Blockchain Security Glossary

Access Control

A security pattern that restricts function access to authorized addresses or roles. Implemented using modifiers like onlyOwner or role-based access control systems.

Arithmetic Overflow/Underflow

When a number exceeds its maximum value (overflow) or goes below its minimum value (underflow). In Solidity <0.8.0, this could lead to unexpected behavior. Now handled automatically in newer versions.

Blockchain

A distributed ledger technology that records transactions in a secure, transparent, and immutable way. Each block contains a cryptographic hash of the previous block, creating a chain of blocks. Key characteristics include decentralization, immutability, and consensus mechanisms.

Bridge

A protocol that enables the transfer of assets and data between different blockchains. Bridges maintain liquidity pools on both chains and use smart contracts to lock and mint tokens, allowing users to move assets across chains while maintaining their value.

Burning

The process of permanently removing tokens from circulation by sending them to an unrecoverable address. This reduces the total supply and can increase the value of remaining tokens. Common in deflationary token models and NFT projects.

Bytes

Checks-Effects-Interactions

A security pattern for function ordering: check conditions, update state, then interact with external contracts. Helps prevent reentrancy attacks.

Commit-Reveal Pattern

A two-phase process where users first commit to a value (hash) and later reveal it. Used for fair random number generation and preventing front-running.

Constructor

DAO

Decentralized Autonomous Organization. A community-governed entity where decisions are made through voting mechanisms encoded in smart contracts. Members typically use governance tokens to vote on proposals and shape the organization's future.

DEX

Decentralized Exchange. A platform that allows users to trade cryptocurrencies directly with each other without intermediaries. Uses automated market makers (AMMs) and liquidity pools instead of traditional order books.

dApp

Decentralized Application. An application that runs on a blockchain network, combining smart contracts with a user interface. dApps are typically open-source, decentralized, and incentivized through tokens.

Denial of Service (DoS)

An attack that prevents users from accessing contract functionality. Can occur through gas limit attacks, revert-based DoS, or blocklist locking.

Delegatecall

A low-level function that executes code from another contract in the context of the calling contract. Can be dangerous if used with untrusted code.

Fallback

A special function in Solidity that is executed when a contract receives Ether without any data or when a function call doesn't match any defined function. Must be marked as external and payable to receive Ether.

Front Running

When an attacker observes pending transactions and submits their own with higher gas to exploit information. Can be mitigated using commit-reveal schemes.

Gas

The unit that measures computational effort required to execute operations on the Ethereum network. Users pay gas fees to compensate for the computing energy required to process and validate transactions.

Gasless

A transaction model where users don't pay gas fees directly. Instead, a third party (relayer) pays the gas fees, often in exchange for a service fee or as part of a business model. Common in meta-transactions and sponsored transactions.

IPFS

InterPlanetary File System. A distributed file storage system that uses content-addressing to uniquely identify files. Commonly used in blockchain applications for storing NFT metadata and other off-chain data in a decentralized way.

Integers (Solidity)

Metadata

Additional information about an NFT or token, typically stored off-chain (often on IPFS). Includes attributes, descriptions, images, and other properties that define the token's characteristics and appearance.

Minting

The process of creating new tokens or NFTs on the blockchain. Minting involves deploying a smart contract that defines the token's properties and rules, or creating new instances of existing token contracts.

Multisig

Multi-signature wallet. A wallet that requires multiple private keys to authorize a transaction. Enhances security by distributing control among multiple parties, commonly used for treasury management and high-value transactions.

NFT

Non-Fungible Token. A unique digital asset that represents ownership of a specific item or piece of content. Unlike fungible tokens, NFTs are not interchangeable and each has unique properties and value.

Node

A computer that participates in a blockchain network by maintaining a copy of the blockchain and validating transactions. Nodes can be full nodes (storing the entire blockchain) or light nodes (storing only headers).

Nonce

A "number used once" that serves as a counter for transactions from a specific account. Each transaction must include a sequential nonce to prevent replay attacks and ensure proper transaction ordering. In Ethereum, each account has a nonce that starts at 0 and increments with each transaction. The nonce must be managed carefully in wallet implementations to avoid transaction failures or security vulnerabilities.

Oracle

A service that provides external data to smart contracts. Oracles act as bridges between blockchains and the outside world, enabling smart contracts to access real-world data like prices, weather, or sports scores.

Overflow

Occurs when a numeric value exceeds its maximum representable value. For example, if a uint8 (which can store values from 0 to 255) is incremented beyond 255, it would traditionally wrap around to 0 in Solidity versions prior to 0.8.0. This vulnerability could be exploited to manipulate balances or other numeric state variables. In Solidity 0.8.0+, overflow checks are built-in and will revert the transaction if detected.

Private Key

A secret number that allows users to access and control their cryptocurrency. The private key is used to sign transactions and prove ownership of blockchain assets. Must be kept secure and never shared.

Proposal

A formal suggestion for changes or actions in a DAO or governance system. Proposals are typically submitted by token holders and voted on by the community. Can include parameter changes, treasury allocations, or protocol upgrades.

Pull Payment Pattern

A security pattern where users withdraw funds themselves rather than having them automatically sent. Prevents issues with failed transfers and reentrancy.

Pure Functions

Replay Attacks

A type of attack where an attacker intercepts and rebroadcasts a valid transaction to execute it multiple times. In blockchain systems, replay attacks are prevented by using nonces (number used once) that ensure each transaction can only be executed once. Without proper nonce management, an attacker could potentially drain an account by replaying the same transaction repeatedly.

Rollup

A Layer 2 scaling solution that processes transactions off-chain and submits compressed data to the main chain. Reduces gas costs and increases throughput while maintaining the security of the underlying blockchain.

Royalties

A percentage of secondary sales paid to the original creator of an NFT. Implemented through smart contracts to ensure creators receive ongoing compensation when their work is resold.

RPC (JSON-RPC)

Secret Key

Another term for private key. A cryptographic key that must be kept secret and is used to sign transactions and prove ownership of blockchain assets. The corresponding public key is derived from the secret key.

Smart Contract

Self-executing code deployed on a blockchain that automatically enforces and executes the terms of an agreement. Smart contracts are immutable, transparent, and can handle complex logic and state management.

Snapshot

A tool for off-chain governance that records token balances at a specific block height. Used for voting on proposals without requiring on-chain transactions, reducing gas costs and improving user experience.

Stablecoin

A cryptocurrency designed to maintain a stable value, typically pegged to a fiat currency like USD. Can be backed by collateral (USDC, DAI) or use algorithmic mechanisms to maintain price stability.

Token

A digital asset that represents value or utility on a blockchain. Can be fungible (interchangeable) or non-fungible (unique). Tokens can represent currencies, assets, voting rights, or access to services.

Wallet

Software or hardware that stores private keys and allows users to interact with blockchain networks. Wallets can be hot (connected to the internet) or cold (offline), and support various features like token management and dApp interaction.

Wrapped Token

A token that represents another cryptocurrency on a different blockchain. Wrapped tokens maintain a 1:1 value with the original asset and are backed by the original tokens held in custody. Example: WETH (Wrapped Ether) on Ethereum.

ZK

Zero Knowledge. A cryptographic method that allows one party to prove they know something without revealing the actual information. Used in privacy-focused applications and scaling solutions like ZK-rollups.

ZK-Rollup

A Layer 2 scaling solution that uses zero-knowledge proofs to bundle multiple transactions into a single proof. Provides high throughput and low fees while maintaining the security of the underlying blockchain.