art_of_bug
art_of_bug

art_of_bug

We are research group with focus to expose bugs in design and implementation of blockchain projects. We only honour responsible disclosure with projects that honour responsible development.


NavCoin – Bypassing Header Spam Protection

1 day ago 6 minute read art_of_bug $1.62 tipped

Welcome back. Today we will talk about NavCoin. We start with a little rant as we sometimes do when we feel things could have gone better. Then we disclose an unpatched vulnerability in NavCoin Core which was caused by copying and pasting the code fr...

Syscoin Hack Ethereum Bridge Bounty 2 - Superblocks Future Time Bug

2 weeks ago 4 minute read art_of_bug $0.71 tipped

Nice to see you again. Last time we have described our first submission to the hack the Syscoin's Ethereum bridge bounty (do follow this link also to find information about Syscoin Ethereum bridge, some understanding of it is useful to be able to gra...

Syscoin Hack Ethereum Bridge Bounty - The Cut Off Problem

14 Aug 2019 16 minute read art_of_bug $1.25 tipped

Welcome back. Hacking production chains a.k.a. mainnets is the most fun, but when incentives allow, exploring testnets can be fun too. The following is our first submission to the hack the Syscoin's Ethereum bridge bounty (do follow this link also to...

Emercoin – Bypassing POS Temperature

28 Jul 2019 8 minute read art_of_bug $1.56 tipped

Welcome to the next episode. Last time we discussed Emercoin's 51% attack and the related hardfork. We mentioned that there were more vulnerabilities we have discussed with Emercoin's team. Today we present one of the issues that we reported. It has...

Emercoin Hardfork Mess – Trivial 51% Attack

11 Jul 2019 12 minute read art_of_bug $1.05 tipped

Welcome back. Last time we've talked about Particl. Since then there has been good news coming from Particl. The bugs were fixed and they are allegedly considering creating a proper bug bounty program. And we have published a post about how should a...

How to Make Good Bug Bounty

8 Jul 2019 7 minute read art_of_bug $0.46 tipped

Most projects in cryptocurrency space don't have a bug bounty program, or their bug bounty program is deficient. We think such an approach is dangerous for most projects out there. Bitcoin is probably the only project that can afford not having a bug...

Particl – Using Spent Kernel To Split the Network

29 Jun 2019 11 minute read art_of_bug $3.11 tipped

Welcome again. It took us a while to get back. The reasons are both simple and sad – communication with Altcoin vendors is very difficult and slow. Many Altcoins do not have any vulnerability policy in place. You have no idea who to contact and you h...

Introduction & Neblio – VerifyInputsUnspent Denial of Service

11 May 2019 6 minute read art_of_bug $1.04 tipped

Welcome to our first blog post. We hope you will enjoy our content. Today, we start with a vulnerability in Neblio project. We made several attempts to contact the Neblio team in April, but all our attempts failed. It seemed that they just refused to...