A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | AA | AB | AC | ||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Name of weakness | Lead(s) Name | Alternate names | Description | Contributes to | Affected Technology/Components | Affects/does not affect specific implementations | CWE(s) | Related Items | Related CWE(s) | Source Material | Extended Description | Modes of Introduction | Phase | Applicable Platforms | Common Consequences | Demonstrative Examples | Observed Examples | Memberships | Taxonomy Events | Related Attack Patterns | References | Google Doc | Github Doc | ||||||
2 | Account Hijacking | Node User, Exchange | ||||||||||||||||||||||||||||
3 | API Exposure | RPC API Exposure | If an API is improperly exposed an attacker can attack it | Blockchain Network Level | ||||||||||||||||||||||||||
4 | Artificial Difficulty Increases | Blockchain Network Level | ||||||||||||||||||||||||||||
5 | Balance Attack | https://ieeexplore.ieee.org/document/8023156 | ||||||||||||||||||||||||||||
6 | Bitcoin lightning - Eclipse Attack Time Dilation | https://www.coindesk.com/bitcoin-lightning-network-vulnerabilities-not-exploited-yet | ||||||||||||||||||||||||||||
7 | Bitcoin lightning - flood and loot | https://www.coindesk.com/bitcoin-lightning-network-vulnerabilities-not-exploited-yet | ||||||||||||||||||||||||||||
8 | Bitcoin lightning - pinning | https://www.coindesk.com/bitcoin-lightning-network-vulnerabilities-not-exploited-yet | ||||||||||||||||||||||||||||
9 | Bitcoin lightning - spamming payment micropayments | https://www.coindesk.com/bitcoin-lightning-network-vulnerabilities-not-exploited-yet | ||||||||||||||||||||||||||||
10 | Block Forger DoS | Blockchain Network Level | ||||||||||||||||||||||||||||
11 | Block Mining Finney Attack | Consensus Attack | Blockchain Network Level | https://bitcoin.stackexchange.com/questions/4942/what-is-a-finney-attack | ||||||||||||||||||||||||||
12 | Block Mining Race Attack | A variation on the Finney attack | Consensus Attack | Blockchain Network Level | ||||||||||||||||||||||||||
13 | Block Mining Timejack Attack | By isolating a node the time signal can be manipulated getting the victim out of synchronization | Consensus Attack | Blockchain Network Level | ||||||||||||||||||||||||||
14 | Block Reordering Attack | Certain cryptographic operations (such as using CBC or ECB incorrectly) allow blocks to be re-ordered and the results will still decrypt properly | Cryptography | |||||||||||||||||||||||||||
15 | Blockchain Ingestion | Multiple | ||||||||||||||||||||||||||||
16 | Blockchain Network Lacks Hash Capacity | The Blockchain/DLT network lacks hashing capacity, an attacker can rent sufficient hashing power to execute a 51% Attack | Consensus Majority Attack | Blockchain Network Level | DLTI-2020-01-26-1, DLTI-2020-02-11-1, DLTI-2018-10-24-1 | |||||||||||||||||||||||||
17 | Blockchain Network Partitioning Attack | Partition Routing Attack | Consensus Majority Attack | Blockchain Network Level | ||||||||||||||||||||||||||
18 | Blockchain Peer flooding Attack | Unlimited node creation | By creating a large number of fake peers in a network (peer to peer or otherwise) an attacker can cause real nodes to slow down or become non responsive as they attempt to connect to the newly announced peers. | Blockchain Network Level | https://lisk.io/blog/development/lisk-core-2.0.1-released-fix-p2p-network-vulnerability | |||||||||||||||||||||||||
19 | Blockchain Peer flooding Attack Slowloris variant | By creating a large number of slow peers (real systems that respond very slowly to network requests) in a network an attacker can cause real nodes to slow down or become non responsive as they attempt to connect to the newly announced peers. Unlike fake peers that do not exist these slowloris peers are real but communicate slowly enough to hold sockets and resources open for minutes or hours. | Blockchain Network Level | https://lisk.io/blog/development/lisk-core-2.0.1-released-fix-p2p-network-vulnerability | ||||||||||||||||||||||||||
20 | Blockchain reorganization attack | Alternative history attack, history rewrite attack | Also referred to as an alternative history attack | Blockchain Network Level | Double Spending | |||||||||||||||||||||||||
21 | Blockchain Weak Sources of Randomness | Blockchain Network Level | ||||||||||||||||||||||||||||
22 | Consensus 34% Attack | 34% Attack against BFT network, a specific instance of Consensus Majority Attack | Consensus Majority Attack | Blockchain Network Level | https://github.com/cloudsecurityalliance/Glossary/blob/master/glossary/3/34%25%20attack%20(aka%20Consensus%20HiJacking).md | |||||||||||||||||||||||||
23 | Consensus 51% Attack | 51% Attack against DLT network, a specific instance of Consensus Majority Attack | Consensus Majority Attack | Blockchain Network Level | https://github.com/cloudsecurityalliance/Glossary/blob/master/glossary/5/51%25%20attack%20(aka%20Consensus%20HiJacking).md | |||||||||||||||||||||||||
24 | Consensus Attack | Attacks against the consensus protocol and system in use can take many forms and are not limited to gaining control of the consensus mechanism but can also be used to slow down consensus for example | Blockchain Network Level | |||||||||||||||||||||||||||
25 | Consensus Attack against PoS | |||||||||||||||||||||||||||||
26 | Consensus Attack against PoW | |||||||||||||||||||||||||||||
27 | Consensus Delay Attack | Consensus Delay Attacks can allow malicious miners to gain time in order to execute other attacks | Consensus Attack | Blockchain Network Level | ||||||||||||||||||||||||||
28 | Consensus Majority Attack | Attackers can try to gain a consensus majority in order to control the contents of the Blockchain | Consensus Attack | Blockchain Network Level | ||||||||||||||||||||||||||
29 | Credential Stuffing | Attackers use spilled or otherwise leaked credentials and account names to try name/password combinations with a higher likelihood of success against services requiring authentication | Exchange | https://owasp.org/www-community/attacks/Credential_stuffing | ||||||||||||||||||||||||||
30 | Cryptomining | Cryptojacking | Cryptomining (also known as Cryptojacking) involves an attacker using a victims compute resources to mine crypto currencies, this can range from using malware to stolen credentials to gain access to systems | multiple | ||||||||||||||||||||||||||
31 | Cryptomining Malware | Cryptojacking Malware | Multiple | |||||||||||||||||||||||||||
32 | Data corruption | Oracles | ||||||||||||||||||||||||||||
33 | Dictionary Attack | Attackers use dictionaries of known passwords, a subset of brute force attacks, this can be used against services requiring login, or against cryptographically protected data requiring a password or passphrase to access it such as a wallet | Exchange, Wallet | Credential stuffing | ||||||||||||||||||||||||||
34 | Distributed-Denial-of-Service Attack | DDoS Attack | Blockchain Network Level | |||||||||||||||||||||||||||
35 | DNS Attacks | Multiple | ||||||||||||||||||||||||||||
36 | DoS against Ethereum 2.0 validator to trigger penalty for being offline | Blockchain Network Level | https://codefi.consensys.net/blog/rewards-and-penalties-on-ethereum-20-phase-0 | |||||||||||||||||||||||||||
37 | Double Spending Attack | Blockchain Network Level | ||||||||||||||||||||||||||||
38 | Download of Data Without Integrity Check | Multiple | CWE-494 / SIngle perspective | |||||||||||||||||||||||||||
39 | Dusting attack | Wallet | ||||||||||||||||||||||||||||
40 | Eclipse Attack | Consensus Majority Attack | Blockchain Network Level | https://github.com/cloudsecurityalliance/Glossary/blob/master/glossary/E/Eclipse%20Attack.md | ||||||||||||||||||||||||||
41 | EOS RAM Vulnerability | Blockchain Network Level | https://www.reddit.com/r/eos/comments/9akg1y/eosio_ram_exploit_please_read/ | |||||||||||||||||||||||||||
42 | ERC20 token transfer to self token address (and possibly other tokens) | When sending ERC-20 (and possibly other types) tokens to a contract it is possible to send them to the contract itself resulting in the tokens becoming "stuck". Two defenses to rpevent this are possible 1) add a check to prevent this, which costs gas, 2) Have wallets/other software check for and prevent this, 3) set the token balance of the contract to infinity so an integer overflow occurs if it tries to transfer tokens to itself (please note this may have other unintended consequences) | Smart Contract | https://twitter.com/krzKaczor/status/1367884793988407302 | ||||||||||||||||||||||||||
43 | Ethereum Solidity prior to 0.5.0 view promise not enforced | Ethereum Solidity prior to 0.5.0 did not enforce the view promise | https://circle.cloudsecurityalliance.org/community-home1/digestviewer/viewthread?GroupId=133&MessageKey=2fce11ab-c223-4718-8310-3058e0a2fbb6&CommunityKey=a9786cbe-105a-420f-a353-8bbe10ab684d&tab=digestviewer&ReturnUrl=%2fcommunity-home1%2fdigestviewer%3ftab%3ddigestviewer%26CommunityKey%3da9786cbe-105a-420f-a353-8bbe10ab684d&SuccessMsg=Thank%20you%20for%20submitting%20your%20message. | |||||||||||||||||||||||||||
44 | Evil Maid attack | The evil maid attack is generally accepted as a situation where someone has temporary access to your hardware (e.g. a hotel maid) for several minutes or hours, and does not want to leave evidence of tampering if possible. | Exchange, Wallet | |||||||||||||||||||||||||||
45 | Failure to remove developer or test credentials or addresses from a SmartContract | CWE-798 | https://paidnetwork.medium.com/paid-network-attack-postmortem-march-7-2021-9e4c0fef0e07 | |||||||||||||||||||||||||||
46 | Failure to Update | Failure to update software with known security vulnerabilities can result in known vulnerabilities being present and exploited | Node User | |||||||||||||||||||||||||||
47 | Fixed Consensus Termination | |||||||||||||||||||||||||||||
48 | Flash Loans | Flash Loan Attacks | ||||||||||||||||||||||||||||
49 | Flawed Blockchain Network Design | Blockchain Network Level | ||||||||||||||||||||||||||||
50 | Fork-after-withhold Attack | FAW Attack | Malicious Mining | Consensus Protocols | ||||||||||||||||||||||||||
51 | Freeloading | Oracles | ||||||||||||||||||||||||||||
52 | Front Running | Multiple | ||||||||||||||||||||||||||||
53 | Front Running displacement | Multiple | DLTSEC-0004 | |||||||||||||||||||||||||||
54 | Front Running insertion | Multiple | DLTSEC-0004 | |||||||||||||||||||||||||||
55 | Front Running Mempool | Front running by looking at the contents of the mempool or other public sources of transactions that are being processed but have not yet been finalized. Attackers can potentially "beat" items in the mempool by offering higher payments for their own transactions | Multiple | https://consensys.github.io/smart-contract-best-practices/known_attacks/ https://medium.com/@danrobinson/ethereum-is-a-dark-forest-ecc5f0505dff | ||||||||||||||||||||||||||
56 | Front Running Oracle | Front running by monitoring oracles especially where the oracle data has to be entered on chain to be acted on can create arbitrage oppurtunities | https://medium.com/@galvanek.m/synthetix-the-battlefield-a15a7104587c | |||||||||||||||||||||||||||
57 | Front Running suppression | Multiple | DLTSEC-0004 | |||||||||||||||||||||||||||
58 | Frozen ether | Smart Contract | https://arxiv.org/pdf/1908.04507.pdf | |||||||||||||||||||||||||||
59 | Gas Limit DoS on the Blockchain Network via Block Stuffing | Block Stuffing | Blockchain Network Level | https://consensys.github.io/smart-contract-best-practices/known_attacks/ | ||||||||||||||||||||||||||
60 | Giftcard Balance exploit | A crypto mining system rewards participants using a gift card scheme, e.g. a "hosted wallet" that can only be used to send currency to a specific Exchange once a minimum balance is achieved. | https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1000xxx/GSD-2022-1000002.json | |||||||||||||||||||||||||||
61 | Hard fork software update | Blockchain Network Level | ||||||||||||||||||||||||||||
62 | Hash functions | Using weak hash functions (e.g. MD5) or using them incorrectly (e.g. failure to include a nonce to prevent replay attacks) can result in vulnerabilities | Cryptography | |||||||||||||||||||||||||||
63 | Homomorphic encryption | Cryptography | ||||||||||||||||||||||||||||
64 | Identity and Access Management Overview | Node User | ||||||||||||||||||||||||||||
65 | Immutable Bugs | DLT/Blockchains can include immutable data, protocols, smart contract implementations and so on, thus it is possible that a vulnerability can be found in a component that cannot be updated at all, or reasonably (e.g. it would require a governance decision or change to update) | Multiple | |||||||||||||||||||||||||||
66 | Implementation of something they should use a standard library for | Should we codify some version of "Not invented here" syndrome as a vulnerability class? | Multiple | DLTI-2019-02-26-01 | ||||||||||||||||||||||||||
67 | Indistinguishable chains | If a transaction lacks information it is possible that the wrong chain may be used when sending the transaction in. | Data Layer | |||||||||||||||||||||||||||
68 | Insecure API Connections | Node User | ||||||||||||||||||||||||||||
69 | Insider Threat | Multiple | ||||||||||||||||||||||||||||
70 | Leading ether to arbitrary address | Multiple | ||||||||||||||||||||||||||||
71 | Long-Range Attack | Consensus Protocols | ||||||||||||||||||||||||||||
72 | Lost ether in the transaction | |||||||||||||||||||||||||||||
73 | Majority attack | Oracles | ||||||||||||||||||||||||||||
74 | Malfunctioned MSP | Node User | ||||||||||||||||||||||||||||
75 | Malicious Mining | Consensus Protocols | Consensus Attack | |||||||||||||||||||||||||||
76 | Malicious Web Extensions | A number of malicious web browser extensions have been found that steal crypto currency credentials or conduct crypto mining on the users web browser | Multiple | DLTI-2020-04-14-4 | ||||||||||||||||||||||||||
77 | Membership Service Provider Attacks | Node User | ||||||||||||||||||||||||||||
78 | Mirroring | Oracles | ||||||||||||||||||||||||||||
79 | Multi-Factor Authentication (MFA) | MFA | ||||||||||||||||||||||||||||
80 | Multiple signatures | Cryptography | ||||||||||||||||||||||||||||
81 | Namespace squatting on internal packages | Software is built using private packages hosted internally, however if the system fails internally it may attempt to pull the package from the public repositories which might be attacker controlled | https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 | |||||||||||||||||||||||||||
82 | Network Routing Attacks | Network routing attacks allow attackers to partition the blockchain network (for example via DNS or BGP based attacks) or otherwise manipulate nodes in order to aid in other attacks | Consensus Majority Attack | Multiple | https://github.com/cloudsecurityalliance/Glossary/blob/master/glossary/N/Network%20Routing%20Attacks.md | |||||||||||||||||||||||||
83 | Non-existent accounts | In some blockchains it is possible to create accounts/wallets that are not present on the blockchain which can result in problems | ||||||||||||||||||||||||||||
84 | Nothing at Stake | Some consensus protocol require staking of assets in order to participate in decision making (consensus or governance), if an attacker can stake nothing or nothing of value they can participate in decision making (consensus or governance) and influence it when theys hould not be able to. | Consensus Protocols | |||||||||||||||||||||||||||
85 | Offchain wallet hosting exploit | A "crypto wallet" is hosted off chain on an internal ledger, transactions cannot be made outside of this off chain hosted solution (e.g. with a single exchange). | https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1000xxx/GSD-2022-1000002.json | |||||||||||||||||||||||||||
86 | On-chain data confidentiality | Oracles | ||||||||||||||||||||||||||||
87 | Orphan Blocks | Multiple | ||||||||||||||||||||||||||||
88 | Parity Multisig Wallet Attack | Access to "initWallet" method was not properly restricted in the Parity multisig wallet software | Wallet | DLTI-2017-11-06-1 | ||||||||||||||||||||||||||
89 | Permissioned Blockchain MSP DoS | Blockchain Network Level | ||||||||||||||||||||||||||||
90 | Phishing Attack | Exchange, Wallet | ||||||||||||||||||||||||||||
91 | Pool Hopping | https://bitcoin.stackexchange.com/questions/5072/what-is-pool-hopping | ||||||||||||||||||||||||||||
92 | Private Key Leakage Attack | Node User | ||||||||||||||||||||||||||||
93 | Public peer selection | Blockchain Network Level | ||||||||||||||||||||||||||||
94 | Replay Attack | Blockchain Network Level | ||||||||||||||||||||||||||||
95 | Requirement of keeping real world PII data associated with crypto wallet addresses | Some regulatory frameworks require real world PII data such as name and address to be kept associated with crypto wallet addresses, this allows current net worth and future net worth to be determined, as well as associating data that can be used to execute real world attacks (e.g. kidnapping) with actual assets that are highly liquid and easy to transfer. | Exchange, Wallet | |||||||||||||||||||||||||||
96 | Ring signatures | Cryptography | ||||||||||||||||||||||||||||
97 | RPC Call vulnerability | Node User | ||||||||||||||||||||||||||||
98 | Selfish Mining Attack (Block Withholding Attack) | Malicious Mining | Consensus Protocols | |||||||||||||||||||||||||||
99 | SIM Swap | Through a number of means (stolen credentials, social engineering, phishing, etc.) an attacker can hijack a phone number (the "SIM") and redirect calls/texts to a device under their control, if SMS or phone based 2FA/MFA is used this would allow the attacker to use it. | Multiple | |||||||||||||||||||||||||||
100 | Single Perspective Validation | Single Perspective Validation | Multiple | https://docs.google.com/document/d/1ntVHuprosF15UdDU7EOjm6Kfq2NXB-IATuhFP0a7NZY/edit |