What are the known attack / censorship vectors here, if any?

The Imua system consists of the smart contracts in L1 chains and the Imua protocol itself. The potential attack / censorship vectors are:

  • Attack on L1 chains:

    • DOS or censorship

      • Effect: users won’t be able to restake or withdraw tokens.

      • Mitigation: chain selection needs to be done based on selective criteria.

    • Smart contract exploit

      • Effect: users won’t be able to restake or withdraw tokens or users could be exposed to potential theft of tokens.

      • Mitigation: smart contracts implemented on each L1 chain have minimally complex business logic, which allows for simpler code, a smaller attack surface, and more reliable security audits.

  • Attack on the Imua chain:

    • DOS or censorship

      • Effect: normal operations such as reward distribution or slashing could be delayed.

      • Mitigation: Imua network will consist of a decentralized validator set as well as a proper block proposer rotation and censorship detection mechanism. Through these, such an attack will be greatly mitigated and the delay of operations will be kept at an acceptable level (minutes at most).

    • PoS attack by controlling majority vote

      • 33% vote collusion.

        • Effect: The Imua chain will halt and it will have similar effect as a DOS attack with a different duration.

        • Mitigation: Imua itself will have protocol-level slashing mechanism to prevent malicious behavior like this.

      • 66% vote collusion

        • Effect: Imua chain will be able to send a malicious transaction to client chains.

        • Mitigation: Imua doesn’t have permission to transfer user’s asset to other addresses so attackers won’t be able to benefit financially from such an attack. With a properly implemented and designed PoS consensus mechanism such an attack can be mitigated. Worst case scenario, if such an attack does happen, as with all other blockchains, social consensus of the Imua community can slash the attacker and recover assets with a honest network.

Last updated