github.com/pokt-network/tendermint@v0.32.11-0.20230426215212-59310158d3e9/SECURITY.md (about) 1 # Security 2 3 As part of our [Coordinated Vulnerability Disclosure 4 Policy](https://tendermint.com/security), we operate a [bug 5 bounty](https://hackerone.com/tendermint). 6 See the policy for more details on submissions and rewards. 7 8 Here is a list of examples of the kinds of bugs we're most interested in: 9 10 ## Specification 11 12 - Conceptual flaws 13 - Ambiguities, inconsistencies, or incorrect statements 14 - Mis-match between specification and implementation of any component 15 16 ## Consensus 17 18 Assuming less than 1/3 of the voting power is Byzantine (malicious): 19 20 - Validation of blockchain data structures, including blocks, block parts, 21 votes, and so on 22 - Execution of blocks 23 - Validator set changes 24 - Proposer round robin 25 - Two nodes committing conflicting blocks for the same height (safety failure) 26 - A correct node signing conflicting votes 27 - A node halting (liveness failure) 28 - Syncing new and old nodes 29 30 ## Networking 31 32 - Authenticated encryption (MITM, information leakage) 33 - Eclipse attacks 34 - Sybil attacks 35 - Long-range attacks 36 - Denial-of-Service 37 38 ## RPC 39 40 - Write-access to anything besides sending transactions 41 - Denial-of-Service 42 - Leakage of secrets 43 44 ## Denial-of-Service 45 46 Attacks may come through the P2P network or the RPC: 47 48 - Amplification attacks 49 - Resource abuse 50 - Deadlocks and race conditions 51 - Panics and unhandled errors 52 53 ## Libraries 54 55 - Serialization (Amino) 56 - Reading/Writing files and databases 57 - Logging and monitoring 58 59 ## Cryptography 60 61 - Elliptic curves for validator signatures 62 - Hash algorithms and Merkle trees for block validation 63 - Authenticated encryption for P2P connections 64 65 ## Light Client 66 67 - Validation of blockchain data structures 68 - Correctly validating an incorrect proof 69 - Incorrectly validating a correct proof 70 - Syncing validator set changes 71 72