Whitepaper – Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities

By Aleksandar Kircanski and Terence Tarvis A good amount of effort has been dedicated to surveying and systematizing Ethereum smart contract security bug classes. There is, however, a gap in literature when it comes to surveying implementation-level security bugs that commonly occur in basic PoW blockchain node implementations, discovered during the first decade of Bitcoin’s … Continue reading Whitepaper – Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities

Smart Contracts Inside SGX Enclaves: Common Security Bug Patterns

Running smart contracts in a Trusted Execution Environment (TEE) such as Intel Software Guard Extensions (SGX) to preserve the confidentiality of blockchain transactions is a novel and not widely understood technique. In this blog post, we point out several bug classes that we observed in confidential smart contract designs and implementations in our recent client … Continue reading Smart Contracts Inside SGX Enclaves: Common Security Bug Patterns

Reviewing Verifiable Random Functions

While Verifiable Random Functions (VRFs) were first described just over twenty years ago [1], they have recently seen a strong resurgence in popularity due to their usefulness in blockchain applications [2]. This blog post will introduce VRFs in the context of other well-known cryptographic primitives, describe three example use cases, and then highlight over two … Continue reading Reviewing Verifiable Random Functions

Passive Decryption of Ethereum Peer-to-Peer Traffic

Ethereum, a popular cryptocurrency, utilizes a P2P flood network overlay protocol in order to propagate new transactions and state around the network. As has been shown in previous works[^1][^2], observing the propagation of transactions through the peer-to-peer network layer is often enough to deanonymize users of cryptocurrency networks....