Security Analysis on dBFT Protocol of NEO.

NEO is ranked as one of the top blockchains by market capitalization. We provide a security analysis on its backbone consensus protocol, called delegated Byzantine Fault Tolerance (dBFT). The dBFT protocol has been employed by NEO and other blockchains like ONT. dBFT claims to guarantee safety when no more than Open image in new window nodes are Byzantine, where n is the total number of consensus participants. However, we identify attacks to break the safety with no more than f Byzantine nodes. This paper provides the following contributions. First, we evaluate NEO’s source code and present the procedures of dBFT. Then, we present two attacks to break the safety of dBFT protocol with no more than f nodes. Therefore, the system cannot guarantee the claimed safety. We also provide recommendations on how to fix the system against the identified attacks.