Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities
It provides a reference for security testers and developers to avoid common pitfalls in blockchain security reviews, though it is incremental as it systematizes known vulnerabilities.
This paper addresses the lack of literature on implementation-level security bugs in basic Proof-of-Work blockchain node implementations, enumerating ten broad bug type categories with examples to fill this gap.
A good amount of effort has been dedicated to surveying and systematizing Ethereum smart contract security bug classes. There is, however, a gap in literature when it comes to surveying implementation-level security bugs that commonly occur in basic PoW blockchain node implementations, discovered during the first decade of Bitcoin's existence. This paper attempts to fill this void. In particular, if software which participates in a network by validating and generating new blocks is developed from scratch, WCGW - What Could Go Wrong? Ten broad bug type categories are listed and for each category, known examples are linked. Blockchain, as designed by the Satoshi's paper is exciting and introduces several novel bug classes which are interesting to security researchers. The paper is aimed at security testers aiming to start out in blockchain security reviews and blockchain developers as a reference on common pitfalls.