Cryptocurrency Vulnerability Research Paper

Together with a team involving professors and postdoctoral researchers, we wrote a paper exploring a clone-based approach for detecting vulnerabilities in cryptocurrencies, mainly through the analysis of existing Bitcoin vulnerabilities.

Abstract

Cryptocurrencies have become very popular in recent years. Thousands of new cryptocurrencies have emerged, proposing new and novel techniques improving on Bitcoin’s core innovation of the blockchain data structure and consensus mechanism. Cryptocurrencies are also a major target for cyberattacks, as they can be sold on exchanges anonymously and most cryptocurrencies have their codebases publicly available. One particular issue is the prevalence of code clones in cryptocurrencies, which may amplify security threats. If a vulnerability is found in one cryptocurrency, it might be present in cloned code from other cryptocurrencies and thus exploited to compromise them. In this work, we propose a systematic remedy to the problem called CoinWatch (CW). Given a reported vulnerability as the input, CW uses the proposed clone detection technique for indication of cryptocurrencies that might be vulnerable. We applied CW on 1094 cryptocurrencies using 4 CVEs. CW identified 786 true vulnerabilities, which were confirmed with developers and successfully reported as CVE extensions.

My Takeaways

When I first started on this paper, I was mostly unaware of what code cloning was and th vulnerabilities that could arise from it. Through this, I learnt a great deal about the core of the blockchain technology behind various cryptocurrencies such as the advantages of Proof of Work vs Proof of Stake, how Bitcoin in particular checks for double spends and how it pools verified transactions. Not only did I grow in my technical abilities, I also got to meet many interesting people in the blockchain community and attend events such as ETHSingapore and various other conferences.