The main vulnerability in blockchain — you!
Back to 2009
Who is Hal Finney and travel to 2009
Blockchain become one of the most interesting place for last few years. Of course, there are a lot of funds and many people wanna get it. There are three group of people in crypto-world now. Who create the projects, who invest into them and who hack them. First and third groups are most clever in this group, and in most cases third group is more clever. It happens because lot of projects built just for earning money. But this article will be about Hal Finney and Blockchain attack.
Maybe some of you saw before this diagram, it taken from Vitalik Buterins’ website . The diagram shows three constituencies — the minority, the majority and the protocol (users), and four arrows representing possible adversarial actions: the minority attacking the protocol, the minority attacking the majority, the majority attacking the protocol, and the majority attacking the minority. Interesting for us minority to protocol attack calls Finney attack. We will consider just this attack, but at first let’s see who is Hal Finney. He was an early Bitcoin user and received the first bitcoin transaction. Finney lived in the same town for 10 years that Dorian Satoshi Nakamoto lived (Temple City, California), adding to speculation that he may have been Bitcoin’s creator. He died in 2014, however his last transaction was 10 months ago, but this is another history for another story. He was the first one who suggest this attack and attack got his name. So let’s dive into this attack.
Hal Finneys’ attack in depth
Let’s imagine you are miner and in the block you are trying to find, you include a transaction which sends some of your coins back to yourself, without broadcasting this transaction. And when you find a block, you do not broadcast it. Instead, you send the same coins to a merchant for some goods or service. After the merchants accepts the payment and irreversibly provides the service, you broadcast this block. The transaction that sends the coins to you, included in this block, will override the unconfirmed payment to the merchant. And you will get your coins back and goods for a free.
So it’s a double spending attack with some features: if merchant accepts unconfirmed transactions, if you are mining and and controlling the content of your blocks. If the time from finding the block until you send payment and the merchant accepts it is t, and the average time to find a block is T, there is a probability of t/T that another block will be found on the network in this time. In this case the attack will fail, and you will lose the block reward.
The main vulnerability
People hacking
So the main vulnerability is merchants’ approval before confirmation of the block. And the main issue in many projects their creators, because they don’t understand how their project works, how smart contract works, problems in their project, bugs which can occur. And the weakest place of project its team, because it’s easier to hack some member of team than to find bugs in project. If you will analyse hack statistics, you’ll find that social engineering is in the first place, that means people is the main problem in projects and if your team has non-professionals you’ll get troubles in future.
How we protect the service
Blockchain is new and therefore full of mistakes. And Hal Finneys bug for now becomes not actual. Lot of market-like services which get payment in Bitcoin know about this bug and so they are waiting for 6 confirmations before approving order and so protect themselves. One of the projects i’ve participated in developing is https://blockdeblock.com, service for buying cryptowears. On its backend we used HDKeys library for generating new addresses, the technology which based on Bitcoins’ standards bip-39, bip44, and bip32. In a nutshell you have one private key and can generate as much as you want addresses using this private key and all your coins will be in one wallet. For approving payment we checked if transaction has at least 6 confirmations in Bitcoin and 20 in Ethereum.
Summary
Love blockchain, trust in Blockchain, build Blockchain!
All problems in blockchain related to people mistakes and can be solved just by doing their jobs correctly. Blockchain is one of the most amazing technologies for now and can be used for improve all around the world, we need just use it in correct way.