Blockchain security quick start (1) / / introduction to blockchain security

Ba1_ Ma0 2022-04-06 05:45:37 阅读数:178

blockchain security quick start introduction

1. What is blockchain and smart contract , Why learn blockchain security

Why blockchain security is important ? since 2008 Since the first bitcoin white paper was released in , Blockchain usage is growing explosively . Many applications rely on this technology to increase trust and privacy , Otherwise, they will not appear in the centralized system . The ecosystem surrounding blockchain technology is huge and complex , And there are many active parts . There are various cryptocurrencies that users can trade 、NFT And token exchanges . Smart contracts can be written to programmatically apply behaviors to blockchain transactions . There is decentralized finance (DeFi) market , Users can exchange tokens without registering an account . All these parts are vulnerable to vulnerabilities , And with blockchain at the forefront of emerging technologies , New problems are found every day . In this Black Hills Information security (BHIS) In network broadcasting , We will use a case study of recent blockchain hacking attacks to introduce writing / Potential problems in designing smart contracts , These problems eventually cost the attacker millions of dollars .
 Insert picture description here

What are the different types of blockchains ?

1. Public blockchain

 All transactions on the public blockchain are completely transparent , This means that anyone can analyze the nuances of the transaction . for example : Bitcoin and Ethereum .

2. Private blockchain

 All transactions on the private blockchain are private , And system members who are allowed to join the private blockchain network can easily access .

3. Alliance blockchain

 Alliance blockchain is very similar to private blockchain . The main difference between them is , The alliance blockchain is not managed by a single entity , It's managed by a group . Participants in the alliance blockchain can merge anyone from the national bank to the government to the supply chain .

4. Licensed blockchain network

 Enterprises that establish private blockchains usually establish a licensed blockchain network . It should be noted that , Public blockchain networks can also be licensed . This imposes restrictions on who is allowed to participate in the network and what transactions . Participants need an invitation or permission to join .

What is a blockchain

 Insert picture description here

The official definition of :

https://www.ibm.com/topics/what-is-blockchain
Blockchain definition

Blockchain is a shared 、 Immutable ledger , The process of recording transactions and tracking assets in a business network . Assets can be tangible ( House 、 automobile 、 cash 、 land ) Or invisible ( intellectual property right 、 patent 、 Copyright 、 brand ). Almost anything of value can be tracked and traded on the blockchain network , So as to reduce the risk and cost of all relevant personnel .

Why blockchain is important

Business depends on Information . The faster you receive , The more accurate the better . Blockchain is an ideal choice for delivering this information , Because it provides instant 、 Shared and fully transparent information , Stored in an immutable ledger , Only licensed network members can access . Blockchain networks can track orders 、 payment 、 Account 、 Production and so on . And because members share a single view of the truth , You can view all the details of the transaction end-to-end , Make you more confident , And new efficiencies and opportunities .

What is the smart contract on the blockchain

 Insert picture description here

Smart contracts are just programs stored on the blockchain , Run when the predetermined conditions are met . They are often used to automate protocol execution , So that all participants can immediately determine the results , Without the involvement of any middleman or loss of time . They can also automate workflow , Trigger the next operation when the condition is met .
Official explanation :

https://www.ibm.com/topics/smart-contracts

2. About some blockchain security attacks

1. Reenter attack
2. first strike
3. Inter overflow and underflow
4. Denial of service
5. Access control
5. Timestamp depends on

Pay attention to me , After that, we will demonstrate the relevant attack methods one by one

3. Learn the materials and shooting range of blockchain security

Books :

https://github.com/ethereumbook/ethereumbook

shooting range :

https://ethernaut.openzeppelin.com/
https://www.damnvulnerabledefi.xyz/

Learning materials :

https://cryptozombies.io/zh/course/
https://solidity-by-example.org/

Reference material :

https://www.investopedia.com/terms/b/blockchain.asp
https://www.ibm.com/topics/smart-contracts
https://www.ibm.com/topics/what-is-blockchain
https://www.getastra.com/blog/knowledge-base/blockchain-security/
https://www.youtube.com/watch?v=WchXkMlKj9w
https://www.youtube.com/watch?v=M6sLKkc6bV8

4. What are the blockchain security testing tools ?

SWC-registry: Smart contract vulnerability classification and test cases .

https://swcregistry.io/

MythX: This is a smart contract security analysis API, Support Ethereum、Quorum、Vechain、Roostock、Tron And others with EVM Compatible blockchain .

https://mythx.io/

Echidna: This is a Haskell Program , It aims to conduct fuzzy test on Ethereum smart contract / Property based testing .

https://github.com/crytic/echidna

Manticore: It is a symbolic execution tool for analyzing smart contracts and binaries .

https://github.com/trailofbits/manticore

Oyente: Static analysis tool for smart contract security .

https://github.com/melonproject/oyente

Securify 2.0:Securify 2.0 It is the security scanner of Ethereum smart contract .

https://securify.chainsecurity.com/

SmartCheck: Static smart contract Security Analyzer .

https://tool.smartdec.net/

summary

In less than a year , exceed 12 $billion stolen from projects based on smart contracts , This article just briefly introduces what blockchain and smart contract are , And relevant information , Pay attention to me , I'll show you how to find and exploit vulnerabilities in later articles .

版权声明:本文为[Ba1_ Ma0]所创,转载请带上原文链接,感谢。 https://netfreeman.com/2022/04/202204060523354585.html