Distributed ledger technology (DLT) and blockchain, like Bitcoin and Ethereum, may be more vulnerable to centralization risks than initially thoughtaccording to Trail of Bits.
The security firm on Tuesday published its report titled “Are Blockchains Decentralized?” (Are blockchains decentralized?), which was commissioned by the Defense Advanced Research Projects Agency (DARPA) of the United States Government.
The report aims to investigate whether blockchains, including Bitcoin and Ethereum, are truly decentralized.although the report appears to focus primarily on Bitcoin.
Among its main conclusions, the security company discovered that stale Bitcoin nodes, unencrypted blockchain mining pools, and most unencrypted Bitcoin network traffic passing through only a limited number of ISPs could leave room for various actors to gain excessive, centralized control over the network.
bitcoin nodes
The report stated that a subnetwork of Bitcoin nodes is largely responsible for reaching consensus and communicating with miners and that a “vast majority of nodes do not contribute significantly to the health of the network”.
He also found that the 21% of Bitcoin nodes are running an old version of the Bitcoin Core client, which is known to have vulnerability issues such as consensus bugs. He states that “it is vital that all DLT nodes run on the same latest software version, otherwise consensus errors can occur and lead to a blockchain fork.”.
A Bitcoin node is any computer that stores and verifies blocks on the blockchain. Nodes are used to monitor the health and security of the Bitcoin blockchain and validate the correctness of transactions.. The current version that all nodes must be running is Bitcoin Core 22.0.
Another conclusion of the report is that the protocol of the Bitcoin mining pool, Stratum, is not encrypted or authenticated..
This means that malicious attacks can be performed to “estimate a miner’s hashrate and payouts in the pool” and “manipulate Stratum messages to steal CPU cycles and payouts from mining pool participants”.
Channeling through ISP
The authors also found vulnerabilities in the infrastructure, based on the fact that Bitcoin protocol traffic is not encrypted and 60% of network traffic passes through just three ISPs..
This is a problem because “ISPs and hosting providers have the ability to arbitrarily downgrade or deny service to any node”.
The report contains 26 pages of detailed information, data and infographics. DARPA was founded in 1958 and is responsible for developing emerging technologies for use by the United States Department of Defense agency and the US military. Trail of Bits is a cybersecurity research and consulting firm that was contracted by DARPA to produce the report..
The report comes at an interesting time, after concerns about centralization were raised at Solana.
On Sunday, the decentralized financial lending (DeFi) protocol Solana-based Solend spontaneously crafted a governance proposal with the aim of taking over the wallet of a whale facing liquidation that threatened to embarrass Solend and its users.
The proposal, which was approved by a whale, saw the immediate response from Twitter, and the creation of another governance vote to invalidate the previously approved proposal. Observers argue that the move could cause damage to DeFi’s overall image, as taking control of one of Solend’s wallets means DeFi’s fundamental principles are called into question, and reversing a vote wasn’t much better..
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.