By Aleksandar Kircanski and Terence Tarvis
A good amount of effort has been dedicated to surveying and systematizing Ethereum smart contract security bug classes. There is, however, a gap in literature when it comes to surveying implementation-level security bugs that commonly occur in basic PoW blockchain node implementations, discovered during the first decade of Bitcoin’s existence. This paper attempts to fill this void. In particular, if software which participates in a network by validating and generating new blocks is developed from scratch, WCGW – What Could Go Wrong?
Ten broad bug type categories are listed and for each category, known examples are linked. Blockchain, as designed by the Satoshi’s paper is exciting and introduces several novel bug classes which are interesting to security researchers. The paper is aimed at security testers aiming to start out in blockchain security reviews and blockchain developers as a reference on common pitfalls.
This whitepaper may be downloaded below.