Verder naar navigatie Doorgaan naar hoofdinhoud Ga naar de voettekst

Whitepaper – Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities

26 maart 2020

door Jennifer Fernick

By Aleksandar Kircanski and Terence Tarvis

A good amount of effort has been dedicated to surveying and systematizing Ethereum smart contract security bug classes. There is, however, a gap in literature when it comes to surveying implementation-level security bugs that commonly occur in basic PoW blockchain node implementations, discovered during the first decade of Bitcoin’s existence. This paper attempts to fill this void. In particular, if software which participates in a network by validating and generating new blocks is developed from scratch, WCGW – What Could Go Wrong?

Ten broad bug type categories are listed and for each category, known examples are linked. Blockchain, as designed by the Satoshi’s paper is exciting and introduces several novel bug classes which are interesting to security researchers. The paper is aimed at security testers aiming to start out in blockchain security reviews and blockchain developers as a reference on common pitfalls.

This whitepaper may be downloaded below.


Editor’s Note: This paper is also available on arxiv at the link below
https://arxiv.org/pdf/2104.06540.pdf

Jennifer Fernick

Jennifer Fernick

Jennifer Fernick is the Global Head of Research at NCC Group. She can be found on Twitter at @enjenneer.