🤖 AI Summary
As blockchain has evolved into a programmable platform, its attack surface has expanded beyond infrastructure to encompass economic logic and cross-domain composability vulnerabilities, necessitating a systematic security analysis framework. This work proposes the first unified taxonomy that integrates a four-layer architecture—network, cryptography, consensus, and application—with cross-domain trust boundaries. Through a comprehensive literature review, it synthesizes multidisciplinary technical approaches to elucidate the root causes of localized security assumption failures in protocol composition, particularly within DeFi and cross-chain ecosystems. The study clarifies the trajectory of research over the past decade and identifies critical directions and emerging needs for security research in the Web3 era.
📝 Abstract
Blockchains have evolved from simple distributed ledgers into programmable platforms that process complex application logic and carry significant financial value. All modern Web3 systems share a common goal: providing secure, decentralized, and trustworthy execution in an increasingly interconnected environment. However, this evolution has shifted the attack surface from isolated infrastructure disruptions to programmable economic abuse and cross-domain exploits. In this article, we focus on the research of blockchain attacks and defenses. In particular, we categorize the threat landscape and corresponding mitigation strategies according to both a four-tier layered architecture (network, cryptographic, consensus, and application) and cross-domain trust boundaries. We seek to answer these important questions: How has the research in blockchain security evolved over the past decade, especially with the rise of decentralized finance (DeFi) and cross-chain interoperability? How do local security assumptions fail when protocols are composed, and what are the driving needs for Web3 security research in the future?