Addition of Blockchain Security Templates

To satisfy the additions raised within VRT Issue 426 - bugcrowd/vulnerability-rating-taxonomy#426

Author: RRudder

submissions/description/Blockchain_Infrastructure_Misconfiguration/Improper_Bridge_Validation_and_Verification_Logic/guidance.md

@@ -0,0 +1,5 @@
+# Guidance
+
+Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed up triage time and result in faster rewards. Please include specific details on where you identified the vulnerability, how you identified it, and what actions you were able to perform as a result.
+
+Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC).

submissions/description/Blockchain_Infrastructure_Misconfiguration/Improper_Bridge_Validation_and_Verification_Logic/recommendations.md

@@ -0,0 +1,8 @@
+# Recommendation(s)
+
+Implementing the following defensive measures can prevent and limit the impact of the vulnerability:
+
+- Use robust cryptographic mechanisms to validate cross-chain proofs and transactions.  
+- Implement multi-signature or consensus-based verification for bridge transactions.  
+- Regularly audit bridge validation and verification logic to identify weaknesses.  
+- Incorporate monitoring systems to flag and halt suspicious cross-chain activity.  

submissions/description/Blockchain_Infrastructure_Misconfiguration/Improper_Bridge_Validation_and_Verification_Logic/template.md

@@ -0,0 +1,20 @@
+This misconfiguration occurs when a blockchain bridge fails to rigorously validate cross-chain transactions or asset transfers. This can arise from incomplete verification of cryptographic proofs, inadequate validation of source chain data, or flawed consensus mechanisms. An attacker can exploit this vulnerability to forge transactions, double-spend assets, or compromise the integrity of cross-chain interactions.
+
+**Business Impact**  
+
+Improper validation in blockchain bridges can lead to significant financial losses, cross-chain instability, and diminished trust in the platform. Exploits may propagate vulnerabilities across multiple chains, magnifying their impact and eroding user confidence.
+
+**Steps to Reproduce** 
+
+1. Navigate to the following URL: {{URL}}
+1. Analyze the bridge's transaction validation and verification logic.  
+2. Submit a cross-chain transaction with forged or incomplete data.  
+3. Observe if the bridge accepts and processes the invalid transaction.  
+4. Attempt to manipulate or double-spend assets through the bridge.  
+5. Confirm that the bridge fails to detect or reject the invalid transaction.
+
+**Proof of Concept**
+
+The screenshot(s) below demonstrate(s) the vulnerability:
+>
+> {{screenshot}}

submissions/description/Blockchain_Infrastructure_Misconfiguration/guidance.md

@@ -0,0 +1,5 @@
+# Guidance
+
+Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed up triage time and result in faster rewards. Please include specific details on where you identified the vulnerability, how you identified it, and what actions you were able to perform as a result.
+
+Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC).

submissions/description/Blockchain_Infrastructure_Misconfiguration/recommendations.md

@@ -0,0 +1,9 @@
+# Recommendation(s)
+
+Implementing the following defensive measures can prevent and limit the impact of the vulnerability:
+
+- Implement secure default settings and restrict administrative access to nodes and infrastructure.  
+- Regularly audit and validate network configurations against industry best practices.  
+- Use automated tools to detect and resolve misconfigurations in real time.  
+- Harden consensus mechanisms by enforcing robust cryptographic standards and validating peer integrity.  
+- Monitor network activity to detect and mitigate potential exploits stemming from misconfigurations.  

submissions/description/Blockchain_Infrastructure_Misconfiguration/template.md

@@ -0,0 +1,19 @@
+Blockchain Infrastructure Misconfiguration refers to weaknesses in the foundational components of a blockchain system, including nodes, consensus mechanisms, network configurations, and data integrity protocols. This can occur due to improper setup, insufficient security measures, or lack of adherence to best practices for infrastructure design and maintenance. Misconfigurations in this category can lead to systemic vulnerabilities, enabling attackers to disrupt the network, manipulate data, or exploit functionality. An attacker can leverage these misconfigurations to cause denial of service, compromise consensus, or gain unauthorized control over network operations.
+
+**Business Impact**  
+
+Infrastructure misconfigurations can undermine the reliability and security of the blockchain network, leading to downtime, financial losses, and erosion of trust among users and stakeholders. Such vulnerabilities can damage the reputation of the platform, expose sensitive data, and disrupt dependent decentralized applications.
+
+**Steps to Reproduce**  
+
+1. Navigate to the following URL: {{URL}}
+1. Identify deviations from security best practice in the configuration settings of nodes and network infrastructure {{explanation of where + screenshot}}
+1. Attempt to exploit weak or missing authentication for administrative access to nodes  
+1. Simulate malformed transactions or messages to test the system's error-handling mechanisms  
+1. Observe that the identified misconfigurations result in unauthorized access, operational disruptions, or data manipulation
+
+**Proof of Concept**
+
+The screenshot(s) below demonstrate(s) the vulnerability:
+>
+> {{screenshot}}

submissions/description/Decentralized_Application_Misconfiguration/DeFi_Security/Flash_Loan_Attack/guidance.md

@@ -0,0 +1,5 @@
+# Guidance
+
+Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed up triage time and result in faster rewards. Please include specific details on where you identified the vulnerability, how you identified it, and what actions you were able to perform as a result.
+
+Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC).

submissions/description/Decentralized_Application_Misconfiguration/DeFi_Security/Flash_Loan_Attack/recommendations.md

@@ -0,0 +1,7 @@
+# Recommendation(s)
+Implementing the following defensive measures in the decentralized application can prevent and limit the impact of the vulnerability:
+
+- Ensure that there are checks on price and liquidity changes to prevent sudden manipulation caused by flash loans.
+- Implement replay auditing of smart contracts to detect vulnerabilities exploitable by flash loans.
+- Ensure accurate, real-time price feeds from decentralized oracles to mitigate manipulation.
+- Enable circuit breakers to pause the system in the event of large, suspicious transactions.

submissions/description/Decentralized_Application_Misconfiguration/DeFi_Security/Flash_Loan_Attack/template.md

@@ -0,0 +1,19 @@
+A flash loan allows the borrowing of a large sum of capital without collateral as the loan must be returned to the lending platform at the end of a transaction block. A flash loan attack involves  an attacker borrowing large amounts to manipulate asset prices in liquidity pools or decentralized exchanges, arbitraging between manipulated prices across protocols, or exploiting vulnerabilities in smart contracts to drain liquidity. Through these methods an attacker is able to manipulate the logic of asset bonding curves and destabilize market prices.
+
+**Business Impact**
+
+Flash loan attacks can result in significant financial losses as well as a loss of user trust, and damage to the platform’s reputation. Additionally, businesses may face legal consequences and regulatory scrutiny which can lead to financial losses and penalties.
+
+**Steps to Reproduce**
+
+1. Navigate to the following URL: {{URL}}
+1. I  Identify a Decentralized Finance (DeFi) protocol that offers flash loans with unsecured capital: {{define specific protocol}}
+1. Borrow a large flash loan from a liquidity pool without collateral
+
+1. Perform the following actions which show the manipulated asset prices, arbitrage strategies or exploits to extra value from the manipulated prices or protocol: {{list additional actions}}
+
+**Proof of Concept**
+
+The screenshot(s) below demonstrate(s) the vulnerability:
+>
+> {{screenshot}}

submissions/description/Decentralized_Application_Misconfiguration/DeFi_Security/Function_Level_Accounting_Error/guidance.md

@@ -0,0 +1,4 @@
+# Guidance
+
+Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed up triage time and result in faster rewards. Please include specific details on where you identified the vulnerability, how you identified it, and what actions you were able to perform as a result.
+Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC).