Add Blockchain & Web3 Security section

[0xBassia]

Summary

Adds a new Blockchain & Web3 Security section — the first blockchain-specific attack reference in PayloadsAllTheThings.

Content

RPC Endpoint Attacks

• Exposed Debug Methods: Batch testing script for all dangerous JSON-RPC methods (debug_, trace_, admin_, personal_, txpool_*)
• Mempool/Txpool Exposure: txpool_content exploitation for frontrunning/MEV attacks, with comparison showing major L2s properly disable this
• Node Version Disclosure: Fingerprinting node software (Geth, Erigon, Nethermind, Besu, Reth, Nitro)
• Dangerous Methods by Node Type: Reference table mapping node software to their exploitable namespaces

Web3 Frontend Attacks

• postMessage Exploitation: Capturing payment tokens from checkout/bridge iframes
• Transaction Manipulation: Intercepting client-side transaction building
• Wallet Connection Hijacking: Extracting WalletConnect project IDs and relay endpoints

Smart Contract Interaction

• Price Oracle Manipulation patterns
• Flash Loan Attack structure
• Read-Only Reentrancy

Bridge & Cross-Chain

• Bridge relay monitoring
• Cross-chain replay attacks

Key & Credential Exposure

• Hardcoded private keys in JS bundles (including common Hardhat test keys)
• API key leakage (Infura/Alchemy/QuickNode keys in frontend code)

Why This Matters

Web3 security is a rapidly growing field with $200K+ bug bounties on platforms like Immunefi, BugRap, and HackenProof. PayloadsAllTheThings currently has zero blockchain-specific content despite being the go-to reference for security professionals. This section fills that gap with practical, copy-paste-ready commands and payloads.

All techniques are based on real-world authorized bug bounty research and penetration testing.