A good amount of effort has been dedicated to surveying and systematizing Ethereum smart contract security bug classes. There is, however, a gap in literature when it comes to surveying implementation-level security bugs that commonly occur in basic PoW blockchain node implementations, discovered during the first decade of Bitcoin's existence. This paper attempts to fill this void. In particular, if software which participates in a network by validating and generating new blocks is developed from scratch, WCGW - What Could Go Wrong? Ten broad bug type categories are listed and for each category, known examples are linked. Blockchain, as designed by the Satoshi's paper is exciting and introduces several novel bug classes which are interesting to security researchers. The paper is aimed at security testers aiming to start out in blockchain security reviews and blockchain developers as a reference on common pitfalls.
翻译:在调查和系统化Eceenum智能合同安全漏洞类别方面已经投入了大量努力,然而,在调查在Bitcoin存在的头十年中发现的基本PoW区链节执行中经常出现的实施层面安全漏洞方面,文献中存在一个空白。本文试图填补这一空白。特别是,如果通过验证和生成新区块参与网络的软件是从零开始开发的,WCGW - WAW - WAW -WAW -WAW WAW -WAW WAW -WAW WAW:WAW WAW:WWAW:WAW:WAW:WAW:W:WAW:WAW:WAW:WAW:WAW:WAW:WAW:WAW:W:WAW:W:WAW:W:WAW:W:W:W:W:WAW:W:W:WAW:W:W:W:W:W:W:W:W:WAD:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:WAD:WA:W:W:W:W:W:W:W:W:WA:W:W:W:WAD:WAD:W:W:W:N:N:W:W:WAD:WAD:WA:W:W:WA:W:WA:W:W:W:W:W:W:W:N:WAD:WA:WA:W:W:W:N:N:N)的软件的软件的软件的软件,N:WA:WA:WAD:W:W:N)的软件的软件的软件的软件的软件,N:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:W:
相关内容
微信扫码咨询专知VIP会员