Skip to main content
SpringerLink
Log in

Vulnerabilities and attacks assessments in blockchain 1.0, 2.0 and 3.0: tools, analysis and countermeasures

  • Special Issue Paper
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Nowadays, blockchain has become increasingly popular due to its promise of supporting critical business services in various areas. Blockchain systems, like Ethereum and Hyperledger Fabric, rely on sophisticated middleware, which enables the execution of smart contracts. Smart contracts define the business logic within cooperative applications. Detecting attacks and vulnerabilities within blockchain is a crucial issue for ensuring the security of different generations of blockchains. Testing a blockchain application serves multiple purposes: it ensures its quality, maximizes test coverage, and minimizes the risks associated with insufficient knowledge that could potentially impact the software development process. That is why several static analysis tools targeting Ethereum smart contracts and Hyperledger Fabric chaincode have recently been proposed by the blockchain research community. However, the efficiency of these analysis tools remains an open issue that requires further investigation. In this context, this paper presents a new taxonomy related to attacks targeting different generations of blockchain and evaluates the available analysis tools that can be utilized to assess the resilience of blockchain 2.0 and blockchain 3.0 against a range of vulnerabilities and attacks. Additionally, this study presents two quantitative analyses: one assessing the performance of tools in evaluating smart contract vulnerabilities within blockchain 2.0, and another analyzing the performance of tools in assessing blockchain 3.0 vulnerabilities within chaincode. Furthermore, this comprehensive study holds value for the research community as it considers various generations of blockchain.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17

Similar content being viewed by others

Data Availability

All data generated or analyzed during this study are included in this published article

References

  1. Rajasekaran, A.S., Azees, M., Al-Turjman, F.: A comprehensive survey on blockchain technology. Sustainable Energy Technol. Assess. 52, 102039 (2022)

    Article  Google Scholar 

  2. Sarode, R.P., Poudel, M., Shrestha, S., Bhalla, S.: Blockchain for committing peer-to-peer transactions using distributed ledger technologies. Int. J. Comput. Sci. Eng. 24(3), 215–227 (2021)

    Google Scholar 

  3. Zmaznev, E.: Bitcoin and ethereum evolution (2018)

  4. Treiblmaier, H., Swan, M., De Filippi, P., Lacity, M., Hardjono, T., Kim, H.: What’s next in blockchain research?—An identification of key topics using a multidisciplinary perspective. ACM SIGMIS Database: DATABASE Adv. Inf. Syst. 52(1), 27–52 (2021)

    Article  Google Scholar 

  5. Berryhill, J., Bourgery, T., Hanson, A.: Blockchains unchained: Blockchain technology and its use in the public sector (2018)

  6. Konstantinidis, I., Siaminos, G., Timplalexis, C., Zervas, P., Peristeras, V., Decker, S.: Blockchain for business applications: A systematic literature review. In: International Conference on Business Information Systems, pp. 384–399. Springer (2018)

  7. Dutta, P., Choi, T.-M., Somani, S., Butala, R.: Blockchain technology in supply chain operations: applications, challenges and research opportunities. Transp. Res. Part E: Logist. Transp. Rev. 142, 102067 (2020)

    Article  Google Scholar 

  8. Queiroz, M.M., Telles, R., Bonilla, S.H.: Blockchain and supply chain management integration: a systematic review of the literature. Supply Chain Manag.: Int. J. (2019)

  9. Xu, X., He, Y.: Blockchain application in modern logistics information sharing: a review and case study analysis. Prod. Plan. Control 1–15 (2022)

  10. Dobrovnik, M., Herold, D.M., Fürst, E., Kummer, S.: Blockchain for and in logistics: What to adopt and where to start. Logistics 2(3), 18 (2018)

    Article  Google Scholar 

  11. Choi, T.-M., Siqin, T.: Blockchain in logistics and production from blockchain 1.0 to blockchain 5.0: an intra-inter-organizational framework. Transp. Res. Part E: Logist. Transp. Rev. 160, 102653 (2022)

    Article  Google Scholar 

  12. Adere, E.M.: Blockchain in healthcare and iot: a systematic literature review. Array 100139 (2022)

  13. Aithal, P., Dias, E.: Innovations in the healthcare industry using blockchain technology: Concept, application areas, and research agendas. In: Prospects of Blockchain Technology for Accelerating Scientific Advancement in Healthcare, pp. 48–83 (2022)

  14. Denter, N.M., Seeger, F., Moehrle, M.G.: How can blockchain technology support patent management? A systematic literature review. Int. J. Inf. Manag. 102506 (2022)

  15. Xu, Y., Li, X., Zeng, X., Cao, J., Jiang, W.: Application of blockchain technology in food safety control current trends and future prospects. Crit. Rev. Food Sci. Nutr. 62(10), 2800–2819 (2022)

    Article  Google Scholar 

  16. Hbaieb, A., Ayed, S., Chaari, L.: Blockchain-based trust management approach for iov. In: International Conference on Advanced Information Networking and Applications, pp. 483–493. Springer (2021)

  17. Haddaji, A., Ayed, S., Chaari, L.: Federated learning with blockchain approach for trust management in iov. In: International Conference on Advanced Information Networking and Applications, pp. 411–423. Springer (2022)

  18. Saad, M., Khan, M.K., Ahmad, M.B.: Blockchain-enabled vehicular ad hoc networks: a systematic literature review. Sustainability 14(7), 3919 (2022)

    Article  Google Scholar 

  19. Grover, J.: Security of vehicular ad hoc networks using blockchain: a comprehensive review. Vehic. Commun. 100458 (2022)

  20. Fourati, M., Najeh, B., Idriss, A., et al.: Blockchain towards secure uav-based systems. In: Enabling blockchain technology for secure networking and communications, pp. 149–174. IGI Global (2021)

  21. Alkadi, R., Alnuaimi, N., Yeun, C.Y., Shoufan, A.: Blockchain interoperability in unmanned aerial vehicles networks: state of the art and open issues. IEEE Access 10, 14463–14479 (2022)

    Article  Google Scholar 

  22. Manimaran, A., Dhasarathan, C., Arulkumar, N., Kumar, N.: A comprehensive review on blockchain-based internet of things (biot): Security threats, challenges, and applications. Utilizing Blockchain Technologies in Manufacturing and Logistics Management, pp. 25–44 (2022)

  23. Abdelhafidh, M., Charef, N., Mnaouer, A.B., Chaari, L.: A survey of blockchain-based solutions for iots, vanets, and fanets. In: Enabling Blockchain Technology for Secure Networking and Communications, pp. 110–148. IGI Global (2021)

  24. Kumar, R.L., Khan, F., Kadry, S., Rho, S.: A survey on blockchain for industrial internet of things. Alex. Eng. J. 61(8), 6001–6022 (2022)

    Article  Google Scholar 

  25. Huo, R., Zeng, S., Wang, Z., Shang, J., Chen, W., Huang, T., Wang, S., Yu, F.R., Liu, Y.: A comprehensive survey on blockchain in industrial internet of things: Motivations, research progresses, and future challenges. IEEE Commun. Surv. Tutor. (2022)

  26. Maleh, Y., Lakkineni, S., Tawalbeh, L., AbdEl-Latif, A.A.: Blockchain for cyber-physical systems: Challenges and applications. In: Advances in Blockchain Technology for Cyber Physical Systems, pp. 11–59. Springer (2022)

  27. Ali, R.A., Ali, E.S., Mokhtar, R.A., Saeed, R.A.: Blockchain for iot-based cyber-physical systems (cps): Applications and challenges. In: Blockchain Based Internet of Things, pp. 81–111. Springer (2022)

  28. Roosan, D., Tatla, V., Li, Y., Kugler, A., Chok, J., Roosan, M.R.: Framework to enable pharmacist access to healthcare data using blockchain technology and artificial intelligence. J. Am. Pharm. Assoc. (2022)

  29. Ynag, Q., Zhao, Y., Huang, H., Zheng, Z.: Fusing blockchain and ai with metaverse: a survey. arXiv preprint arXiv:2201.03201 (2022)

  30. Dibaei, M., Zheng, X., Xia, Y., Xu, X., Jolfaei, A., Bashir, A.K., Tariq, U., Yu, D., Vasilakos, A.V.: Investigating the prospect of leveraging blockchain and machine learning to secure vehicular networks: a survey. IEEE Trans. Intell. Transp. Syst. (2021)

  31. Chen, F., Wan, H., Cai, H., Cheng, G.: Machine learning in/for blockchain: future and challenges. Can. J. Stat. 49(4), 1364–1382 (2021)

    Article  MathSciNet  Google Scholar 

  32. Li, D., Han, D., Weng, T.-H., Zheng, Z., Li, H., Liu, H., Castiglione, A., Li, K.-C.: Blockchain for federated learning toward secure distributed machine learning systems: a systemic survey. Soft. Comput. 26(9), 4423–4440 (2022)

    Article  Google Scholar 

  33. Saraswat, D., Verma, A., Bhattacharya, P., Tanwar, S., Sharma, G., Bokoro, P.N., Sharma, R.: Blockchain-based federated learning in uavs beyond 5g networks: a solution taxonomy and future directions. IEEE Access 10, 33154–33182 (2022)

    Article  Google Scholar 

  34. Garg, D., Bhatia, K.K., Gupta, S.: A research perspective on security in fog computing through blockchain technology. In: International Conference on Artificial Intelligence and Sustainable Computing, pp. 91–104. Springer (2021)

  35. Zou, J., He, D., Zeadally, S., Kumar, N., Wang, H., Choo, K.R.: Integrated blockchain and cloud computing systems: a systematic survey, solutions, and challenges. ACM Comput. Surv. (CSUR) 54(8), 1–36 (2021)

    Article  Google Scholar 

  36. Wu, K., Ma, Y., Huang, G., Liu, X.: A first look at blockchain-based decentralized applications. Softw.: Pract. Exp. 51(10), 2033–2050 (2021)

    Google Scholar 

  37. Truong, N., Lee, G.M., Sun, K., Guitton, F., Guo, Y.: A blockchain-based trust system for decentralised applications: When trustless needs trust. Futur. Gener. Comput. Syst. 124, 68–79 (2021)

    Article  Google Scholar 

  38. Yue, K., Zhang, Y., Chen, Y., Li, Y., Zhao, L., Rong, C., Chen, L.: A survey of decentralizing applications via blockchain: the 5g and beyond perspective. IEEE Commun. Surv. Tutor. 23(4), 2191–2217 (2021)

    Article  Google Scholar 

  39. Kumar, A.: Blockchain technology dislocates traditional practice through cost cutting in international commodity exchange. Smart City Infrastructure: The Blockchain Perspective, pp. 185–204 (2022)

  40. Min, T., Wang, H., Guo, Y., Cai, W.: Blockchain games: a survey. In: 2019 IEEE Conference on Games (CoG), pp. 1–8. IEEE (2019)

  41. Min, T., Cai, W.: A security case study for blockchain games. In: 2019 IEEE Games, Entertainment, Media Conference (GEM), pp. 1–8. IEEE (2019)

  42. Wenhao, D., Yufang, T., Yan, X.: A blockchain-based online game design architecture for performance issues. In: International Conference on Pattern Recognition and Artificial Intelligence, pp. 319–324. Springer (2020)

  43. Khanna, A., Sah, A., Bolshev, V., Jasinski, M., Vinogradov, A., Leonowicz, Z., Jasiński, M.: Blockchain: future of e-governance in smart cities. Sustainability 13(21), 11840 (2021)

    Article  Google Scholar 

  44. Oliveira, T.A., Oliver, M., Ramalhinho, H.: Challenges for connecting citizens and smart cities: Ict, e-governance and blockchain. Sustainability 12(7), 2926 (2020)

    Article  Google Scholar 

  45. Hjálmarsson, F.Þ., Hreiðarsson, G.K., Hamdaqa, M., Hjálmtỳsson, G.: Blockchain-based e-voting system. In: 2018 IEEE 11th International Conference on Cloud Computing (CLOUD), pp. 983–986. IEEE (2018)

  46. Jafar, U., Aziz, M.J.A., Shukur, Z.: Blockchain for electronic voting system-review and open research challenges. Sensors 21(17), 5874 (2021)

    Article  Google Scholar 

  47. Kontzinos, C., Kokkinakos, P., Skalidakis, S., Markaki, O., Karakolis, V., Psarras, J.: Using blockchain, semantics and data analytics to optimise qualification certification, recruitment and competency management: a landscape review. Mobile, Hybrid, and On-line Learning (eLmL 2020), 44 (2020)

  48. Dutra, A., Tumasjan, A., Welpe, I.M.: Blockchain is changing how media and entertainment companies compete. MIT Sloan Manag. Rev. 60(1), 39–45 (2018)

    Google Scholar 

  49. Kim, H.-W., Lee, Y.-E., Kwon, M.-H., Lee, M.-J.: Bcon: Blockchain-based content management service using did. J. Korea Soc. Comput. Inf. 26(6), 97–105 (2021)

    Google Scholar 

  50. Guidi, B.: When blockchain meets online social networks. Pervasive Mob. Comput. 62, 101131 (2020)

    Article  Google Scholar 

  51. Wu, S.X., Wu, Z., Chen, S., Li, G., Zhang, S.: Community detection in blockchain social networks. J. Commun. Inf. Netw. 6(1), 59–71 (2021)

    Article  Google Scholar 

  52. Gudymenko, I., Khalid, A., Siddiqui, H., Idrees, M., Clauß, S., Luckow, A., Bolsinger, M., Miehle, D.: Privacy-preserving blockchain-based systems for car sharing leveraging zero-knowledge protocols. In: 2020 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS), pp. 114–119. IEEE (2020)

  53. Auer, S., Nagler, S., Mazumdar, S., Mukkamala, R.R.: Towards blockchain-iot based shared mobility: car-sharing and leasing as a case study. J. Netw. Comput. Appl. 103316 (2022)

  54. Layeb, T., Haddaji, A., Ayed, S., Bekri, W., et al.: Metrics, platforms, emulators, and testnets for ethereum. In: Enabling Blockchain Technology for Secure Networking and Communications, pp. 1–22. IGI Global (2021)

  55. Layeb, T., Haddaji, A., Ayed, S., Bekri, W., et al.: Platforms and tools within the hyperledger framework. In: Enabling Blockchain Technology for Secure Networking and Communications, pp. 23–44. IGI Global (2021)

  56. Bamakan, S.M.H., Motavali, A., Bondarti, A.B.: A survey of blockchain consensus algorithms performance evaluation criteria. Expert Syst. Appl. 154, 113385 (2020)

    Article  Google Scholar 

  57. Nguyen, G.-T., Kim, K.: A survey about consensus algorithms used in blockchain. J. Inf. Process. Syst. 14(1), 101–128 (2018)

    Google Scholar 

  58. Xiao, Y., Zhang, N., Lou, W., Hou, Y.T.: A survey of distributed consensus protocols for blockchain networks. IEEE Commun. Surv. Tutor. 22(2), 1432–1465 (2020)

    Article  Google Scholar 

  59. Ray, P.P., Dash, D., Salah, K., Kumar, N.: Blockchain for iot-based healthcare: background, consensus, platforms, and use cases. IEEE Syst. J. 15(1), 85–94 (2020)

    Article  Google Scholar 

  60. Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system. Decentralized business review (2008)

  61. Bhushan, B., Kadam, K., Parashar, R., Kumar, S., Thakur, A.K.: Leveraging blockchain technology in sustainable supply chain management and logistics. In: Blockchain Technologies for Sustainability, pp. 179–196. Springer (2022)

  62. Vukolić, M.: The quest for scalable blockchain fabric: Proof-of-work vs. bft replication. In: International Workshop on Open Problems in Network Security, pp. 112–125. Springer (2015)

  63. Oosthoek, K., Doerr, C.: From hodl to heist: Analysis of cyber security threats to bitcoin exchanges. In: 2020 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), pp. 1–9. IEEE (2020)

  64. Marella, V., Kokabha, M.R., Merikivi, J., Tuunainen, V.: Rebuilding trust in cryptocurrency exchanges after cyber-attacks. In: HICSS, pp. 1–10 (2021)

  65. Bhardwaj, A., Shah, S.B.H., Shankar, A., Alazab, M., Kumar, M., Gadekallu, T.R.: Penetration testing framework for smart contract blockchain. Peer-to-Peer Netw. Appl. 14(5), 2635–2650 (2021)

    Article  Google Scholar 

  66. Peng, K., Li, M., Huang, H., Wang, C., Wan, S., Choo, K.-K.R.: Security challenges and opportunities for smart contracts in internet of things: a survey. IEEE Internet Things J. 8(15), 12004–12020 (2021)

    Article  Google Scholar 

  67. Sato, T., Imamura, M., Omote, K.: Threat analysis of poisoning attack against ethereum blockchain. In: IFIP International Conference on Information Security Theory and Practice, pp. 139–154. Springer (2019)

  68. Singh, D., Malhotra, M.V.: A review on the capability and smart contract potential of block chain technology. In: 2023 3rd International Conference on Smart Data Intelligence (ICSMDI), pp. 80–87. IEEE (2023)

  69. Maesa, D.D.F., Mori, P.: Blockchain 3.0 applications survey. J. Parall. Distrib. Comput. 138, 99–114 (2020)

    Article  Google Scholar 

  70. Dogo, E., Nwulu, N., Olaniyi, O.M., Aigbavboa, C., Nkonyana, T.: Blockchain 3.0: Towards a secure ballotcoin democracy through a digitized public ledger in developing countries (2018)

  71. Dhillon, V., Metcalf, D., Hooper, M.: Blockchain 3.0. In: Blockchain Enabled Applications, pp. 247–288. Springer (2021)

  72. Bhansali, A., Masih, J., Sharma, M.: Blockchain 3.0 for sustainable healthcare. Blockchain 3.0 Sustain. Dev. 10, 101 (2021)

    Article  Google Scholar 

  73. Pervez, H., Muneeb, M., Irfan, M.U., Haq, I.U.: A comparative analysis of dag-based blockchain architectures. In: 2018 12th International Conference on Open Source Systems and Technologies (ICOSST), pp. 27–34. IEEE (2018)

  74. Kotilevets, I., Ivanova, I., Romanov, I., Magomedov, S., Nikonov, V., Pavelev, S.: Implementation of directed acyclic graph in blockchain network to improve security and speed of transactions. IFAC-PapersOnLine 51(30), 693–696 (2018)

    Article  Google Scholar 

  75. Benčić, F.M., Žarko, I.P.: Distributed ledger technology: Blockchain compared to directed acyclic graph. In: 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS), pp. 1569–1570. IEEE (2018)

  76. Kondratiuk, D., Seijas, P.L., Nemish, A., Thompson, S.: Standardized crypto-loans on the cardano blockchain. In: International Conference on Financial Cryptography and Data Security, pp. 579–594. Springer (2021)

  77. Aydinli, K.: Performance assessment of cardano. Independent Study–Communication Systems Group, pp. 1–39 (2019)

  78. Guides, T.S., et al.: Why cardano ada deserves your attention–cardano cryptocurrency strategy (2018)

  79. Secure, A.: The zilliqa project: A secure, scalable blockchain platform (2018)

  80. Grigg, I.: Eos-an introduction. White paper. https://whitepaperdatabase.com/eos-whitepaper (2017)

  81. Zheng, W., Zheng, Z., Dai, H.-N., Chen, X., Zheng, P.: Xblock-eos: Extracting and exploring blockchain data from eosio. Inf. Process. Manag. 58(3), 102477 (2021)

    Article  Google Scholar 

  82. Song, W., Zhang, W., Zhai, L., Liu, L., Wang, J., Huang, S., Li, B.: Eos. io blockchain data analysis. J. Supercomput. 78(4), 5974–6005 (2022)

    Article  Google Scholar 

  83. Xu, B., Luthra, D., Cole, Z., Blakely, N.: Eos: An architectural, performance, and economic analysis. Retrieved June 11, 2019 (2018)

    Google Scholar 

  84. Spoke, M., et al.: Aion: the third-generation blockchain network. Whitepaper, 2017 (2017)

  85. Cachin, C., et al.: Architecture of the hyperledger blockchain fabric. In: Workshop on Distributed Cryptocurrencies and Consensus Ledgers, vol. 310, pp. 1–4. Chicago, IL (2016)

  86. Upadhyay, N.: Transforming Social Media Business Models Through Blockchain. Emerald Publishing (2020)

  87. Ratanasopitkul, P.: Blockchain–revolutionize green energy management. In: 2018 International Conference and Utility Exhibition on Green Energy for Sustainable Development (ICUE), pp. 1–6. IEEE (2018)

  88. Arenas, R., Fernandez, P.: Credenceledger: a permissioned blockchain for verifiable academic credentials. In: 2018 IEEE International Conference on Engineering, Technology and Innovation (ICE/ITMC), pp. 1–6. IEEE (2018)

  89. Kushwaha, S.S., Joshi, S., Singh, D., Kaur, M., Lee, H.-N.: Systematic review of security vulnerabilities in ethereum blockchain smart contract. IEEE Access (2022)

  90. Hassan, M.U., Rehmani, M.H., Chen, J.: Anomaly detection in blockchain networks: a comprehensive survey. arXiv preprint arXiv:2112.06089 (2021)

  91. Vacca, A., Di Sorbo, A., Visaggio, C.A., Canfora, G.: A systematic literature review of blockchain and smart contract development: techniques, tools, and open challenges. J. Syst. Softw. 174, 110891 (2021)

    Article  Google Scholar 

  92. Cheng, J., Xie, L., Tang, X., Xiong, N., Liu, B.: A survey of security threats and defense on blockchain. Multimed. Tools Appl. 80(20), 30623–30652 (2021)

    Article  Google Scholar 

  93. Praitheeshan, P., Pan, L., Yu, J., Liu, J., Doss, R.: Security analysis methods on ethereum smart contract vulnerabilities: a survey. arXiv preprint arXiv:1908.08605 (2019)

  94. Aggarwal, S., Kumar, N.: Attacks on blockchain. In: Advances in Computers vol. 121, pp. 399–410. Elsevier (2021)

  95. Morganti, G., Schiavone, E., Bondavalli, A.: Risk assessment of blockchain technology. In: 2018 Eighth Latin-American Symposium on Dependable Computing (LADC), pp. 87–96. IEEE (2018)

  96. Anita, N., Vijayalakshmi, M.: Blockchain security attack: a brief survey. In: 2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT), pp. 1–6. IEEE (2019)

  97. Hameed, K., Barika, M., Garg, S., Amin, M.B., Kang, B.: A taxonomy study on securing blockchain-based industrial applications: An overview, application perspectives, requirements, attacks, countermeasures, and open issues. J. Ind. Inf. Integrat. 100312 (2022)

  98. Alkhalifah, A., Ng, A., Kayes, A., Chowdhury, J., Alazab, M., Watters, P.A.: A taxonomy of blockchain threats and vulnerabilities. In: Blockchain for Cybersecurity and Privacy, pp. 3–28. CRC Press, (2020)

  99. Iqbal, M., Matulevičius, R.: Exploring sybil and double-spending risks in blockchain systems. IEEE Access 9, 76153–76177 (2021)

    Article  Google Scholar 

  100. Aponte-Novoa, F.A., Orozco, A.L.S., Villanueva-Polanco, R., Wightman, P.: The 51% attack on blockchains: a mining behavior study. IEEE Access 9, 140549–140564 (2021)

    Article  Google Scholar 

  101. Kaushik, A., Choudhary, A., Ektare, C., Thomas, D., Akram, S.: Blockchain-literature survey. In: 2017 2nd IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology (RTEICT), pp. 2145–2148. IEEE (2017)

  102. Decker, C., Wattenhofer, R.: Bitcoin transaction malleability and mtgox. In: European Symposium on Research in Computer Security, pp. 313–326. Springer (2014)

  103. Karame, G.O., Androulaki, E., Capkun, S.: Two bitcoins at the price of one? double-spending attacks on fast payments in bitcoin. Cryptology EPrint Archive (2012)

  104. Ye, C., Li, G., Cai, H., Gu, Y., Fukuda, A.: Analysis of security in blockchain: Case study in 51%-attack detecting. In: 2018 5th International Conference on Dependable Systems and Their Applications (DSA), pp. 15–24. IEEE (2018)

  105. Badertscher, C., Lu, Y., Zikas, V.: A rational protocol treatment of 51% attacks. In: Annual International Cryptology Conference, pp. 3–32. Springer (2021)

  106. Gaži, P., Kiayias, A., Russell, A.: Stake-bleeding attacks on proof-of-stake blockchains. In: 2018 Crypto Valley Conference on Blockchain Technology (CVCBT), pp. 85–92. IEEE (2018)

  107. Azouvi, S., Danezis, G., Nikolaenko, V.: Winkle: Foiling long-range attacks in proof-of-stake systems. In: Proceedings of the 2nd ACM Conference on Advances in Financial Technologies, pp. 189–201 (2020)

  108. Gemeliarana, I.G.A.K., Sari, R.F.: Evaluation of proof of work (pow) blockchains security network on selfish mining. In: 2018 International Seminar on Research of Information Technology and Intelligent Systems (ISRITI), pp. 126–130. IEEE (2018)

  109. Saad, M., Njilla, L., Kamhoua, C., Mohaisen, A.: Countering selfish mining in blockchains. In: 2019 International Conference on Computing, Networking and Communications (ICNC), pp. 360–364. IEEE (2019)

  110. Nicolas, K., Wang, Y., Giakos, G.C.: Comprehensive overview of selfish mining and double spending attack countermeasures. In: 2019 IEEE 40th Sarnoff Symposium, pp. 1–6. IEEE (2019)

  111. Nicolas, K., Wang, Y., Giakos, G.C., Wei, B., Shen, H.: Blockchain system defensive overview for double-spend and selfish mining attacks: a systematic approach. IEEE Access 9, 3838–3857 (2020)

    Article  Google Scholar 

  112. Bonneau, J.: Why buy when you can rent? In: International Conference on Financial Cryptography and Data Security, pp. 19–26. Springer (2016)

  113. Sun, H., Ruan, N., Su, C.: How to model the bribery attack: a practical quantification method in blockchain. In: European Symposium on Research in Computer Security, pp. 569–589. Springer (2020)

  114. Liao, K., Katz, J.: Incentivizing blockchain forks via whale transactions. In: International Conference on Financial Cryptography and Data Security, pp. 264–279. Springer (2017)

  115. Wang, Y., Wang, Z., Zhao, M., Han, X., Zhou, H., Wang, X., Koe, A.S.V.: Bsm-ether: Bribery selfish mining in blockchain-based healthcare systems. Inf. Sci. (2022)

  116. McCorry, P., Shahandashti, S.F., Hao, F.: Refund attacks on bitcoin’s payment protocol. In: International Conference on Financial Cryptography and Data Security, pp. 581–599. Springer (2016)

  117. Natoli, C., Gramoli, V.: The balance attack against proof-of-work blockchains: The r3 testbed as an example. arXiv preprint arXiv:1612.09426 (2016)

  118. Tosh, D.K., Shetty, S., Liang, X., Kamhoua, C.A., Kwiat, K.A., Njilla, L.: Security implications of blockchain cloud with analysis of block withholding attack. In: 2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID), pp. 458–467. IEEE (2017)

  119. Qin, R., Yuan, Y., Wang, F.-Y.: Optimal block withholding strategies for blockchain mining pools. IEEE Trans. Comput. Soc. Syst. 7(3), 709–717 (2020)

    Article  Google Scholar 

  120. Wang, Y., Yang, G., Li, T., Zhang, L., Wang, Y., Ke, L., Dou, Y., Li, S., Yu, X.: Optimal mixed block withholding attacks based on reinforcement learning. Int. J. Intell. Syst. 35(12), 2032–2048 (2020)

    Article  Google Scholar 

  121. Elliott, S.: Nash equilibrium of multiple, non-uniform bitcoin block withholding attackers. In: 2019 2nd International Conference on Data Intelligence and Security (ICDIS), pp. 144–151. IEEE (2019)

  122. Li, W., Cao, M., Wang, Y., Tang, C., Lin, F.: Mining pool game model and nash equilibrium analysis for pow-based blockchain networks. IEEE Access 8, 101049–101060 (2020)

    Article  Google Scholar 

  123. Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on ethereum smart contracts (sok). In: International Conference on Principles of Security and Trust, pp. 164–186. Springer (2017)

  124. Prasad, B., et al.: Vulnerabilities and attacks on smart contracts over blockchain. Turk. J. Comput. Math. Educ. (TURCOMAT) 12(11), 5436–5449 (2021)

    Google Scholar 

  125. Staderini, M., Palli, C., Bondavalli, A.: Classification of ethereum vulnerabilities and their propagations. In: 2020 Second International Conference on Blockchain Computing and Applications (BCCA), pp. 44–51. IEEE (2020)

  126. Zhou, H., Milani Fard, A., Makanju, A.: The state of ethereum smart contracts security: vulnerabilities, countermeasures, and tool support. J. Cybersecur. Privacy 2(2), 358–378 (2022)

    Article  Google Scholar 

  127. Rodler, M., Li, W., Karame, G.O., Davi, L.: Sereum: Protecting existing smart contracts against re-entrancy attacks. arXiv preprint arXiv:1812.05934 (2018)

  128. Zhang, M., Zhang, X., Zhang, Y., Lin, Z.: \(\{\)TXSPECTOR\(\}\): Uncovering attacks in ethereum from transactions. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 2775–2792 (2020)

  129. Fu, Y., Ren, M., Ma, F., Shi, H., Yang, X., Jiang, Y., Li, H., Shi, X.: Evmfuzzer: detect evm vulnerabilities via fuzz testing. In: Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 1110–1114 (2019)

  130. Brotsis, S., Kolokotronis, N., Limniotis, K., Bendiab, G., Shiaeles, S.: On the security and privacy of hyperledger fabric: Challenges and open issues. In: 2020 IEEE World Congress on Services (SERVICES), pp. 197–204. IEEE (2020)

  131. Dabholkar, A., Saraswat, V.: Ripping the fabric: Attacks and mitigations on hyperledger fabric. In: International Conference on Applications and Techniques in Information Security, pp. 300–311. Springer (2019)

  132. Kearney, J.J., Perez-Delgado, C.A.: Vulnerability of blockchain technologies to quantum attacks. Array 10, 100065 (2021)

    Article  Google Scholar 

  133. Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: Proceedings 35th Annual Symposium on Foundations of Computer Science, pp. 124–134. IEEE (1994)

  134. Fernandez-Carames, T.M., Fraga-Lamas, P.: Towards post-quantum blockchain: a review on blockchain cryptography resistant to quantum computing attacks. IEEE Access 8, 21091–21116 (2020)

    Article  Google Scholar 

  135. Gao, Y.-L., Chen, X.-B., Chen, Y.-L., Sun, Y., Niu, X.-X., Yang, Y.-X.: A secure cryptocurrency scheme based on post-quantum blockchain. IEEE Access 6, 27205–27213 (2018)

    Article  Google Scholar 

  136. Yin, W., Wen, Q., Li, W., Zhang, H., Jin, Z.: An anti-quantum transaction authentication approach in blockchain. IEEE Access 6, 5393–5401 (2018)

    Article  Google Scholar 

  137. Chen, J., Gan, W., Hu, M., Chen, C.-M.: On the construction of a post-quantum blockchain for smart city. J. Inf. Secur. Appl. 58, 102780 (2021)

    Google Scholar 

  138. Brotsis, S., Kolokotronis, N., Limniotis, K.: Towards post-quantum blockchain platforms (2022)

  139. Khan, K.M., Arshad, J., Khan, M.M.: Empirical analysis of transaction malleability within blockchain-based e-voting. Comput. Secur. 100, 102081 (2021)

    Article  Google Scholar 

  140. Pal, O., Alam, B., Thakur, V., Singh, S.: Key management for blockchain technology. ICT Express 7(1), 76–80 (2021)

    Article  Google Scholar 

  141. Rajab, T., Manshaei, M.H., Dakhilalian, M., Jadliwala, M., Rahman, M.A.: On the feasibility of sybil attacks in shard-based permissionless blockchains. arXiv preprint arXiv:2002.06531 (2020)

  142. Kedziora, M., Kozlowski, P., Jozwiak, P.: Security of blockchain distributed ledger consensus mechanism in context of the sybil attack. In: International Conference on Industrial, Engineering and Other Applications of Applied Intelligent Systems, pp. 407–418. Springer (2020)

  143. Swathi, P., Modi, C., Patel, D.: Preventing sybil attack in blockchain using distributed behavior monitoring of miners. In: 2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT), pp. 1–6 IEEE (2019)

  144. Otte, P., de Vos, M., Pouwelse, J.: Trustchain: a sybil-resistant scalable blockchain. FutGener. Comput. Syst. 107, 770–780 (2020)

    Google Scholar 

  145. Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on bitcoin peer-to-peer network. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 129–144 (2015)

  146. Marcus, Y., Heilman, E., Goldberg, S.: Low-resource eclipse attacks on ethereum’s peer-to-peer network. Cryptology ePrint Archive (2018)

  147. Wüst, K., Gervais, A.: Ethereum eclipse attacks. Technical report, ETH Zurich (2016)

  148. Xu, G., Guo, B., Su, C., Zheng, X., Liang, K., Wong, D.S., Wang, H.: Am i eclipsed? a smart detector of eclipse attacks for ethereum. Comput. Secur. 88, 101604 (2020)

    Article  Google Scholar 

  149. Alangot, B., Reijsbergen, D., Venugopalan, S., Szalachowski, P.: Decentralized lightweight detection of eclipse attacks on bitcoin clients. In: 2020 IEEE International Conference on Blockchain (Blockchain), pp. 337–342. IEEE (2020)

  150. Dai, Q., Zhang, B., Dong, S.: Eclipse attack detection for blockchain network layer based on deep feature extraction. Wireless Communications and Mobile Computing 2022, (2022)

  151. Saad, M., Njilla, L., Kamhoua, C., Kim, J., Nyang, D., Mohaisen, A.: Mempool optimization for defending against ddos attacks in pow-based blockchain systems. In: 2019 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), pp. 285–292. IEEE (2019)

  152. Kumar, P., Kumar, R., Gupta, G.P., Tripathi, R.: A distributed framework for detecting ddos attacks in smart contract-based blockchain-iot systems by leveraging fog computing. Trans. Emerg. Telecommun. Technol. 32(6), 4112 (2021)

    Article  Google Scholar 

  153. Jia, B., Liang, Y.: Anti-d chain: a lightweight ddos attack detection scheme based on heterogeneous ensemble learning in blockchain. China Commun. 17(9), 11–24 (2020)

    Article  MathSciNet  Google Scholar 

  154. Perazzo, P., Arena, A., Dini, G.: An analysis of routing attacks against iota cryptocurrency. In: 2020 IEEE International Conference on Blockchain (Blockchain), pp. 517–524. IEEE (2020)

  155. Apostolaki, M., Marti, G., Müller, J., Vanbever, L.: Sabre: Protecting bitcoin against routing attacks. arXiv preprint arXiv:1808.06254 (2018)

  156. Saad, M., Cook, V., Nguyen, L., Thai, M.T., Mohaisen, D.: Exploring partitioning attacks on the bitcoin network. IEEE/ACM Trans. Netw. (2021)

  157. Saad, M., Cook, V., Nguyen, L., Thai, M.T., Mohaisen, A.: Partitioning attacks on bitcoin: Colliding space, time, and logic. In: 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS), pp. 1175–1187. IEEE (2019)

  158. Kuperberg, M.: Towards an analysis of network partitioning prevention for distributed ledgers and blockchains. In: 2020 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS), pp. 94–99. IEEE (2020)

  159. Garba, A., Guan, Z., Li, A., Chen, Z.: Analysis of man-in-the-middle of attack on bitcoin address. In: ICETE (2), pp. 554–561 (2018)

  160. Ekparinya, P., Gramoli, V., Jourjon, G.: Impact of man-in-the-middle attacks on ethereum. In: 2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS), pp. 11–20. IEEE (2018)

  161. Pavloff, U., Amoussou-Guenou, Y., Tucci-Piergiovanni, S.: Ethereum proof-of-stake under scrutiny. In: Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing, pp. 212–221 (2023)

  162. Shahriar, M.A., Bappy, F.H., Hossain, A.F., Saikat, D.D., Ferdous, M.S., Chowdhury, M.J.M., Bhuiyan, M.Z.A.: Modelling attacks in blockchain systems using petri nets. In: 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1069–1078. IEEE (2020)

  163. Joshi, K., Bhatt, C., Shah, K., Parmar, D., Corchado, J.M., Bruno, A., Mazzeo, P.L.: Machine-learning techniques for predicting phishing attacks in blockchain networks: a comparative study. Algorithms 16(8), 366 (2023)

    Article  Google Scholar 

  164. Luu, L., Chu, D.-H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269 (2016)

  165. Zhou, E., Hua, S., Pi, B., Sun, J., Nomura, Y., Yamashita, K., Kurihara, H.: Security assurance for smart contract. In: 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–5. IEEE (2018)

  166. Kalra, S., Goel, S., Dhawan, M., Sharma, S.: Zeus: analyzing safety of smart contracts. In: Ndss, pp. 1–12 (2018)

  167. Ghaleb, A., Pattabiraman, K.: How effective are smart contract analysis tools? evaluating smart contract static analysis tools using bug injection. In: Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 415–427 (2020)

  168. Grossman, S., Abraham, I., Golan-Gueta, G., Michalevsky, Y., Rinetzky, N., Sagiv, M., Zohar, Y.: Online detection of effectively callback free objects with applications to smart contracts. Proc. ACM Program. Lang. 2(POPL), 1–28 (2017)

    Article  Google Scholar 

  169. Cook, T., Latham, A., Lee, J.H.: DappGuard: active monitoring and defense for solidity smart contracts (2017). Accessed (2018)

  170. Uddin, M.S., Mannan, M., Youssef, A.: Horus: A security assessment framework for android crypto wallets. In: International Conference on Security and Privacy in Communication Systems, pp. 120–139. Springer (2021)

  171. Ji, R., He, N., Wu, L., Wang, H., Bai, G., Guo, Y.: Deposafe: Demystifying the fake deposit vulnerability in ethereum smart contracts. In: 2020 25th International Conference on Engineering of Complex Computer Systems (ICECCS), pp. 125–134. IEEE (2020)

  172. Chang, J., Gao, B., Xiao, H., Sun, J., Cai, Y., Yang, Z.: scompile: Critical path identification and analysis for smart contracts. In: International Conference on Formal Engineering Methods, pp. 286–304. Springer (2019)

  173. Akca, S., Rajan, A., Peng, C.: Solanalyser: A framework for analysing and testing smart contracts. In: 2019 26th Asia-Pacific Software Engineering Conference (APSEC), pp. 482–489. IEEE (2019)

  174. Lu, N., Wang, B., Zhang, Y., Shi, W., Esposito, C.: Neucheck: a more practical ethereum smart contract security analysis tool. Softw.: Pract. Exp. 51(10), 2065–2084 (2021)

    Google Scholar 

  175. Permenev, A., Dimitrov, D., Tsankov, P., Drachsler-Cohen, D., Vechev, M.: Verx: Safety verification of smart contracts. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1661–1677. IEEE (2020)

  176. So, S., Lee, M., Park, J., Lee, H., Oh, H.: Verismart: A highly precise safety verifier for ethereum smart contracts. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1678–1694. IEEE (2020)

  177. Ducasse, S., Rocha, H., Bragagnolo, S., Denker, M., Francomme, C.: Smartanvil: Open-Source Tool Suite for Smart Contract Analysis. Routledge (2019)

  178. Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Gollamudi, A., Gonthier, G., Kobeissi, N., Kulatova, N., Rastogi, A., Sibut-Pinote, T., Swamy, N., et al.: Formal verification of smart contracts: Short paper. In: Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, pp. 91–96 (2016)

  179. Tsankov, P., Dan, A., Drachsler-Cohen, D., Gervais, A., Buenzli, F., Vechev, M.: Securify: Practical security analysis of smart contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 67–82 (2018)

  180. Tikhomirov, S., Voskresenskaya, E., Ivanitskiy, I., Takhaviev, R., Marchenko, E., Alexandrov, Y.: Smartcheck: Static analysis of ethereum smart contracts. In: Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain, pp. 9–16 (2018)

  181. Feist, J., Grieco, G., Groce, A.: Slither: a static analysis framework for smart contracts. In: 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), pp. 8–15. IEEE (2019)

  182. Mossberg, M., Manzano, F., Hennenfent, E., Groce, A., Grieco, G., Feist, J., Brunson, T., Dinaburg, A.: Manticore: A user-friendly symbolic execution framework for binaries and smart contracts. In: 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 1186–1189. IEEE (2019)

  183. Nikolić, I., Kolluri, A., Sergey, I., Saxena, P., Hobor, A.: Finding the greedy, prodigal, and suicidal contracts at scale. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 653–663 (2018)

  184. Torres, C.F., Schütte, J., State, R.: Osiris: Hunting for integer bugs in ethereum smart contracts. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 664–676 (2018)

  185. Sivachokkapu: ReviveCC GitHub Repository. https://github.com/sivachokkapu/revive-cc

  186. Labs, H.: Chaincode Analyzer - Hyperledger Labs. Accessed on 02 Aug 2023. https://labs.hyperledger.org/labs/archived/chaincode-analyzer.html

  187. Kaiser, T.: Chaincode Scanner: Automated Security Analysis of Chaincode. ChainSecurity. Last access on 3 Sept 2023. https://chainsecurity.com/audits

  188. Honnef, D.: Go Code Analysis. Accessed on 03 Aug 2023. https://github.com/dominikh/go-tools

  189. Ferreira, J.F., Cruz, P., Durieux, T., Abreu, R.: Smartbugs: a framework to analyze solidity smart contracts. In: Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering, pp. 1349–1352 (2020)

  190. SmartBugs: SmartBugs Curated Dataset. https://github.com/smartbugs/smartbugs-curated/tree/main/dataset

  191. DASP: DASP - Decentralized Application Security Project. https://dasp.co/

  192. Eyo, V.: Hyperledger Fabric Smart Contract (Accessed on 03 Aug 2023). https://victoryeo-62924.medium.com/hyperledger-fabric-smart-contract-cab9801a01fa

  193. IBM Blockchain Archive: Car Lease Demo - IBM Blockchain Archive. last access 2023. https://github.com/IBM-Blockchain-Archive/car-lease-demo

  194. Yang, R.: BlockChain - Gitea Repository. Last access 03 Aug 2023. https://gitea.com/yangrui/BlockChain

  195. Tam, K.: Deep-Dive Into FabCar: A Complete Application Example on Hyperledger Fabric (Part 1). https://kctheservant.medium.com/deep-dive-into-fabcar-part-1-57c2530148a0

  196. Wall, M.: Hyperledger Fabric Lottery Chaincode - GitHub Repository. Last access 03/09/2023. https://github.com/mihalw/hyperledger-fabric-lottery-chaincode

  197. Decred Developers: Decred Generator Code. Last access on 03 Aug 2023 (Year Accessed). https://github.com/decred/dcrd/blob/master/blockchain/chaingen/generator.go

Download references

Acknowledgements

All authors certify that they have no affiliations with or involvement in any organization or entity with any financial interest or non-financial interest in the subject matter or materials discussed in this manuscript.

Funding

The authors have no relevant financial or non-financial interests to disclose.

Author information

Authors and Affiliations

  1. Digital Research Center of Sfax (CRNS), Laboratory of Signals, systeMs, aRtificial Intelligence, neTworkS (SM@RTS), Sfax, Tunisia

    Ahlem Hamdi

  2. Computer Science Department, Computer Science and Multimedia Higher Institute, Sfax University, Sfax, Tunisia

    Lamia Fourati

  3. Institute Charles Delaunay-ERA, University of Technology of Troyes, Troyes, France

    Samiha Ayed

Authors
  1. Ahlem Hamdi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lamia Fourati
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Samiha Ayed
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

AH conducted the simulations and crafted several figures, while AH and LF collaborated on composing the core manuscript text and refining various graphical elements. The structural design of the paper and comprehensive paper reviews were carried out by LF and SA. Additionally, LF took the lead in meticulously revising the paper during both the initial and subsequent revision rounds.

Corresponding author

Correspondence to Lamia Fourati.

Ethics declarations

Conflict of interest

The authors have no competing interests to declare that are relevant to the content of this article.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Hamdi, A., Fourati, L. & Ayed, S. Vulnerabilities and attacks assessments in blockchain 1.0, 2.0 and 3.0: tools, analysis and countermeasures. Int. J. Inf. Secur. 23, 713–757 (2024). https://doi.org/10.1007/s10207-023-00765-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-023-00765-0

Keywords

Search

Navigation