Submit all vulnerabilities to:
blocktop is a lightweight development tool and, as such, does not really have many serious security implications. There are a few things to consider though, for the sake of completeness.
The RPC node used to retrieve blockchain data from must be entirely trusted not to:
- Submit malformed data that could be used to perform either
- Log injection or,
- SQL injection (although
blocktopuses the prepared statements API provided byrusqlite).
- Submit incorrect blockchain data that is otherwise valid
- Stale data will mean that the index lags behind the rest of the network
- Reorgs (see below)
Blockchain reorganisations (or reorgs) are a possibility in modern blockchain networks.
Currently, blocktop does not handle reorgs at all and will happily continue to write data to the index and display this data to the user (unless in headless mode, obviously). It is advisable to understand how your RPC node (be it your own or that of a third-party provider) handles reorgs and how this impacts your use case for blocktop.