ABCDEFGHIJKLMNOPQRSTUVWXYZAAAB
1
Name of weakness
Alternate names
DescriptionContributes to
Affected Technology/Components
Affects/does not affect specific implementations
CWE(s)Related ItemsRelated CWE(s)Source Material
Extended Description
Modes of Introduction
Phase
Applicable Platforms
Common Consequences
Demonstrative Examples
Observed Examples
Memberships
Taxonomy Events
Related Attack Patterns
ReferencesGoogle DocGithub Doc
Realistic technical expertise to exploit
Realistic cost to exploit
Realistic business impact
2
Account HijackingNode User, Exchange
3
API Exposure
RPC API Exposure
If an API is improperly exposed an attacker can attack it
Blockchain Network Level
4
Artificial Difficulty Increases
Blockchain Network Level
5
Balance Attack
https://ieeexplore.ieee.org/document/8023156
6
Bitcoin lightning - Eclipse Attack Time Dilation
https://www.coindesk.com/bitcoin-lightning-network-vulnerabilities-not-exploited-yet
7
Bitcoin lightning - flood and loot
https://www.coindesk.com/bitcoin-lightning-network-vulnerabilities-not-exploited-yet
8
Bitcoin lightning - pinning
https://www.coindesk.com/bitcoin-lightning-network-vulnerabilities-not-exploited-yet
9
Bitcoin lightning - spamming payment micropayments
https://www.coindesk.com/bitcoin-lightning-network-vulnerabilities-not-exploited-yet
10
Block Forger DoS
Blockchain Network Level
11
Block Mining Finney Attack
Consensus Attack
Blockchain Network Level
https://bitcoin.stackexchange.com/questions/4942/what-is-a-finney-attack
12
Block Mining Race AttackA variation on the Finney attack
Consensus Attack
Blockchain Network Level
13
Block Mining Timejack Attack
By isolating a node the time signal can be manipulated getting the victim out of synchronization
Consensus Attack
Blockchain Network Level
14
Block Reordering Attack
Certain cryptographic operations (such as using CBC or ECB incorrectly) allow blocks to be re-ordered and the results will still decrypt properly
Cryptography
15
Blockchain IngestionMultiple
16
Blockchain Network Lacks Hash Capacity
The Blockchain/DLT network lacks hashing capacity, an attacker can rent sufficient hashing power to execute a 51% Attack
Consensus Majority Attack
Blockchain Network Level
DLTI-2020-01-26-1, DLTI-2020-02-11-1, DLTI-2018-10-24-1
17
Blockchain Network Partitioning Attack
Partition Routing Attack
Consensus Majority Attack
Blockchain Network Level
18
Blockchain Peer flooding Attack
Unlimited node creation
By creating a large number of fake peers in a network (peer to peer or otherwise) an attacker can cause real nodes to slow down or become non responsive as they attempt to connect to the newly announced peers.
Blockchain Network Level
https://lisk.io/blog/development/lisk-core-2.0.1-released-fix-p2p-network-vulnerability
19
Blockchain Peer flooding Attack Slowloris variant
By creating a large number of slow peers (real systems that respond very slowly to network requests) in a network an attacker can cause real nodes to slow down or become non responsive as they attempt to connect to the newly announced peers. Unlike fake peers that do not exist these slowloris peers are real but communicate slowly enough to hold sockets and resources open for minutes or hours.
Blockchain Network Level
https://lisk.io/blog/development/lisk-core-2.0.1-released-fix-p2p-network-vulnerability
20
Blockchain reorganization attack
Alternative history attack, history rewrite attack
Also referred to as an alternative history attack
Blockchain Network Level
Double Spending
21
Blockchain Weak Sources of Randomness
Blockchain Network Level
22
Consensus 34% Attack
34% Attack against BFT network, a specific instance of Consensus Majority Attack
Consensus Majority Attack
Blockchain Network Level
https://github.com/cloudsecurityalliance/Glossary/blob/master/glossary/3/34%25%20attack%20(aka%20Consensus%20HiJacking).md
23
Consensus 51% Attack
51% Attack against DLT network, a specific instance of Consensus Majority Attack
Consensus Majority Attack
Blockchain Network Level
https://github.com/cloudsecurityalliance/Glossary/blob/master/glossary/5/51%25%20attack%20(aka%20Consensus%20HiJacking).md
24
Consensus Attack
Attacks against the consensus protocol and system in use can take many forms and are not limited to gaining control of the consensus mechanism but can also be used to slow down consensus for example
Blockchain Network Level
25
Consensus Attack against PoS
26
Consensus Attack against PoW
27
Consensus Delay Attack
Consensus Delay Attacks can allow malicious miners to gain time in order to execute other attacks
Consensus Attack
Blockchain Network Level
28
Consensus Majority Attack
Attackers can try to gain a consensus majority in order to control the contents of the Blockchain
Consensus Attack
Blockchain Network Level
29
Credential Stuffing
Attackers use spilled or otherwise leaked credentials and account names to try name/password combinations with a higher likelihood of success against services requiring authentication
Exchange
https://owasp.org/www-community/attacks/Credential_stuffing
30
Cryptomining
Cryptojacking
Cryptomining (also known as Cryptojacking) involves an attacker using a victims compute resources to mine crypto currencies, this can range from using malware to stolen credentials to gain access to systems
multiple
31
Cryptomining Malware
Cryptojacking Malware
Multiple
32
Data corruptionOracles
33
Dictionary Attack
Attackers use dictionaries of known passwords, a subset of brute force attacks, this can be used against services requiring login, or against cryptographically protected data requiring a password or passphrase to access it such as a wallet
Exchange, Wallet
Credential stuffing
34
Distributed-Denial-of-Service AttackDDoS Attack
Blockchain Network Level
35
DNS AttacksMultiple
36
DoS against Ethereum 2.0 validator to trigger penalty for being offline
Blockchain Network Level
https://codefi.consensys.net/blog/rewards-and-penalties-on-ethereum-20-phase-0
37
Double Spending Attack
Blockchain Network Level
38
Download of Data Without Integrity Check
Multiple
CWE-494 / SIngle perspective
39
Dusting attackWallet
40
Eclipse Attack
Consensus Majority Attack
Blockchain Network Level
https://github.com/cloudsecurityalliance/Glossary/blob/master/glossary/E/Eclipse%20Attack.md
41
EOS RAM Vulnerability
Blockchain Network Level
https://www.reddit.com/r/eos/comments/9akg1y/eosio_ram_exploit_please_read/
42
ERC20 token transfer to self token address (and possibly other tokens)
When sending ERC-20 (and possibly other types) tokens to a contract it is possible to send them to the contract itself resulting in the tokens becoming "stuck". Two defenses to rpevent this are possible 1) add a check to prevent this, which costs gas, 2) Have wallets/other software check for and prevent this, 3) set the token balance of the contract to infinity so an integer overflow occurs if it tries to transfer tokens to itself (please note this may have other unintended consequences)
Smart Contract
https://twitter.com/krzKaczor/status/1367884793988407302
43
Ethereum Solidity prior to 0.5.0 view promise not enforced
Ethereum Solidity prior to 0.5.0 did not enforce the view promise
https://circle.cloudsecurityalliance.org/community-home1/digestviewer/viewthread?GroupId=133&MessageKey=2fce11ab-c223-4718-8310-3058e0a2fbb6&CommunityKey=a9786cbe-105a-420f-a353-8bbe10ab684d&tab=digestviewer&ReturnUrl=%2fcommunity-home1%2fdigestviewer%3ftab%3ddigestviewer%26CommunityKey%3da9786cbe-105a-420f-a353-8bbe10ab684d&SuccessMsg=Thank%20you%20for%20submitting%20your%20message.
44
Evil Maid attack
The evil maid attack is generally accepted as a situation where someone has temporary access to your hardware (e.g. a hotel maid) for several minutes or hours, and does not want to leave evidence of tampering if possible.
Exchange, Wallet
45
Failure to Update
Failure to update software with known security vulnerabilities can result in known vulnerabilities being present and exploited
Node User
46
Fixed Consensus Termination
47
Flash Loans
Flash Loan Attacks
48
Flawed Blockchain Network Design
Blockchain Network Level
49
Fork-after-withhold AttackFAW Attack
Malicious Mining
Consensus Protocols
50
FreeloadingOracles
51
Front RunningMultiple
52
Front Running displacementMultipleDLTSEC-0004
53
Front Running insertionMultipleDLTSEC-0004
54
Front Running Mempool
Front running by looking at the contents of the mempool or other public sources of transactions that are being processed but have not yet been finalized. Attackers can potentially "beat" items in the mempool by offering higher payments for their own transactions
Multiple
https://consensys.github.io/smart-contract-best-practices/known_attacks/ https://medium.com/@danrobinson/ethereum-is-a-dark-forest-ecc5f0505dff
55
Front Running Oracle
Front running by monitoring oracles especially where the oracle data has to be entered on chain to be acted on can create arbitrage oppurtunities
https://medium.com/@galvanek.m/synthetix-the-battlefield-a15a7104587c
56
Front Running suppressionMultipleDLTSEC-0004
57
Frozen etherSmart Contract
https://arxiv.org/pdf/1908.04507.pdf
58
Gas Limit DoS on the Blockchain Network via Block Stuffing
Block Stuffing
Blockchain Network Level
https://consensys.github.io/smart-contract-best-practices/known_attacks/
59
Hard fork software update
Blockchain Network Level
60
Hash functions
Using weak hash functions (e.g. MD5) or using them incorrectly (e.g. failure to include a nonce to prevent replay attacks) can result in vulnerabilities
Cryptography
61
Homomorphic encryptionCryptography
62
Identity and Access Management Overview
Node User
63
Immutable Bugs
DLT/Blockchains can include immutable data, protocols, smart contract implementations and so on, thus it is possible that a vulnerability can be found in a component that cannot be updated at all, or reasonably (e.g. it would require a governance decision or change to update)
Multiple
64
Implementation of something they should use a standard library for
Should we codify some version of "Not invented here" syndrome as a vulnerability class?
Multiple
DLTI-2019-02-26-01
65
Indistinguishable chains
If a transaction lacks information it is possible that the wrong chain may be used when sending the transaction in.
Data Layer
66
Insecure API ConnectionsNode User
67
Insider ThreatMultiple
68
Leading ether to arbitrary addressMultiple
69
Long-Range AttackConsensus Protocols
70
Lost ether in the transaction
71
Majority attackOracles
72
Malfunctioned MSPNode User
73
Malicious MiningConsensus ProtocolsConsensus Attack
74
Malicious Web Extensions
A number of malicious web browser extensions have been found that steal crypto currency credentials or conduct crypto mining on the users web browser
Multiple
DLTI-2020-04-14-4
75
Membership Service Provider AttacksNode User
76
MirroringOracles
77
Multi-Factor Authentication (MFA)MFA
78
Multiple signaturesCryptography
79
Namespace squatting on internal packages
Software is built using private packages hosted internally, however if the system fails internally it may attempt to pull the package from the public repositories which might be attacker controlled
https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610
80
Network Routing Attacks
Network routing attacks allow attackers to partition the blockchain network (for example via DNS or BGP based attacks) or otherwise manipulate nodes in order to aid in other attacks
Consensus Majority Attack
Multiple
https://github.com/cloudsecurityalliance/Glossary/blob/master/glossary/N/Network%20Routing%20Attacks.md
81
Non-existent accounts
In some blockchains it is possible to create accounts/wallets that are not present on the blockchain which can result in problems
82
Nothing at Stake
Some consensus protocol require staking of assets in order to participate in decision making (consensus or governance), if an attacker can stake nothing or nothing of value they can participate in decision making (consensus or governance) and influence it when theys hould not be able to.
Consensus Protocols
83
On-chain data confidentialityOracles
84
Orphan BlocksMultiple
85
Parity Multisig Wallet Attack
Access to "initWallet" method was not properly restricted in the Parity multisig wallet software
Wallet
DLTI-2017-11-06-1
86
Permissioned Blockchain MSP DoS
Blockchain Network Level
87
Phishing AttackExchange, Wallet
88
Pool Hopping
https://bitcoin.stackexchange.com/questions/5072/what-is-pool-hopping
89
Private Key Leakage AttackNode User
90
Public peer selection
Blockchain Network Level
91
Replay Attack
Blockchain Network Level
92
Requirement of keeping real world PII data associated with crypto wallet addresses
Some regulatory frameworks require real world PII data such as name and address to be kept associated with crypto wallet addresses, this allows current net worth and future net worth to be determined, as well as associating data that can be used to execute real world attacks (e.g. kidnapping) with actual assets that are highly liquid and easy to transfer.
Exchange, Wallet
93
Ring signaturesCryptography
94
RPC Call vulnerabilityNode User
95
Selfish Mining Attack (Block Withholding Attack)
Malicious Mining
Consensus Protocols
96
SIM Swap
Through a number of means (stolen credentials, social engineering, phishing, etc.) an attacker can hijack a phone number (the "SIM") and redirect calls/texts to a device under their control, if SMS or phone based 2FA/MFA is used this would allow the attacker to use it.
Multiple
97
Single Perspective ValidationSingle Perspective ValidationMultiple
https://docs.google.com/document/d/1ntVHuprosF15UdDU7EOjm6Kfq2NXB-IATuhFP0a7NZY/edit
98
Smart Contract Use of Outdated Compiler Version
Smart Contract
CWE-937: Using Components with Known Vulnerabilities
https://swcregistry.io/docs/SWC-102
99
Smart Contract Access Control - Smart Contract Initialization
Smart Contract
100
Smart Contract Arbitrary Jump with Function Type Variable
Smart Contract
CWE-695: Use of Low-Level Functionality
https://swcregistry.io/docs/SWC-127