ICP minimum attack vector

What is the minimum attack vector required for a successful Internet Computer Protocol attack and has there been any modeling exercise to simulate and identify potential vulnerabilities in the ICP network?

1 Like

I’m sure it depends on what you’re trying to achieve. Destruction? Denial?

Honestly, I think the “easiest” or minimum attack vector would come through a social engineering attack.

Currently, more than 99% of NNS voting power auto-follows the DFINITY neuron for all proposals that mutate/upgrade the network (i.e. code change proposals).

The DFINITY neuron is controlled by 11-12 individuals at DFINITY (from my understanding).

I would imagine that it would be incredibly burdensome time wise for every one of those 11 or 12 people to verify every single code change proposal/wasm that is sent out, and so there is probably only one or two of the neurons that verify the wasm, and then communicate via a slack channel the “A ok” for everyone else to vote.

This system would be easily compromised in a few ways.

  1. Bribe the DFINITY employee or employees that have the responsibility of verifying the replica to say that it checks out.
  2. Compromise the slack accounts of the employees responsible for verifying wasms and falsely communicate that the wasm is legitimate and ready to be voted on.
  3. Compromise the slack account of the CEO or CTO of DFINITY and send out a message requesting the other neurons to vote immediately on a (false) hotfix issue.
  4. Blackmail the CEO or CTO of DFINITY to compromise themselves and perform the actions listed in step 3.

This is another reason why having the community take part in verification of non-governance proposals and actively voting on them is an incredibly important step towards the decentralization, improved security, and overall success of the IC.

If you want to get involved, I recommended taking part in the Voting Challenge Proposal brought forth by @wpb. Right now there’s even an ICP reward for doing so!


Another attack vector might be a zero-day in the Linux image deployed to all nodes (since it’s the same across all nodes). If you could take over two thirds of a subnet via such an attack, you might be able to hijack said subnet.

But seeing as how Google and Amazon and all other cloud providers that (for the most part) also use a single OS image across all of their fleet have rarely (if ever) been the target of such an attack spanning multiple data centers at once, this seems like a hard attack to pull off in practice.

I’m not a security engineer, so I’m just throwing out ideas.

1 Like