A Survey on Consensus Protocols and Attacks on Blockchain Technology

: In the current era, blockchain has approximately 30 consensus algorithms. This architec-turally distributed database stores data in an encrypted form with multiple checks, including elliptical curve cryptography (ECC) and Merkle hash tree. Additionally, many researchers aim to implement a public key infrastructure (PKI) cryptography mechanism to boost the security of blockchain-based data management. However, the issue is that many of these are required for advanced cryptographic protocols. For all consensus protocols, security features are required to be discussed because these consensus algorithms have recently been attacked by address resolution protocols (ARP), distributed denial of service attacks (DDoS), and sharding attacks in a permission-less blockchain. The existence of a byzantine adversary is perilous, and is involved in these ongoing attacks. Considering the above issues, we conducted an informative survey based on the consensus protocol attack on blockchain through the latest published article from IEEE, Springer, Elsevier, ACM, Willy, Hindawi, and other publishers. We incorporate various methods involved in blockchain. Our main intention is to gain clarity from earlier published articles to elaborate numerous key methods in terms of a survey article.


Introduction
Santoshi Nakamoto introduced the initial blockchain in his published whitepaper "Bitcoin: A Peer-to-Peer Electronic Cash System" in 2008 [1].In this, he described the cryptocurrency's technical specifications and motivations and also suggested how Bitcoin provides a strong case for the invention of a new payment system.He also explored how transactions work, how individuals are rewarded for their efforts [1], the use of a network, and also outlines how privacy is key to Bitcoin in the same way it is for the banking industry.
Decentralization is the most important feature of blockchain technology, which means that the storage of data is distributed and stored on a number of blocks in the network.This type of distributed system provides more robustness to blockchain technology.In this distributed system, if some nodes have faults, they do not affect the other nodes.This is one of the best features of this technology and it is very useful for cyber-physical systems and other systems.

•
Contract privacy • Auditability and transparency

•
Transactional privacy

•
Accountability and non-repudiation • However, many of these need advanced cryptographic protocols.
The main intention of this survey is to provide a brief study on existing consensus protocols and the attacks on blockchain technology that occurred until 2022.To achieve this, we have surveyed recently published referenced articles from various sources, such as IEEE, Scopus, Hindawi, Elsevier, Springer, ACM, and others sources.We have used some keywords to identify referenced publications, such as "Blockchain consensus Protocols," "Security issues of Blockchain Technology," "Attacks on Blockchain," and "Privacy issues of Blockchain Technology."By using these queries, we identified many existing reference articles and conducted our survey.We have represented the attacks on blockchain and consensus protocols in tabular format in  and at the end, we have discussed some recent surveys of blockchains in Table 5.
Table 1.Comparison of the consensus algorithms with respect to generic parameters.

Author, Year Category of Blockchain Privacy and Security Issues Discussion
Yourong Chen et al. [45] 2022 Attack of consensus excitation The consensus stimulation attack includes an attacker generating additional proceeds by tampering with the block consensus outcome on the blockchain.In the consensus excitation attack, the mining pool employs block withholding, selfish mining attacks, and pool hopping.
Sherin Hijazi et al. [46] 2019 The middle protocol attack 1.This attack alludes to the behavior of attackers who launch hackers against smart contracts and node communication.Middle protocol attacks use network communication attack methods, such as Sybil, eclipse, and DDoS.One of the smart contract attack methods is re-entrance.

2.
An attacker's behavior in an application scenario is designed to compromise user privacy.Identity theft and transaction information attacks are examples of application service attacks that violate privacy.Among the defense, methods are the mixed coin protocol, ring signature., and zero-knowledge proof.
Table 3. Attacks on the blockchain with description.

Authors Year Attack Description
Firdous Kausar et al. 2022, [47] Core-oriented This sort of assault targets the architecture, components, and protocols of the blockchain.It spreads to the lower levels, including the machines that run them and the industry network protocols that those machines use to connect with one another.

Transaction malleability
The signature secures the transaction, but nothing secures the signature.The purpose of a hacker could be to sabotage the transaction by modifying the signature in an arbitrary way, rendering it invalid.As a result, the transaction is canceled.

Liveness attack
These attacks operate in three stages: delay, prep, and deny, and can cause a delay in the target transaction's acknowledgment.
During the preparation process, the attacker seeks to gain an advantage over honest players in order to establish an isolated blockchain.If the attacker thinks the delay is not long enough, they move on to the blockchain render step, where they try to slow down the chain transaction's growth rate.

Spatial partitioning and BGP hijacking
The full nodes' ledger views and the simplified payment verification nodes' ledger views are derived from the nodes.
The entire nodes are widely dispersed over the globe.By owning one or more independent systems that perform traffic routing, ISPs control the flow of traffic on the web.A hostile AS that hosts the majority of full nodes can intercept communication from a target AS.

Stress testing
DDoS stress testing is a service that evaluates a company's readiness for several DDoS attack scenarios and flood magnitudes.Controlled tests are performed on your IT infrastructure at a predetermined period and with real-time online assistance.

Memory pool flooding
This is a one-of-a-kind DDoS attack.Miners usually prioritise communications in the memory pool grounded on the mining payment.To put it another way, the highest-mining-fee transactions are chosen and mined first.

Block withholding
Malicious nodes commit this act by purposefully masking, forging, or withholding critical information that must be relayed across the network.

Finney
In this attack, the miner can generate a block containing a transaction from address A to address B, where both addresses belong to them.Then, using the same currencies, you will make another payment from address A to address C. (which belongs to another user).If the user accepts the transaction without receiving network confirmation, the attacker can release the block containing their initial transaction.This renders the merchant's transaction invalid, allowing the attacker to double spend.

51% attack
This is a situation in which a single entity or organisation controls 50% or more of the hashing rate computation power.In such a case, the mining will always be won by the attacker.

Consensus delay
This form of attack aims to inject latency into the network, resulting in block rejection, and preventing peers from achieving consensus on any other sabotage reasons or status of the blockchain, and this could be accomplished in a number of ways.They could inject erroneous blocks, such as blocks with double-spending transactions.

Client-oriented attack
This section looks into attacks on blockchain client programs, such as those that run on user or miner machines.

Wallet thief
If malware is installed on a computer, it may be possible to steal a user's private keys or conduct transactions as their representative unless those keys are protected and encrypted.

Double spending
The term "double spending" refers to the same transaction twice or more.

DNS attack
When a node first connects to a network, it consults a DNS server to see which nobles are currently available.A hacker could poison the DNS server at the resolver or introduce an erroneous list of speeder nodes before that time.As a result, the node will believe it is connected to the genuine Bitcoin network when, in fact, it is connected to the attackers.

DDoS attack
DDoS attacks are a type of DoS attack.A DDoS attack entails a network of connected online devices, known as a botnet, that are used to flood a target website with bogus traffic.DDoS attacks, unlike other types of cyberattacks, do not attempt to breach your security perimeter.A DDoS attack, on the other hand, seeks to make your website and servers unavailable to legitimate users.

Yuval Marcus et al. 2018 [50] Eclipse
When an eclipse attack is carried out, the attacker attempts to redirect the target user's outbound and inbound connections away from genuine nearby nodes and toward attacker-controlled nodes, effectively isolating the target from the rest of the network.

Jayashree Sengupta et al. 2020 [51] Sybil
The eclipse attack hides the true ledger state from a single node, whereas the Sybil attacks the entire network.With a number of alienated nodes, the attacker will overwhelm the network.Alternatively, they can slag to get relay blocks, essentially barring other network users, or they can allow a 51 percent or double-spending assault to take place.
X. Fu, H. Wang et al. 2021 [52] Time-jacking Nodes on the crypto coin preserve an inner counter that indicates network time.The node gains the network time by entreating it from neighbouring nodes during the bootstrapping phase, calculates and stores the median, and so on.The system time will be used if the median is greater than 70 min.An eclipse attack, for example, would be used in an attack to allow neighbouring nodes to supply false timestamps.Sarah Bouraga 2021 [53] Selfish mining Selfish mining is a shady cryptocurrency mining approach in which a single miner or a group solves a hash, creates a new block, and keeps it off the public blockchain.This step generates a fork, which is then mined to gain an advantage over the public blockchain.The group's blockchain can introduce its newest block to the network if it gets ahead of the honest blockchain.As the network is set up to recognize the most recent block, the fork by the group would erase the original blockchain.By modifying the blockchain, miners might effectively steal money from other users.
Eyal 2018 [54] Fork after withholding The following is how the FAW attack is carried out.Infiltration mining occurs when a miner enters a selected pool while remaining a miner in their preferred pool.If they mine a block using FPoW at their preferred pool, they immediately submit it and earn legitimate profit as pool manager.The paper is arranged as follows.Section 2 describes blockchain, how it works, and its structure.Section 3 describes the types of blockchains.Section 4 describes the literature on consensus protocols.Section 5 includes the classification of attacks on blockchain.Section 6 discusses the DDoS attacks and ARP spoofing attacks.Section 7 describes other recent important attacks.Section 8 includes some of the preventive measures from past works and research.

Overview of Blockchain
A blockchain is a "distributed database that maintains a growing list of ordered records called blocks."These blocks are "linked using cryptography.Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data [74].As a decentralized, public digital ledger used to record transactions, records cannot be retroactively changed without changing the consensus of all subsequent blocks and networks."An example of blockchain is shown in Figure 1.A block only has one parent block if the block header contains a preceding block hash.It is important to note that the hashes of uncle blocks, or the children of a block's forebears, would also be kept in the Ethereum blockchain.The first block of the blockchain is called the genesis block which has no parent block [33].The following section details the internals of the blockchain.
Rani Poonam et al. [72], 2022 Consensus algorithms which are based on PoW (proof of work) scalability maintenance cost, pros, cons, and block generation time, transaction cost, energy consumptions, etc.
Jain Arpit, et al. [73],2021 General consensus protocols Conducted a comprehensive survey of consensus algorithms on the basis of their transaction, performance, and architecture.

Overview of Blockchain
A blockchain is a "distributed database that maintains a growing list of ordered records called blocks."These blocks are "linked using cryptography.Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data [74].As a decentralized, public digital ledger used to record transactions, records cannot be retroactively changed without changing the consensus of all subsequent blocks and networks."An example of blockchain is shown in Figure 1.A block only has one parent block if the block header contains a preceding block hash.It is important to note that the hashes of uncle blocks, or the children of a block's forebears, would also be kept in the Ethereum blockchain.The first block of the blockchain is called the genesis block which has no parent block [33].The following section details the internals of the blockchain.

Blocks in the Blockchain
A block contains a block header and the block body as shown in Figure 2. In particular, the block header has:

•
Block version: decides which set of block validation guidelines should be used.

•
Merkle tree root hash: the sum of the hashes for each transaction in the block.

•
Time stamp: since 1 January 1970, the current time is expressed in seconds in universal time.• nBits: optimum block hashing threshold.• Nonce: a four-byte field that typically starts at zero and gets bigger with each hash computation.

•
Parent block hash: a 256-bit hash that directs the user to the prior block.

•
Transaction counter: a transaction counter and transactions make up the block body.
A block can contain a maximum number of transactions depending on the block size and the size of each transaction.
Blockchain validates the authenticity of transactions via an asymmetric cryptography algorithm.Asymmetric cryptography-based digital signatures are utilized in an unreliable setting.The illustration of a digital signature is as follows: Digital Signature Digitally signed transactions are sent across the network.A typical digital signature has two phases: a signing phase and a verification phase.For example, user Alice wants to send a message to another user, Bob.(1) At the signing stage, Alice encrypts the data with her private key and sends the encrypted result and the original data to Bob. (2) During the verification phase, Bob verifies the value with Alice's public key.This way Bob could easily see if the data had been tampered with or not.A typical digital signature algorithm used in the blockchain is the elliptic curve digital signature algorithm (ECDSA).
Appl.Sci.2023, 13, x FOR PEER REVIEW 8 of 21 • Parent block hash: a 256-bit hash that directs the user to the prior block.

•
Transaction counter: a transaction counter and transactions make up the block body.
A block can contain a maximum number of transactions depending on the block size and the size of each transaction.
Blockchain validates the authenticity of transactions via an asymmetric cryptography algorithm.Asymmetric cryptography-based digital signatures are utilized in an unreliable setting.The illustration of a digital signature is as follows:

Types of Blockchain
To meet the needs of various applications, blockchains are often divided into public blockchains, private blockchains, and consortium blockchains based on the rules governing which nodes can access, verify, and authenticate the transactions initiated by other nodes [74].There are three types of blockchains: 1. Permissionless or Public Blockchains: A blockchain network that is public or permissionless allows for unrestricted participation by anyone.On a public blockchain that is managed by laws or consensus algorithms, the majority of cryptocurrencies operate.2. Permissioned or Private Blockchains: Organizations can restrict who has access to blockchain data using a private, or permission, blockchain.Specific sets of data can only be accessed by users who have been given permission.An example of a permissioned blockchain is the Oracle blockchain platform.3. Federated or Consortium Blockchains: A blockchain network where a predetermined group of nodes or a predetermined number of stakeholders tightly regulate the consensus process (mining process).

Consensus Protocols
A consensus algorithm is a procedure that allows each peer of a blockchain network to establish a common agreement on the state of a distributed ledger.In other words, a consensus algorithm is a protocol that allows all nodes in a blockchain network to reach a common consensus regarding the current state of data in the ledger and trust unknown peers in the network.In past surveys, we saw that many of them had undertaken

Types of Blockchain
To meet the needs of various applications, blockchains are often divided into public blockchains, private blockchains, and consortium blockchains based on the rules governing which nodes can access, verify, and authenticate the transactions initiated by other nodes [74].There are three types of blockchains: 1.
Permissionless or Public Blockchains: A blockchain network that is public or permissionless allows for unrestricted participation by anyone.On a public blockchain that is managed by laws or consensus algorithms, the majority of cryptocurrencies operate.

2.
Permissioned or Private Blockchains: Organizations can restrict who has access to blockchain data using a private, or permission, blockchain.Specific sets of data can only be accessed by users who have been given permission.An example of a permissioned blockchain is the Oracle blockchain platform.

3.
Federated or Consortium Blockchains: A blockchain network where a predetermined group of nodes or a predetermined number of stakeholders tightly regulate the consensus process (mining process).

Consensus Protocols
A consensus algorithm is a procedure that allows each peer of a blockchain network to establish a common agreement on the state of a distributed ledger.In other words, a consensus algorithm is a protocol that allows all nodes in a blockchain network to reach a common consensus regarding the current state of data in the ledger and trust unknown peers in the network.In past surveys, we saw that many of them had undertaken comparatively limited numbers of consensus protocols, such as proof of work, proof of stack, and proof of activity, etc. [21,27,29,[33][34][35][36].However, at present, we have approximately 30 consensus protocols, and these protocols have their own security features which must be discussed for further enhancement of security.In this paper, we survey 30 consensus protocols from various sources and we discuss the elliptic curve digital signature algorithm (ECDSA), because it is used in most blockchain-based systems.
Abdul Wahab and Waqas Mehmood [70] surveyed several popular consensus protocols.Every consensus protocol has trade-offs between security, scalability, efficiency, and performance.Each of these protocols has benefits and drawbacks, and they all serve different purposes and offer domain-specific solutions.Above all, they all serve a common purpose in a distributed ledger, which is to prevent double-spending.The PoW payment system pioneered a decentralized payment system that prioritized security and data integrity over scalability and computational cost.Instead of hashing, it was proposed that the useless work of PoW be replaced with useful work, such as solving a scientific problem.This is still a conceptual blockchain design that may or may not be implemented.Although POS effectively solved the problem of ineffective mining, the design introduced risks of Appl.Sci.2023, 13, 2604 9 of 21 centralization.Many researchers were drawn to it because of its efficiency and secure implementation, and a few PoW-based implementations, such as Ethereum, have also migrated to POS.The current trend is toward a hybrid approach, in which implementation is based on two or more consensus protocols, such as Decreed, which employs both PoW and POS.
In [71], the authors provide a detailed review of blockchain consensus which has gained popularity.They produced an instantaneous review of traditional fault tolerance consensus research, a five-component framework, performance analyses, protocol abstractions, methodology, and conversation on protocol design for blockchain consensus protocol.They investigated the fault tolerance, performance, and vulnerabilities of various protocols, as well as their applications.
In [72], the authors initiated a consensus algorithm operational model that allows them to describe blockchain and directed acyclic graph-based consensus algorithms.Furthermore, emanating from the proposed process model, they reclassified and compared the prevailing mainstream blockchain consensus algorithms, and presented the estimation context of consensus algorithms.They also discussed the safety principles for improving the most frequent attacks, for example, eclipse attacks, denial of service (DoS) attacks, and double spending, and analyzed the blockchain in dissimilar situations from the point of view of security.To verify performance and security, researchers are increasingly favoring the incorporation of trusted execution environments into blockchains.Blockchain performance can be enhanced at a low source cost if a weakly centralized trusted execution environment assistant is allowed.
Shijie Zhang et al. [75] have conducted thorough studies on the consensus protocols of blockchain.They introduced some common blockchain consensus protocols and analyzed and compared their strength, shortcomings, and application scenarios.They came to the conclusion that when creating a good consensus protocol, it is important to think about not only fault tolerance, but also how to make the best use of it in the right application scenario.
Ashok Kumar Yadav and Karan Singh [76] surveyed the fundamentals of blockchain technology, analysis, and important consensus algorithms and application areas.The following research will cover various enactment platforms, such as Ethereum and Hyperledger.
Qianwen WANG et al. [77] summarized the popular blockchain consensus algorithm.The internal application, advantages, and disadvantages of the DPOS, POW, POS, and BPFT are explained by outlining their varied requirements and conditions.Current research is focused on the POW-POS hybrid consensus mechanism.It is also an innovative way of leveraging smart contracts to make consensus rules more transparent.The consensus algorithm's deployment in practice is also an examination of the algorithm.The novel attack approach may be useful in identifying the flaws in the current consensus algorithm.They can employ alternative underlying consensus methods for different throughput requirements, business scenarios, and security assumptions to better support top-level applications.To better support the highest applications for different business scenarios, quantity requirements, and security expectations, they employ different underlying consensus algorithms.
The authors of [78] surveyed the hardware implementation of the PoW consensus.The Ethereum blockchain employs this type of consensus.They were able to prove that to successfully implement this consensus on low-resource platforms, an on-chain system that successfully receives and transfers data can be combined with an off-chain system that performs the consensus and sends the result to the on-chain node.Despite its complexity, this system achieves a five-fold increase in execution time over a pure software system while using the least amount of energy.
Daniel Mago Vistro et al. [79] proposed a classification of all consensus protocols and their variants in our paper.The scoring and selection criteria based on the publisher have also been provided by them.A comparable analysis table was created with the most commonly used consensus protocols, and finally, all previous and existing protocols were described with their advantages and disadvantages, invention year, and implantation year.
Each protocol has a use that can be used to find the appropriate tilt.According to their analysis table, the PoW is difficult to implement because of its high computing power cost.There have been numerous different consensus methods and variants discovered, so instead of putting our efforts in danger by utilizing PoW, we can use different protocols to complete our tasks.
The authors of [80] presented a classification of the necessary qualities of a consensus algorithm and used this classification to thoroughly analyse every algorithm.In addition to these consensuses, algorithms are categorized into two main categories: non-incentivized algorithms and incentivized consensus algorithms.In the non-incentivized algorithm, participants are presumed to be trustworthy.As a result, no incentives are required to ensure desired behavior, whereas an the incentivized consensus algorithm, only used by public blockchain systems and cryptocurrencies, relies on incentives to motivate participants to behave as planned.These algorithms are typically found in private blockchain environments.They have classified incentive-based algorithms into three categories: PoS, consensus algorithms, and PoW.
In [81], the authors reviewed the consensus categories, mechanisms, and their influence in a distributed environment.Consensus mechanisms for distributed systems in general, and blockchain in particular, were discussed.They compared a number of expected consensus algorithms in terms of parameters that have a substantial impact on the consensus algorithm.The specification chosen for evaluation addresses both performance and security concerns, along with each of the parameters that have been identified.Aside from these, a number of other factors must be taken into account.Network topology, transaction rate, consistency of consensus solutions, concurrency check, and round complexity are all factors to consider (if there were several rounds or phases in the consensus algorithm).These parameters can be utilized to undertake a more complete comparison in preparation for future research.The comparative perspective offered in this work has emphasized the parameters that need to be evaluated and analyzed for several contemporary algorithms.To fill in the gaps in the comparison, a full qualitative and quantitative comparison can be performed.To accurately evaluate the strengths and limits of consensus algorithms in regard to large data needs, experiments in a cluster setting are required.
In [82], the authors examined consensus algorithms, their classification, implementation, and utility in the blockchain network.They have compared the different discussed consensus algorithms on a variety of parameters, as well as how each consensus algorithm's implementation differed from the others.They have outlined the numerous research obstacles confronted in this blockchain subdomain, in addition to the benefits.

Classification of Attacks on Blockchain
In this section, we discuss classifications of attacks from various past works and papers.Firstly, a description of an attack is required.An attack is an information security threat that attempts to obtain, modify, destroy, delete, embed, or disclose information without authorized access or permission.It happens both to individuals and to organizations [83][84][85].There are many types of attacks: passive, active, targeted, clickjacking, brandjacking, botnets, phishing, spam, internal, and external.
In [45], Yourong Chen et al. discuss an overview of blockchain by explaining the evolution of blockchain from 1.0 to 3.0, including its characteristics and block structure.In this section, they explain the characteristics of blockchain, its block structure, as well as workflow of it.In short, they discuss the complete structure and security features of the blockchain.The authors of this paper also summarize the defense method and mining attack of the mining pool and also explain the attack and defense methods of privacy thefts.
In [47], Firdous Kausar et al. discuss the classification of attacks on blockchain.They reviewed the attached discussed in the following section.

DDoS Attacks and ARP Spoofing Attacks
Rajasekhar Chaganti et al. [81] reviewed a thorough examination of blockchain-based solutions for DDoS attack detection and mitigation, taking into account various network environments such as SDN, IoT, cloud, and traditional networks.The solutions are classified based on their location, which includes network-based, near-victim, and hybrid solutions.They discovered that the majority of existing solutions concentrated on storing malicious IP addresses in blockchain transactions implemented with smart contracts and distributing the IP addresses across ASs (autonomous systems) at the network level.
In [82], the authors surveyed and analyzed a few consensus protocols.Despite their differences in strengths and weaknesses, each of these protocols serve distinct purposes and domain-specific solutions.Above all, they serve as a common solution to one of the main issues with distributed ledgers, namely double-spending.The current method leans toward a hybrid approach, with execution based on two or more consensus protocols.The consensus protocol, which is the foundation of a blockchain, is available in a variety of implementations to meet the needs of different use cases.Researchers have been attempting to establish an efficient, scalable, and assured consensus protocol that may generate outstanding results and aid in the expansion of the economy and infrastructure since the introduction of the consensus protocol, PoW.
In [84], it is mentioned that the address resolution protocol is easily spoofable and subject to poisoning attacks due to its lack of security mechanisms.An ARP intoxication attack takes advantage of obtaining access to and using complex data on the network in the same way that a legitimate user would.In this study, they looked into the theory of ARP spoofing attacks as well as several existing techniques for defending against them.According to the findings, both identifying and determent systems should be used in the network for optimal security measures, with care paid to minimize their impact.They suggested and demonstrated a new method for identifying and deterring ARP poisoning, impersonation, and spoofing attacks.
In [85], Ahmed M. Abdel Salam et al. suggested a scalable solution that automatically configures static ARP entries to prevent address resolution protocol spoofing attacks.The suggested method is a client-server that automatically configures static ARP entries to prevent address resolution protocol spoofing.Both static and dynamic host configuration protocol networks can use the protocol.Their suggested protocol comprises two individual algorithms for the client-server to avoid the address resolution protocol spoofing attack.To avoid the threat of a rogue server, the client algorithm adds a static record for the server to the client address resolution protocol cache.It also automatically acquires the user's IP and MAC addresses, making it difficult for the user to submit fraudulent data to the server.To ensure that incoming register messages from clients are coming from a reliable host, the server algorithm evaluates the hash code.To send the hash code users are given only three chances.If the server flops to send the hash, the user will be blocked.
In [86], the authors describe the many types and categories of ARP protocol vulnerabilities.They also create and develop an application for ARP spoofing and MITM attacks.Then they created and built a basic distributed defense system that operates on the devices of end users to defend them from attacks.As demonstrated by deploying and executing the last protocol on the user system, the process aids in protecting the user from such threats.This is a summary of the suggested defense system.The following scenario assumes that a targeted system defense program is running and is being attacked: At first, it is suspected that the router has been abandoned.

2.
When the defense program is launched in the targeted machine, an ARP appeal package is received by a router, which will provide the correct MAC/IP mapping in response.

3.
The application keeps track of the mapping.The router's MAC address is then monitored on a regular basis by issuing an address resolution protocol request packet and comparing the responses to the previously cached ones. 4.
An attacker launches a man-in-the-middle attack (MITM) by delivering poisoned address resolution protocol answers to both the targeted system and the router.

5.
The router refurbishes its address resolution protocol table based on the poisoned replies.6.
The program informs the attack, removes the infected entry from the address resolution protocol table, sends a salve packet to a router with the correct MAC/IP, and reveals the attacker's MAC and IP addresses.7.
Both the defense and attack processes will continue to try to change the router's ARP table, resulting in a race condition.8.
At last, the targeted system can report the attack incident using the exposed information.
The authors discuss ARP spoofing attacks and provide a thorough examination of existing solutions in both traditional and software-defined networking (SDN) environments.By leveraging SDN capabilities, a light, reliable, fast, and effective mechanism for preventing ARP spoofing has been proposed that does not require any additional hardware or software.A module that examines every address resolution protocol packet in the network for possible faked packets and blocks them has been added to the SDN controller in this effort.Using SDN features, this article offered an efficient solution for combating address resolution protocol requests and response-based spoofing attacks in an SDN context.Infrastructure changes, changes to the address resolution protocol, and changes to the OpenFlow protocol are not required by the proposed approach.There are no requirements to install any further software or hardware in the network.A dependable IP-MAC is required for the suggested technique to work.The main table is located on the controller and interacts with the DHCP server.

Other Important Attacks
In [87], Yizhong Liu et al. divided sharding blockchains into a number of components, each of which is examined for its underlying concepts, existing techniques, and potential issues.Designing a new sharding blockchain system might be reduced to putting together a number of distinct components on this basis.As a result, each component could be improved independently based on the most recent research, and the improved component could be integrated into a whole sharding blockchain system without compromising the security of other parts or the entire system.The potential problems and future research directions proposed in this paper are worthy of consideration for each component.
In [88], the authors present a knowledge systematization for blockchain sharding.They identified key components and difficulties in sharding.The ability to place participating nodes uniformly into shards is dependent on publicly verifiable randomness.A consensus protocol is required within each shard to reach an agreement on the blocks.Existing solutions are dominated by BFT-based protocols.The protocol must ensure atomic properties for cross-shard transactions.Finally, at the end of an epoch, a reconfiguration process is required.They examined several well-known blockchain sharding protocols before debating potential research directions.
In [89], Jinwen Xi et al. outlined sharding knowledge, and emphasized the need for sharding in systematized and scalable blockchain design, which includes cross-shard transaction atomicity, intra-shard consensus protocol, and general enhancements.They also presented precise computations and unique insights based on multidimensional analysis of the features and constraints of the investigated sharding processes, as well as a comprehensive comparison and evaluation.
In [90], the authors present several consensus protocols for comparing the qualities of blockchain technology in terms of computation, vulnerabilities, and other factors.They provide a complete view of public and private blockchains and also present a taxonomy of all consensus protocols.Finally, the analysis of those protocols yields a comparison table.
In [91], Saewar Sayeed et al. conducted intensive reviews on the latest and future contests in blockchain and have reviewed five major attacks, demonstrating that current protection techniques are insufficient, leaving this technology vulnerable to attackers.One of the innovative consensus methods is proof of adjourn (PoAj), which can overcome attacks such as one endorsement attacks, 51 percent occurrence, transaction confirmation latency, zero confirmation assaults, and miner bribery.
In [92], the authors investigate the blockchain's attack surface and assign attacks to the blockchain's cryptographic constructions, the causal communication construction, and the environment in which they are utilized.They draw attention to important dangers and ongoing defense research.They believe that, despite current and established defenses, numerous attacks on blockchains can still be launched, with some of those assaults being exploited to aid the launch of others.They suggest new research avenues that must be followed in order to make blockchains more secure and effective by defining these assaults and reviewing their responses.
In [65], A. Begum et al. highlighted a study on blockchain and blockchain attacks and their solutions, as previously described.They investigated the affected and conducted areas, as well as the double-spending attack.They provided a solution after demonstrating the limitations of the double-spending attack.They create a pattern of real-world blockchain attacks which will be beneficial to new researchers in this field.On the other hand, if we can raise funds and implement a proposed model in the real world, we may be able to protect our bitcoins from a double-spending attack.

Prevention Measures for Attacks
In [93], the authors reviewed the blockchain concept and relevant issues, as well as a thorough examination of probable security assaults and existing results that can be used as countermeasures.In this article, they also reviewed many ways to improve blockchain security by summarizing key aspects that may be used to create security tools and blockchain systems that address security problems.Finally, the study covers outstanding concerns and future research paths in blockchain IoT systems.Using real-world examples, the authors of this review paper thoroughly examined many assaults on blockchains as well as blockchain security issues.Furthermore, while delving into these concerns in a variety of ways, this article examined the numerous security issues, weaknesses, and assaults that hamper the further adoption of blockchain technology.They also covered a variety of other blockchain applications and benefits, as well as significant business potential.Finally, they summarized existing security solutions for diverse situations as well as research challenges that have yet to be tackled.Shikah J. Alsunaidi and Fahd A. Alhaidari [94] conducted a comprehensive study on blockchain technology, focusing on popular consensus algorithms in order to determine their features and the factors that affect security and performance.Furthermore, they awarded the consensus algorithm a categorization.They addressed in depth the consensus algorithm that was researched, as well as an analysis of the main elements affecting these algorithms, and they have referred to certain recommendations that must be considered and can help the growth of this area.
In [95], the authors propose a novel architecture that detects and prevents malevolent activities of collaboration inside the blockchain node.They demonstrated how the smart contract conducts identification and authentication of rogue nodes by setting up a blockchain network in the lab separately for proof of concept.They assessed the performance on the following classifications of attacks: (a) Attempts to bring the blockchain down (b) Attempts to put invalid data into the database (c) Attempts to hijack unauthorized data They also measure the time it takes to identify an attack to assess the architecture's performance.According to the data, the proposed architecture offers a good likelihood of identifying and isolating insider harmful behavior [63].
In [96], according to this study, blockchain is a popular technology for dealing with transactions that require high levels of security.This technology provides and complies with the secure operation and handling and crucial security considerations are required.There are several flaws that potentially lead to some of the attacks that have been found.
Even though blockchain is cohesive with existing security technologies, appropriate technology must be invented to overcome these risks and attacks.To summarize, consensus mechanisms, private key security obtained through public-key encryption schemes, illegal activity caused by cryptocurrency applications, double spending obtained through transaction authentication procedures and transaction privacy effluence obtained through a transaction design stream, and sinner smart contracts caused by smart contract applications may all pose significant risks to blockchain 1.0 and 2.0.Other dangers to blockchain 2.0 include smart contract vulnerabilities caused by a program design problem, under-optimized smart contracts caused by a program writing flaw, and under-priced processes caused by an EVM design flaw.We can simply argue that they are all linked because most attacks provide room for subsequent attacks.
In [97], Teng Hu et al. propose a blockchain-based tracking solution for insider threats.To begin, this research creates an insider network model from a unique viewpoint that intercepts insider attackers from escaping and its forensics.They then look at why locating attackers and gathering authentication during an insider threat is so difficult.The blockchain traceability system's data, transaction and block structures, consensus, data storage, and query algorithms are created, with differential privacy used to protect user privacy.
In [98], the authors discuss the Ethereum blockchain's security threats, attack scenarios, and mitigation strategies.At various levels of Ethereum, including the application layer, smart contract layer, and network layer, thirteen security attacks were explored.Based on their attack principles, the paper presented the corresponding preserved approaches.Improving the overall quality of Ethereum smart contracts can help to prevent attacks.Finally, they also presented tests to see how effective these protection systems are.

ECDSA [Elliptic Curve Digital Signature Algorithm]
We are aware of the current widespread use of ECDSA in blockchain-based systems and cryptocurrencies [30].Data integrity is guaranteed using the ECDSA method to avoid data manipulation.Scott Vanstone put forth this algorithm in 1992.In any network, the data integrity of the message is crucial because an attacker can alter the information as it is transmitted from source to destination.For the secure transmission of data, many blockchain-based systems used the ECDSA.The ECDSA is now used by several cryptocurrencies and blockchain-based platforms [29].However, the ECDSA has a problem; the elliptic curve (EC) backdoors are utilized.In this section, we address the ECDSA, which is currently used in blockchain-based systems and cryptocurrency.We have preiosuly described how the ECDSA works in blockchain security.
The EC works as follows: Let GF (f), be a prime field.Then let s, t GF (f) be constants, such that 4s3 + 27t2 = 0.An EC E(s, t), over GF(f) is considered as the set of points (x, y) ∈ GF (f) * GF (f) which fulfil the (1)'s requirement: Here, S and T are constants and O is the point at infinity.In the elliptic curve discrete logarithm problem (ECDLP) it is well known that: If G is a group, then we use the ECDLP to get the integer a, for group elements S and T in such a way that T = aS.
Current markets require algorithms that are faster in computation, and the ECDSA [29] is one of them.
We know that the ECDSA has three steps: 1. Generation of key 2.
Generation of signature 3.
Verification of signature.
In the generation of key or parameter step, the required chosen EC is well-defined over a finite field Fc with the characteristic c, and with a base point G Ec(s, t) with an order of n.
Then we select a random integer h so that 1 ≤ h ≤ n − 1.
Then it computes T = hG.
Here, the public key pair is (T, h).
In the signature generation step for signing a message m, the signer follows the steps: Step 1 is selecting an integer k in such a way that 1≤ k ≤ n − 1.
Step 3 is computing r = x1 mod n, and in the case of r = 0, then we have to select new k.
Step 4 is calculating k−1 mod n and e = h(m).
Step 5 is computing s = p−1(e + kr), if s = 0 then it should go back to step 1.So (r, s) is the generated signature for the message m.
In the verification of signature step for verifying the signature (r, s) of message m, verifier V follows these steps: Step 1 is V checks whether r, s [1, n − 1].
Step 2 is to compute e = h(m) and s − 1.
Step 3 involves the computation of u = es − 1 mod n and v = rs − 1 mod n.
The signature is valid in one case, that is t = r.Proof of verification process is as below in (2): Therefore, uG + vT = kG and so t = r, which is requisite.

Discussion
Blockchain technology is the most popular technology adopted by many industries, and many sectors are working on implementing this technology [96,99].This technology has many benefits that are very useful in data security and decentralization.Some core benefits are as follows:

•
Real-time transaction settlement In [100], Nasrollahi, M. et al. discussed how studying social networks can affect many aspects of life and also help many businesses in some cases.Given the relevance of the two concerns of social networks and R&D, their study investigates the relationship between social networks, technology relationships, and information security efficiency with the performance of research and development projects at the MAPNA development company.For this case study, they distributed a questionnaire of 19 questions to 196 employees of the company, and after receiving the results they found that social networks have a positive impact on research and development performance and information technology.
In [101], Mortazavi Ravari et al. discussed this idea in a research and technology organization by investigating it from two perspectives: "the notion of effectiveness in research projects" and "the concept of effectiveness in RTOs" (RIPI).At the Research Institute of Petroleum Industry, eight technology development projects are being studied in order to evaluate and implement the recommended framework.The effectiveness of eight technology development projects was evaluated using ARAS, COPRAS, MOORA, and TOPSIS multi-criteria decision-making approaches based on the specified indicators and their weights.
This paper discussed the consensus protocols and attacks on blockchain technology.The consensus protocols and attacks on blockchain technology are presented in detail in this study [52,102].The ECDSA (elliptic curve digital signature algorithm) is used in many blockchain-based architectures for security consideration, but still many threads are attacking blockchain-based architectures.As a result, we have discussed the consensus protocols and classifications of attacks for research purposes.In the near future, many sectors will use this technology for better security and privacy, so our focus is to enhance the security and efficiency of blockchain [103][104][105][106].This paper will guide other researchers to identify the privacy and security gaps in blockchain technology.
In Table 5 we have mentioned some existing surveys and their outcomes.In previous surveys, we found that most of them used popular consensus protocols and attacks, but now there are many consensus protocols proposed and they have to be reviewed for further enhancement of blockchain technology [107,108].Three are also many attacks happing in blockchain technology that need to be reviewed.In this survey article we tried to provide researchers with detailed information regarding all 30 consensus protocols.By analyzing this paper, they can implement new ideas to enhance the security features of blockchain.As this technology is not limited to cryptocurrency, many other sectors such as education, healthcare, government, etc., are adopting this for securing their records.
Due to the distinctive characteristics of blockchain, it may be applied in a variety of fields, such as IoT networks, healthcare, data storage, inventory monitoring, and finance [77].The main problem is figuring out how to tailor blockchain technology to specific application requirements.As each application has unique requirements, a new or customized blockchain solution is required.
In this paper we addressed the following research questions: RQ 1: How many consensus protocols exist in 2022?Various types of consensus algorithms have been devised over time for varying applications.In Table 1, we can see consensus protocols that have been proposed as of 2022 and each consensus protocol has its own pros and cons.For consensus protocols, we surveyed many resources, and as mentioned, we used the keywords "Consensus Protocols of Blockchain" and identified all the above protocols.Table 5 contains recent surveys, but they have one common limitation: they surveyed only popular blockchain consensus protocols such as PoW, PoS, delegated PoS, etc., but as we know that as of 2022, there are approximately 30 consensus protocols.For further enhancement of blockchain technology, they all needed to be reviewed.

RQ 2: What were the various attacks on blockchain technology as of 2022?
Blockchain may appear to be the ultimate security infallible technology, with immutability, distributed consensus, established trust, distributed identity, and eternal verifiable claims [109].However, new-age security assaults are emerging that are more sophisticated and can inflict massive irreparable damage.It is critical for everyone building and deploying blockchain systems to understand these threat vectors.In Table 2, we can see the privacy and security issues in blockchain technology, and in Table 3 we have mentioned attacks on blockchain as of 2022.In Table 3, attacks on blockchain and their targeted areas are listed.To identify these attacks, we surveyed many resources, including Elsevier, IEEE, Hindawi, ACM, and other sources.

Conclusions
A distributed ledger is a disruptive technology that has revolutionized business processes with its application and adaptability.Behind every great distributed ledger implementation, there is a consensus protocol that powers it.In this paper, we surveyed consensus protocols and attacks on blockchain technology for research purposes.No consensus protocol is perfect, and there are always certain trade-offs related to performance, security, and scalability efficiency.Each of these protocols provides domain-specific solutions and serves different purposes in spite of having their strengths and weaknesses.Presently, the trend is shifting towards a hybrid approach; that is, implementation will be based on two or more consensus protocols.There are many attacks happening on blockchain, including DDoS, ARP, sharding, etc., and to address security concerns these are consensus protocols that must be reviewed.For further enhancement of blockchain security and privacy, this paper will guide researchers.However, recently discussed security attacks must be aimed at improving the security and efficiency of blockchain technology so that blockchain-based architectures can become more secure and more efficient architectures in the near future.

Figure 1 .
Figure 1.Architecture of Blockchain.Blocks in the BlockchainA block contains a block header and the block body as shown in Figure2.In particular, the block header has:•Block version: decides which set of block validation guidelines should be used.•Merkletree root hash: the sum of the hashes for each transaction in the block.• Time stamp: since 1 January 1970, the current time is expressed in seconds in universal time.• nBits: optimum block hashing threshold.•Nonce:a four-byte field that typically starts at zero and gets bigger with each hash computation.

Figure 2 .
Figure 2. Structure of blockchain. Digital Signature Digitally signed transactions are sent across the network.A typical digital signature has two phases: a signing phase and a verification phase.For example, user Alice wants to send a message to another user, Bob.(1) At the signing stage, Alice encrypts the data with her private key and sends the encrypted result and the original data to Bob. (2) During the verification phase, Bob verifies the value with Alice's public key.This way Bob could easily see if the data had been tampered with or not.A typical digital signature algorithm used in the blockchain is the elliptic curve digital signature algorithm (ECDSA).

Table 4 .
Attacks and their targeted areas and effect.

Table 5 .
Previous surveys and their outcome.