A taxonomy of endpoint vulnerabilities and affected blockchain architecture layers

Abstract

AbstractBlockchain technology has gained significant attention and adoption due to its decentralized nature, and promising secure and immutable transactions. The interpretation of Blockchain's components has been presented in an innovative manner, illustrating the features they enable or manage. However, its networks do not appear so immune to vulnerabilities like any other technological system. Among the typical weaknesses, endpoint vulnerabilities refer to weaknesses in the endpoints that interact with the blockchain network. They pose a significant risk to the security and integrity of the entire system. These vulnerabilities can affect blockchain networks including smart contract vulnerabilities, wallet vulnerabilities, and communication vulnerabilities. In view of the absence of any viable taxonomic description and associated value, we attempted a novel comprehensive classification of endpoint vulnerabilities. The proposed taxonomy is designed to logically categorize and classify the various endpoint vulnerabilities through a pictorial representation. It encompasses wallet vulnerabilities, malware, cryptojacking and human negligence. Additionally, this paper proposes a novel approach to mapping endpoint vulnerabilities to the blockchain abstract layer. It gives a unique way to study the vulnerabilities and layers' relation. Finally, the corresponding violated principles behind the vulnerabilities have been identified and indicated. By providing a structured taxonomy of endpoint vulnerabilities, this paper aims to enhance the understanding of the security challenges associated with blockchain applications. By understanding and addressing the taxonomy of endpoint vulnerabilities, blockchain practitioners and researchers can enhance blockchain networks' overall security and trustworthiness, paving the way for broader adoption and utilization of this transformative technology. It may have implications in terms of identifying, linking, developing control, and finally mitigating endpoint vulnerabilities in the rapidly changing environment.