Do code review for logical and security mistake in our testnet: VeChainThor is a new public blockchain that was written from scratch by the VeChain team. VeChainThor leveraged some of the features of Ethereum such as EVM. The VeChain team has added a lot enterprise friendly features at the core blockchain level so that it could be easily used by any developer or user on the platform. Some of the major features are:
VET / VTHO dual token system, only VTHO will be consumed by the payment and smart contract execution
Multi-party payment protocol
Completely new transaction model
Proof of Authority consensus
Thor is VeChain's new generation blockchain project. It's the oﬃcial implementation written in golang.
Download mainnet source code, vendor dependency packages and VeChain Thor Tutorial via Github.
Connect to the testnet, generate wallet address by yourself and receive test tokens via faucet.
What to look for
Protocol and Network
Conceptual and practical security issues in the formal specification of the protocol.
Misaligned / unintended economic incentives and game theoretic flaws.
Security weaknesses / attacks on the P2P communication protocol and PoA consensus algorithm.
Scenarios for DoS attacks.
51% and other X% attacks
Transaction / messages malleability
Server configuration issues (open ports) Node function validation
Lack of validations of blocks, transactions and messages
Ethereum Virtual Machine code execution such as built-in contract, native function
Calculation and enforcement of fees. Client application security, suggestions on the APIs
Data type overflow / wrap around, e.g. integer overflow.
Panics or not properly handled errors.
Concurrency, e.g. synchronization, state, races attacks.
Issues related to external libraries used (outdated software). Cryptographic primitives security