Blockchain Security Basics: Common Threat Models

A majority attack where a single entity gains control of over 50% of a blockchain's hashrate (Proof of Work) or stake (Proof of Stake). This allows them to:

• Double-spend coins by reorganizing the chain.
• Censor transactions by excluding them from blocks.
• Halt block production for other miners/validators. The cost to execute this attack varies by chain; for Bitcoin, it is estimated to cost billions in hardware and energy, making it economically prohibitive.

A smart contract vulnerability where an external contract makes a recursive call back to the original function before its state is updated. This can drain funds, as seen in the 2016 DAO hack ($60M). Key patterns:

• Single-function reentrancy: Calls the same function repeatedly.
• Cross-function reentrancy: Exploits two functions that share state. Mitigation involves using the Checks-Effects-Interactions pattern or reentrancy guards from OpenZeppelin.

Attacks that exploit the trust in external data feeds (oracles) that supply off-chain information to smart contracts. By providing incorrect price data, an attacker can trigger unintended contract logic. Real-world examples include the 2022 Mango Markets exploit ($114M), where manipulated oracle prices were used to drain a lending protocol. Decentralized oracle networks like Chainlink aim to mitigate this through aggregated, multi-source data.

The practice of exploiting the public visibility of pending transactions in the mempool. A malicious actor sees a profitable transaction (e.g., a large DEX trade) and submits their own transaction with a higher gas fee to execute first. This is prevalent in DeFi for arbitrage and sandwich attacks. Solutions include using commit-reveal schemes, submarine sends, or leveraging private transaction relays like Flashbots to reduce mempool exposure.

Attacks on decentralized autonomous organizations (DAOs) or protocols where governance is controlled by token votes. An attacker can:

• Acquire enough tokens (51% attack on governance) to pass malicious proposals.
• Use vote delegation flaws or low voter turnout to pass proposals with minority stake.
• Execute proposal fatigue to slip malicious code into legitimate updates. The 2022 Beanstalk Farms hack ($182M) was a flash loan-enabled governance attack.

Risks arising from the economic incentives and penalties (slashing) in consensus mechanisms, particularly Proof of Stake. These include:

• Long-range attacks: Rewriting history from an earlier point in the chain.
• Nothing-at-stake problem: Validators voting on multiple forks without cost (mitigated by slashing).
• Stake grinding: Manipulating leader election in a PoS chain. Understanding a chain's specific finality gadget (e.g., Casper FFG, Tendermint) is key to assessing these risks.

A majority attack where a single entity gains control of more than 50% of the network's mining hash power (Proof of Work) or staked tokens (Proof of Stake). This allows them to:

• Double-spend coins by reorganizing the chain.
• Censor transactions by excluding them from blocks.
• Halt block production to disrupt the network.

On Ethereum, this requires controlling >32 ETH (the minimum for a validator) and a majority of the total stake, making it economically prohibitive but theoretically possible.

An attack targeting Proof of Stake networks where an adversary attempts to rewrite history from a point far in the past. The attacker creates an alternative chain starting from an early block, using old validator keys that may have been compromised or are no longer staking.

Modern PoS chains like Ethereum use weak subjectivity and checkpointing to defend against this. Full nodes must sync from a recent, trusted 'weak subjectivity checkpoint' provided by the community or clients.

A theoretical problem in early Proof of Stake designs where validators have no cost to validate on multiple competing chains during a fork. They are incentivized to vote on every fork to guarantee a reward, which prevents the network from converging on a single canonical chain.

This is mitigated by slashing conditions that punish validators for equivocation (signing conflicting blocks). Ethereum's Casper FFG imposes slashing penalties equal to the validator's entire stake for this offense.

An attack where a malicious block proposer manipulates the process of selecting the next block proposer or committee. By trying different nonce values or manipulating other minor inputs, they can 'grind' through possibilities to increase their chances of being selected again.

This undermines the randomness and fairness of leader election. Protocols use Verifiable Random Functions (VRFs) or RANDAO (as in Ethereum) combined with substantial entropy to make this attack computationally infeasible.

A liveness attack in Proof of Stake where an adversary with a minority stake (e.g., 30%) targets specific honest validators. By consistently voting against the honest majority's chain, the attacker causes the targeted validators to receive smaller rewards or even get penalized over time, gradually 'bleeding' their stake.

This can reduce the honest majority's stake below the 2/3 supermajority threshold required for finality, potentially stalling the chain. Defenses include anti-correlation penalties and careful incentive tuning.

Attacks that disrupt consensus by partitioning or delaying peer-to-peer communication, not by compromising cryptographic protocols. Common vectors include:

• Eclipse Attacks: Isolating a node from the honest network by controlling all its peer connections.
• BGP Hijacking: Redirecting network traffic at the internet service provider level.
• Transaction/Block Withholding: A proposer delays broadcasting their block to manipulate MEV or cause forks.

These highlight the reliance of decentralized consensus on underlying network assumptions.

An attacker isolates a target node by monopolizing all its incoming and outgoing connections with malicious peers. This prevents the victim from seeing the real network state, enabling double-spend attempts or censorship.

• Isolation Vector: An attacker with sufficient IP addresses can fill a node's peer table (e.g., 8-10 slots in Bitcoin).
• Consequence: The victim may accept fraudulent blocks or transactions from the attacker's controlled chain.
• Mitigation: Implement diverse peer selection, use outbound-only connections, and leverage network-level protections like Tor v3 or Dandelion++ for transaction propagation.

A network-level attack where an Autonomous System (AS) maliciously reroutes Internet traffic to intercept or manipulate blockchain peer-to-peer communications.

• Scale: Targets the Internet's Border Gateway Protocol (BGP), affecting traffic at the ISP level.
• Historical Incident: In April 2018, a BGP hijack redirected traffic for Amazon's DNS, which included MyEtherWallet, to a phishing site, stealing over $150,000 in ETH.
• Blockchain Impact: Could partition the network, censor specific nodes, or facilitate eclipse attacks on a large scale. Solutions involve monitoring BGPStream data and using encrypted transport (TLS).

An attacker exploits a contract's state update order to repeatedly withdraw funds before balances are updated. The 2016 DAO hack, which resulted in a $60M loss, is the most famous example.

Key vulnerability: Making external calls before updating internal state. Prevention: Use the Checks-Effects-Interactions pattern or employ reentrancy guards like OpenZeppelin's ReentrancyGuard.

Failure to properly restrict sensitive functions allows unauthorized users to perform privileged actions.

Common examples:

• Missing or incorrect onlyOwner modifiers.
• Publicly exposed initialization functions.
• The 2021 Poly Network exploit ($611M) stemmed from an access control vulnerability in a contract upgrade function. Prevention: Implement robust role-based access control (RBAC) and use established libraries.

Smart contracts relying on external data feeds (oracles) can be attacked if the price or data input is manipulated.

Attack vector: An attacker creates a flash loan to drain a lending protocol by artificially moving the price on a DEX that serves as the oracle. Impact: Protocols like Cream Finance and Harvest Finance have lost tens of millions to such attacks. Prevention: Use decentralized oracle networks (e.g., Chainlink) with multiple data sources and heartbeat checks.

In Solidity versions prior to 0.8.0, arithmetic operations could wrap around, turning a large balance into zero or a small one into a massive amount.

Example: A balance of 0 decremented by 1 becomes 2^256 - 1 (underflow). Modern context: While SafeMath libraries and Solidity 0.8.x's built-in checks mitigate this, similar logic errors in custom math remain a risk. Prevention: Use Solidity >=0.8.0 or rigorously audit any custom arithmetic operations.

Miners/validators or bots can observe pending transactions in the mempool and insert their own transactions to profit, at the expense of the original user.

Types:

• Sandwich attacks: Placing orders before and after a victim's DEX trade.
• Arbitrage: Extracting value from price differences across DEXs. Impact: Users get worse prices; it's a fundamental design challenge of public blockchains. Mitigation: Use commit-reveal schemes, private transaction pools (e.g., Flashbots), or fair sequencing services.

Even without a classic vulnerability, flawed business logic can be exploited. This includes incorrect fee calculations, improper incentive structures, or faulty game theory.

Real-world case: The 2022 Fei Protocol exploit, where a flaw in a bonding curve mechanic allowed an attacker to mint excessive tokens. Challenge: These bugs are not caught by standard vulnerability scanners. Prevention: Requires extensive manual review, formal verification, and economic modeling ("cryptoeconomic security").

A majority attack where a single entity gains control of over 50% of a blockchain's hash rate or staked tokens. This allows them to:

• Double-spend coins by reorganizing the chain.
• Censor transactions by excluding them from blocks.
• Halt block production to disrupt the network. While extremely costly on major chains like Bitcoin or Ethereum, it remains a credible threat for smaller Proof-of-Work and Proof-of-Stake networks with lower security budgets.

The profit validators or searchers can extract by reordering, including, or censoring transactions within a block. Common forms include:

• Front-running: Placing a transaction ahead of a known profitable trade.
• Back-running: Executing a transaction immediately after a large trade to capture price movement.
• Sandwich attacks: Placing orders both before and after a victim's trade. MEV is a fundamental design challenge, with over $1.5B extracted from Ethereum users since 2020. Solutions include fair ordering protocols and private transaction pools.

A Proof-of-Stake specific attack where an adversary creates an alternative chain history starting from a point far in the past. They use old validator keys (which may have been cheap to acquire) to rewrite history. Defenses against this include:

• Weak subjectivity checkpoints that clients trust.
• Slashing for validators that sign conflicting blocks.
• Vitalik Buterin's proposal of recursive ZK-SNARKs to compactly prove canonical chain history.

Filling blocks with worthless transactions to deny service and increase fees for legitimate users. This is a Denial-of-Wallet attack. Examples:

• The 2016 Ethereum Shanghai DDoS attacked clients with cheap operations.
• NFT mint wars where bots spam transactions to win limited mints, driving gas prices over 5,000 gwei. Mitigations include base fee adjustments (EIP-1559), priority fees, and calldata cost increases to make spam economically unviable.

The concentration of staked assets in a few large providers (e.g., Lido, Coinbase) creates systemic risk. If a single pool controls >33% of stake, it could:

• Halt finality by refusing to finalize checkpoints.
• Influence governance votes on-chain.
• Become a target for regulatory action or technical failure. As of 2024, Lido controls approximately 32% of Ethereum's staked ETH, highlighting the need for decentralized staking technology and protocol-level limits.

An attacker with significant hash power mines a secret, heavier chain in private. When a large transaction (e.g., a $100M bridge withdrawal) occurs on the public chain, they reveal their longer chain to reorganize the blockchain and steal the funds. This attack is theorized for chains with slow block times and high-value, infrequent settlements. Defenses include requiring more block confirmations for high-value transactions and using finality gadgets.

OpenZeppelin is a core security provider for Ethereum and EVM-compatible chains, combining audited contract libraries with public research on exploit patterns.

Key materials relevant to common blockchain threat models include:

• Security reviews and postmortems covering reentrancy, access control failures, integer truncation, and upgrade proxy misuse
• The OpenZeppelin Contracts library, which demonstrates hardened implementations of ERC20, ERC721, timelocks, and governance modules
• Write-ups explaining how attack vectors like flash loan manipulation and oracle spoofing bypass naive assumptions

Protocol teams frequently reference OpenZeppelin audits to understand how seemingly correct Solidity code fails under adversarial execution. Reviewing archived audit reports helps developers recognize recurring issues such as missing invariant checks, unsafe delegatecall usage, and misconfigured multisig permissions.

Trail of Bits publishes some of the most detailed public research on blockchain and smart contract security, often focusing on failures at the compiler, EVM, and cryptographic layer.

Relevant research areas include:

• Smart contract threat modeling using adversarial assumptions, economic invariants, and attacker payoffs
• Deep dives into EVM-level vulnerabilities, including gas griefing, storage collisions, and undefined behavior
• Reports on real-world exploits such as bridge hacks, cross-chain message verification failures, and insufficient signature domain separation

Trail of Bits materials are particularly useful for understanding why traditional security models do not directly apply to public blockchains, where contracts are immutable and attackers can run transactions atomically. Many audit firms and protocol security teams use these publications as baseline references during manual review.

Post-incident analysis is one of the most effective ways to learn blockchain threat models. DeFiLlama's REKT database aggregates major DeFi exploits with summaries, timelines, and root causes.

These reports help identify:

• Recurring exploit categories such as price oracle manipulation, incomplete input validation, and unsafe upgrade patterns
• The role of economic attacks, where contracts function as designed but allow value extraction
• Common audit blind spots, including cross-protocol composability risks

Studying real incidents reveals that many losses result from multiple small assumptions failing simultaneously rather than a single obvious bug. Threat models derived from REKT cases emphasize adversaries with capital, automation, and mempool visibility rather than purely technical attackers.