Blockchain projects are very common in this day and age. Individual companies and projects feel their own ledger-based solution is better than all others. A recent report by China CERT shows there is still a lot of work to be done where open–source block chain projects are concerned. In fact, according to this report, Ripple is the least secure solution, as it contains over 200 high-risk bugs.
It was only a matter of time until open source blockchain projects would receive a wake-up call. With so many different projects being developed- and little to show for it – a lot of these blockchains will fail. Moreover, there has always been a question of how secure these solutions can be. As it turns out, these distributed ledgers are not doing too well on the security front.
Ripple Has A Lot Of Work To Do
The report, published by China CERT is quite condemning for a lot of DLT projects. Ripple is given the worst score of all, as their blockchain contains over 220 bugs. This is not good news for the peer-to-peer payment network, especially not now it is being embraced by financial institutions. Considering all of the time raised by Ripple, over 200 security flaws is an unacceptable number.
To put this news into perspective, Ripple has not the most vulnerabilities of all projects. Bitshares takes the crown, with over 1,200 vulnerabilities. However, all of these are low-to-medium risk. Ripple, on the other hand, has 223 of its 230 flaws classified as “high threat”, which is very disconcerting. The report mentions how hackers who successfully exploit the Ripple flaws could cause ‘unimaginable losses” to financial institutions on the network.
UPDATE: Ripple has issued an official response to the report, which can be read here.
All of the vulnerabilities highlighted in the report are divided into different subcategories. Input validation and random number generation seem to be the biggest culprits for all 25 projects. The quality of the code used leaves to be desired, an issue that represents nearly 60% of all medium vulnerabilities. It is evident nearly every open-source blockchain project has cleaning up to do and improvements to be made.
Litecoin and Ethereum are also scrutinised in the report. Ethereum has a fair few high-risk vulnerabilities, as does Litecoin. Dogecoin has a lot of issues, but few of them are severe at this stage. Dash also has its share of problems, but the vast majority has to do with “medium” code issues that need to be improved. It is good to see this study conducted by China CERT, as they are a non-governmental and non-profit cybersecurity technical centre.
Header image courtesy of Shutterstock