The article discusses the challenges of disclosing bugs and dealing with disclosures in open and distributed cryptocurrencies. Bugs in blockchain based systems can lead to severe security and privacy problems. Sometimes, these issues are resolved without much fanfare following a disclosure by the individual who found the hole. In other cases, they result in costly losses due to theft, exploits, unauthorized coin creation, and destruction. These experiences provide regular fodder for outrageous news headlines. In this article, we focus on the disclosure process itself, which presents unique challenges compared to other software projects.
Authors: Rainer Böhme, Lisa Eckey, Tyler Moore, Neha Narula, Tim Ruffing, Aviv Zohar
Communications of the ACM, October 2020, Vol. 63 No. 10, Pages 62-7110.1145/3372115