Abstract
Despite the focus on operating in adversarial environments, cryptocurrencies have suffered several security and privacy problems. In this article, researchers focus on the disclosure process itself, which presents unique challenges compared to other software projects. They examine some recent disclosures and discuss difficulties that have arisen. Cryptocurrency software is complex and vulnerabilities can be readily, and anonymously, monetized. Responsible vulnerability disclosure in cryptocurrencies is challenging as decentralized systems, by design, give no single party authority to push code updates. This review of case studies informs recommendations for preventing catastrophic cryptocurrency failures. Design decisions such as which protocol to implement or how to fix a vulnerability, must get support from most stakeholders to take effect.
Original language | English |
---|---|
Pages (from-to) | 62-71 |
Number of pages | 10 |
Journal | Communications of the ACM |
Volume | 63 |
Issue number | 10 |
DOIs | |
State | Published - 23 Sep 2020 |
Bibliographical note
Funding Information:This work is partially funded by: Ar chimedes Privatstiftung, Innsbruck, U.S. National Science Foundation Award No.~ 1714291, ISF grant 1504/17, HUJI Cyber Security Research Center Grant, DFG grants FA 1320/1-1 (Emmy Noether Program) and SFB 1119— 236615297 (Crossing), and BMBF grant 16KIS0902 (iBlockchain).