As part of our Coordinated Vulnerability Disclosure Policy, we operate a bug bounty. See the policy for more details on submissions and rewards.
Here is a list of examples of the kinds of bugs we're most interested in:
- Conceptual flaws
- Ambiguities, inconsistencies, or incorrect statements
- Mis-match between specification and implementation of any component
Assuming less than 1/3 of the voting power is Byzantine (malicious):
- Validation of blockchain data structures, including blocks, block parts, votes, and so on
- Execution of blocks
- Validator set changes
- Proposer round robin
- Two nodes committing conflicting blocks for the same height (safety failure)
- A correct node signing conflicting votes
- A node halting (liveness failure)
- Syncing new and old nodes
- Authenticated encryption (MITM, information leakage)
- Eclipse attacks
- Sybil attacks
- Long-range attacks
- Denial-of-Service
- Write-access to anything besides sending transactions
- Denial-of-Service
- Leakage of secrets
Attacks may come through the P2P network or the RPC:
- Amplification attacks
- Resource abuse
- syncs and race conditions
- Panics and unhandled errors
- Serialization (Amino)
- Reading/Writing files and databases
- Logging and monitoring
- Elliptic curves for validator signatures
- Hash algorithms and Merkle trees for block validation
- Authenticated encryption for P2P connections
- Validation of blockchain data structures
- Correctly validating an incorrect proof
- Incorrectly validating a correct proof
- Syncing validator set changes