These past two weeks, my mindset shifts slightly.
Up to now, the focus has been correctness, performance, and behavior under normal conditions. This phase is about assuming things will go wrong. Not accidentally, but deliberately. Security is not a feature you bolt on at the end, but there is always room to harden a system once it is standing.
I approach this work with a simple question in mind: where would I attack this if it were not my code?
Database Safety Is Non-Negotiable
SQL injection is the first thing to eliminate, completely.
This is already handled by design. Every database operation uses prepared statements. No SQL string concatenation exists anywhere in the codebase. Inputs are bound explicitly, and queries are static.
There is nothing to sanitize because there is nothing dynamic to exploit.
This is one of those problems that should be solved once and never revisited.
Memory Safety in a Sharp Language
C++ demands respect when it comes to memory.
To avoid entire classes of bugs, all resource management relies on RAII. Locks, file handles, database connections, and network resources are scoped and released deterministically. Raw pointers are avoided almost entirely. Ownership is expressed explicitly through std::unique_ptr and std::shared_ptr.
On top of that, static analysis tools like clang-tidy run regularly and flag suspicious patterns early. The goal is not to silence warnings, but to understand them. Memory safety bugs rarely announce themselves politely.
Defending the Network Surface
Once nodes are connected, the network becomes an attack surface.
Rate limiting is enforced to prevent denial-of-service attacks. A peer that floods messages is slowed down long before it becomes a problem. Peers that repeatedly send malformed or invalid messages are banned outright.
The handshake itself validates identity before allowing any meaningful interaction. Nodes do not get to participate in protocol-level operations until they prove who they are.
Trust is earned early, or not at all.
Cryptography Without Surprises
All cryptographic operations use constant-time implementations from libsodium. There is no custom crypto code, no shortcuts, and no optimizations that trade safety for speed.
Private keys never appear in logs. Not in debug mode. Not in error paths. Not ever.
Key derivation follows SLIP-10, ensuring compatibility with hierarchical deterministic wallets and avoiding the temptation to invent yet another key scheme.
Cryptography should be invisible when done right.
Hardening Consensus Itself
Consensus rules are also a security boundary.
The multi-peer fork confirmation logic introduced earlier significantly reduces the risk of eclipse attacks. A single peer can no longer convince a node to switch to a fake chain. Fork claims must be corroborated by multiple independent peers before being accepted.
Block timestamps are validated against local time with defined tolerances. This prevents timestamp manipulation attacks that could otherwise skew participation logic or block scheduling.
Small checks. Big consequences.
Fixing a Silent Bug From the Past
Security hardening also means auditing old behavior carefully.
While reviewing registry logic, I uncover a subtle bug in the original Go implementation. When a node is expelled from the registry, its locked balance is supposed to be returned to the owner. In the Go code, a variable is reset too early, causing the returned balance to be zero.
This bug does not crash anything. It simply steals funds silently.
The C++ implementation fixes this by preserving the locked balance before any mutation occurs and returning it correctly. The issue and the fix are documented explicitly in the audit reports.
This is exactly the kind of bug that scares me the most.
Defensive By Default
By the end of this phase, ZooBC feels less trusting.
Not paranoid.
Just realistic.
Every layer assumes the one above it might misbehave. Every external input is treated as potentially hostile. Every irreversible action is guarded by explicit checks.
Sitting in my lab late at night, running attack scenarios instead of happy paths, I feel a different kind of confidence building.
Not the confidence that nothing will go wrong.
The confidence that when it does, the system will hold.
