Blockchain – the shared and binding ledger that records online financial transactions and tracks a business network’s assets – is not as secure as its image suggests, according to researchers from University of Gloucestershire.
Sepideh Mollajafari, a blockchain security expert at the University’s School of Computing and Engineering, has found that ‘decentralisation’ – the foundation of Blockchain security which works by shifting control from a central individual or group to a distributed network – is not without its security risks.
Blockchain is not without security risks
Mollajafari explains: ’One of the key ideals of Blockchain Technology stems from its decentralised structure that no central authority can control. Blockchain ‘decentralised autonomous organisations,’ or DAOs, should offer near impenetrable security by reducing the level of trust people have to place in a single decision-makers’ ability to control or exert authority over the network.
‘However, by carrying out a detailed examination of smart contracts – the programs stored on a blockchain that automatically execute agreements so all participants are immediately certain of the outcome – we have found a major problem exists.
Reducing the vulnerabilities of smart contracts
‘The heart of the matter is that, despite blockchain’s claim that they cannot be controlled by a single decision-maker, current flaws in the way smart contracts are written mean that certain weaknesses are open to being exploited, yielding an unwanted centralised authority’.
‘Centralisation risks are vulnerabilities that can be exploited by malicious Blockchain project developers and external attackers. Developers could write a smart contract with centralised privileges that control the system, potentially involving a single user or organisation which has hidden powers to set token interest amounts, fees, or even withdraw money’.
Reducing blockchain security risk
As a result, Mollajafari and her team’s research is focusing intently on a systematic investigation of different types of smart contract vulnerabilities, while creating a detailed catalogue of countermeasures that will reduce security risks.
The next and most important step, she explains, is to develop smart contracts in a way that enhances the security of Blockchain transactions.
For you
Be part of something bigger, join BCS, The Chartered Institute for IT.
We are re-writing the smart contract concept to take into account the vulnerability of ‘one owner control,’ which recognises the risk of unwanted centralisation in Blockchain,’ Mollajafari continues.
‘Our research is focused on enhancing the security of codes written for DAO contracts which will allow anyone to create an autonomous proposal and voting process. This will deliver a genuinely decentralised and much more secure Blockchain process that matches a proposal and checks its status before a pending transaction is completed.’
Blockchain isn't reaching its full potential
Professor Kamal Bechkoum, Head of University of Gloucestershire’s School of Computing and Engineering, adds: ‘Blockchain technology is not reaching its full potential, often because users don’t trust each other or the security of the systems.
‘Although the recent Ethereum merge from proof-of-work to a new consensus mechanism, proof-of-stake, promises to provide a secure platform with low energy consumption, there is still risk of centralisation. This is because the validation of blocks is controlled by validators who hold the majority of the token.
‘The work being carried out at University of Gloucestershire aims to identify and shut down such vulnerabilities and help make blockchain-based systems much more trustworthy. The practical security and commercial opportunities are tremendous.’