Is Stellar As Secure As You Think?

Stellar is one of the top ten cryptocurrencies in terms of market capitalization. It adopts a variant of Byzantine fault tolerance (BFT), named federated Byzantine agreement (FBA), which generalizes the traditional BFT algorithm to make it more suitable for open-membership blockchains. To this end, FBA introduces a quorum slice concept, which consists of a set of nodes. In FBA, a node can complete one consensus round when it receives specific messages from nodes in a quorum slice appointed by the node. In this study, we analyze FBA, whose security is highly dependent on the structure of quorum slices, and demonstrate that it is not superior to the traditional BFT algorithm in terms of safety and liveness. Then, to analyze the security of the Stellar consensus protocol (SCP), which is a construction for FBA, we investigate the current quorum slices in Stellar. We analyze the structure of quorum slices and measure the influence of each node quantitatively using two metrics, PageRank (PR) and the newly proposed NodeRank (NR). The results show that the Stellar system is significantly centralized. Thereafter, to determine how the centralized structure can have a negative impact on the Stellar system, we study the cascading failure caused by deleting only a few nodes (i.e., validators) in Stellar. We show that all of the nodes in Stellar cannot run SCP if only two nodes fail. To make matters worse, these two nodes are run and controlled by a single organization, the Stellar foundation.