|
@ -0,0 +1,71 @@ |
|
|
|
|
|
# Security |
|
|
|
|
|
|
|
|
|
|
|
As part of our [Coordinated Vulnerability Disclosure |
|
|
|
|
|
Policy](https://tendermint.com/security), we operate a bug bounty. |
|
|
|
|
|
See the policy for more details on submissions and rewards. |
|
|
|
|
|
|
|
|
|
|
|
Here is a list of examples of the kinds of bugs we're most interested in: |
|
|
|
|
|
|
|
|
|
|
|
## Specification |
|
|
|
|
|
|
|
|
|
|
|
- Conceptual flaws |
|
|
|
|
|
- Ambiguities, inconsistencies, or incorrect statements |
|
|
|
|
|
- Mis-match between specification and implementation of any component |
|
|
|
|
|
|
|
|
|
|
|
## Consensus |
|
|
|
|
|
|
|
|
|
|
|
Assuming less than 1/3 of the voting power is Byzantine (malicious): |
|
|
|
|
|
|
|
|
|
|
|
- Validation of blockchain data structures, including blocks, block parts, |
|
|
|
|
|
votes, and so on |
|
|
|
|
|
- Execution of blocks |
|
|
|
|
|
- Validator set changes |
|
|
|
|
|
- Proposer round robin |
|
|
|
|
|
- Two nodes committing conflicting blocks for the same height (safety failure) |
|
|
|
|
|
- A correct node signing conflicting votes |
|
|
|
|
|
- A node halting (liveness failure) |
|
|
|
|
|
- Syncing new and old nodes |
|
|
|
|
|
|
|
|
|
|
|
## Networking |
|
|
|
|
|
|
|
|
|
|
|
- Authenticated encryption (MITM, information leakage) |
|
|
|
|
|
- Eclipse attacks |
|
|
|
|
|
- Sybil attacks |
|
|
|
|
|
- Long-range attacks |
|
|
|
|
|
- Denial-of-Service |
|
|
|
|
|
|
|
|
|
|
|
## RPC |
|
|
|
|
|
|
|
|
|
|
|
- Write-access to anything besides sending transactions |
|
|
|
|
|
- Denial-of-Service |
|
|
|
|
|
- Leakage of secrets |
|
|
|
|
|
|
|
|
|
|
|
## Denial-of-Service |
|
|
|
|
|
|
|
|
|
|
|
Attacks may come through the P2P network or the RPC: |
|
|
|
|
|
|
|
|
|
|
|
- Amplification attacks |
|
|
|
|
|
- Resource abuse |
|
|
|
|
|
- Deadlocks and race conditions |
|
|
|
|
|
- Panics and unhandled errors |
|
|
|
|
|
|
|
|
|
|
|
## Libraries |
|
|
|
|
|
|
|
|
|
|
|
- Serialization (Amino) |
|
|
|
|
|
- Reading/Writing files and databases |
|
|
|
|
|
- Logging and monitoring |
|
|
|
|
|
|
|
|
|
|
|
## Cryptography |
|
|
|
|
|
|
|
|
|
|
|
- Elliptic curves for validator signatures |
|
|
|
|
|
- Hash algorithms and Merkle trees for block validation |
|
|
|
|
|
- Authenticated encryption for P2P connections |
|
|
|
|
|
|
|
|
|
|
|
## Light Client |
|
|
|
|
|
|
|
|
|
|
|
- Validation of blockchain data structures |
|
|
|
|
|
- Correctly validating an incorrect proof |
|
|
|
|
|
- Incorrectly validating a correct proof |
|
|
|
|
|
- Syncing validator set changes |
|
|
|
|
|
|
|
|
|
|
|
|