks can be carried out to “estimate the hash rate and payout of miners in the pool” and “manipulate Stratum messages to steal CPU cycles and payouts of mining pool participants”.

Delivery via ISP

The authors also found vulnerabilities in the infrastructure, where traffic based on the Bitcoin protocol is unencrypted and 60% of web traffic goes through only three ISPs.

This is a problem because “ISPs and hosting providers have the ability to arbitrarily degrade or deny service to any node.”

The report contains 26 pages of details, data and infographics. DARPA was established in 1958 to develop emerging technologies for use by U.S. Department of Defense agencies and the U.S. military. Trail of Bits, a cybersecurity research and consulting firm hired by DARPA to write the report.

The report comes at an interesting point in time after Solana’s centralization issues were highlighted.

Solend, the Solend-based decentralized finance (DeFi) lending protocol, made an interim governance proposal on Sunday to take over whale wallets facing liquidation, potentially putting pressure on Solend and its users.

The proposal, passed by one whale, was met with an immediate Twitter backlash, and another governance vote was created to invalidate the previously approved proposal. Observers believe the move could damage DeFi’s overall image, as taking control of one of Solend’s wallets means the fundamentals of DeFi are called into question, and the overthrow vote isn’t much better.

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-06-22 23:37
Next 2022-06-22 23:40

Related articles