A survey on EOSIO systems security: vulnerability, attack, and mitigation

EOSIO, as a representative of blockchain 3.0 platforms, immediately follows in the footsteps of Bitcoin and Ethereum. It has raised the largest ever initial coin offering, and its market capitalization has reached up to $14.3 billion. Innovatively, EOSIO brings adopts lots of new features, like the delegated proof of stake consensus algorithm and updatable smart contracts. Not only these features lead to a prosperity of the decentralized application ecosystem, but they also inevitably introduce loopholes. For example, EOSBet, a famous gambling DApp, was attacked twice within a single month and lost more than $1 million. To the best of our knowledge, little work has surveyed the EOSIO from a security researcher’s perspective. To fill this gap, we firstly abstract the complicated EOSIO ecosystem into components following hierarchical relationships, upon which we delve deeper for root causes of all existing vulnerabilities. We also systematically study possible attacks and mitigations against these vulnerabilities, and summarize several best practices for developers, EOSIO official, and security researchers to shed light on future directions.