Skip to content

Adversarial Cheatsheet

Expect things to break on Kusama. To help you break some things, take a look at the following threat model.

Hacker wants to … Security promise that should prevent the hack Hacking Incentive Hacking Damage Hacking value details
Double spend tokens via getting the clients to accept a different chain Integrity (System-wide) High High If attackers are able to double spend tokens, they are able to get services without paying for them. This gives them a high monetary incentive to execute the attack.
Cause system to mint tokens to his own account Integrity (System-wide)  Medium Low - Medium If an attacker is able to craft transactions that mint tokens to their account, then this provides a high monetary incentive to execute this attack.
Validate malicious blocks to double spend tokens Availability (System-wide)  High Medium If an attacker is able to double spend tokens, they are able to get services without paying for them. This gives them a high monetary incentive to execute the attack.
Undermine consensus mechanism to split chain Integrity (System-wide) High High "If an attacker is able to double spend tokens, they are able to get services without paying for them. This gives them a high monetary incentive to execute the attack. Betting on decrease in value of the cryptocurrency or competitors want to damage the reputation, so that the value of their blockchain increases.
Tamper/manipulate blockchain history to invalidate transactions (e.g. a voting result) Integrity (System-wide) Medium Medium - High Attacker can rollback undesired transactions by intentionally invalidating the block where transaction has happened. Attacker can force a governance decision (or even an on-chain update) which favors them.
Undermine blockchain or consensus mechanism to damage the ecosystem's reputation Availability (System-wide) High High Betting on decrease in value of the cryptocurrency or competitors want to damage the reputation, so that the value of their blockchain increases
Censorship Availability (System-wide) Medium High Hackers are able to block undesirable types of transactions (e.g. industry competitor transactions or referendum votes). This could be achieved by colluding with other stakeholders or by otherwise obtaining more voting power.
Deanonymize users Confidentiality (Node) Medium Medium Parties that want to de-anonymize users can use the information to oppress the opposition (e.g. political activists).
Steal token from node Integrity (Node) High High Attackers that are able to steal tokens from nodes can claim assets for themselves, which gives them a high monetary incentive to execute the attack.
Steal token from node by leaking credentials Confidentiality (Node) High High Attackers that are able to steal tokens from nodes can claim assets for themselves, which gives them a high monetary incentive to execute the attack.
Prevent node from accessing the Polkadot network Availability (Node) Low Low - Medium Run a targeted denial-of-service attack out of revenge, monetary interests (in case of a competing coin exchange, etc.).
Defraud other participants Integrity (Node) Medium Low - Medium Attacker can abuse other participants’ misunderstanding of Polkadot's security guarantees to defraud them. Also, if the reward for calling out bad behavior can be set up so that it is higher than the according punishment, a set of self-handled nodes can be set up to generate a source cycle. Other participants are not needed for this attack.
Defraud other participants Integrity (System-wide) High High An attacker could abuse bugs in Polkadot's economic system to defraud other participants. For example, an attacker could exploit a logic bug to not pay transaction fees.