Blockchain circle

One stop hot information platform

About us:

Blockchain circle provides the latest information about blockchain, digital currency, digital wallet, exchange, metauniverse, bitcoin, Ethereum, contract, financial management and so on, and always pays attention to the latest market...

Contract vulnerabilities, hacker attacks... Practitioners talk about blockchain technology security

Time : 11/07/2021 Author : gpb6ky Click : + -
        The launch meeting for the development of the national standard "information security technology blockchain information service security specification" was held on October 19, raising the security issue of blockchain to the government level. What are the main security problems of blockchain? How to solve it? How to prevent risks in blockchain application projects? Chain news interviewed a number of practitioners in the blockchain industry at home and abroad and shared their views. Chain news: blockchain technology is still in its early stage. In the process of industry development, what problems have blockchain encountered in security and how to solve them?. Wusijin: at present, the security of blockchain mainly involves three aspects: code security, privacy security and private key custody security.
        Among them, the problem of code security can be divided into two categories: one is the security of the platform's own system, and the other is the security of users' writing contracts. In fact, the problem of platform security cannot be completely solved. At present, no company has this strength. What we need to do is to have time to reach a consensus to remedy the platform vulnerabilities. Blockchain is an open database, and any transaction is open, transparent and verifiable. But many times, we don't want it to be like this. At present, the main ways to solve privacy security are ring signature and zero knowledge proof. The most prominent problem of blockchain is the loss and theft of private keys.
        One method is to authorize another private key to transfer assets, but the authority of this private key is relatively low. It takes one month to complete the transfer of assets. If it is found that the transfer of assets is illegal, the original private key can be used to transfer the funds in real time. Another good scheme is the multi signature mechanism. Assets are placed on the multi signature address, so the security of the system will also be improved. And these two methods can be combined to make the system more secure. Zheng Chunheng: in the process of improving the performance of blockchain, the risk of centralization that miners (or block producers) can obtain data review rights will increase. The blockchain layer 2 agreement with censorship resistance will be the answer.
        We are a layer-2 protocol based on Ethereum. By using plasma, roll up and other technologies, we give Ethereum a higher level of interoperability, scalability, functionality and availability without changing its own security and data availability. Anyone can deploy a layer2 solution on demand to meet their specific needs for scalability. Li Zhe: from the DAPP level, the security problems in recent years are mainly hacker attacks, mainly by means of overflow attacks, random number problems, replay attacks, counterfeit currency attacks, fake transfer notifications, denial of service attacks, sensitive permissions, private key leakage, transaction rollback attacks, inline reflection attacks, namesake confusion transactions, etc. the evolution of the overall mode follows system attacks &mdash& mdash; Program logic vulnerability &mdash& mdash; Algorithm vulnerability of program &mdash& mdash; Comprehensive means of attack, now hackers will also use a variety of comprehensive means of attack to try one by one.
        From the perspective of the exchange, hackers' intrusion into the platform hot wallet by obtaining private keys, malicious code and other means is the most common attack method. In addition, there are DDoS attacks, fraudulent transactions, the use of trading code vulnerabilities and so on. Chain news: in order to maximize the safety of application projects, what factors should be considered when choosing a consensus mechanism? In addition, the consensus mechanism actually involves the Impossible Triangle of blockchain. How do you view the Impossible Triangle of blockchain?. Wusijin: to put it simply, there is no system that has achieved decentralization, scalability and security. However, it does not mean that we cannot do it in the future. Blockchain in the future will definitely achieve these three security. At present, we are also working in this direction and have made some achievements.
        For example, the parallel chain architecture is very close to solving this Impossible Triangle: the implementation method is to separate business logic and data. Security is shared between different parallel chains. As for consensus problems, they can be basically divided into three categories: pow (physical computing power), POS (financial computing power), and voting (various BFT algorithms). The consensus has a common goal, which is to prevent historical data from being tampered with. POW and POS are generally used in the public chain, and they are the mainstream consensus algorithms of the public chain system. They have the advantage of decentralization, but they all have an important disadvantage, that is, the data may be rolled back. There are many consensus based on voting, such as pbft, tendermint, and Facebook's hotstuff. Their implementation principles are similar, the only difference is that the information complexity is different. For the case of a small number of nodes, the difference is small, but when the number of nodes exceeds 100, hotstuff can significantly reduce the number of information transmission.
        Extend the chain function. It took more than 5 years for bitcoin and Ethereum to protect thousands of well distributed nodes with their own consensus mechanism, and it is easier to create an expansion chain. Blockchain layer-2 agreement may be an option to supplement the blockchain dilemma. Wusijin: technology is always in the process of development. In practical application, many technologies need to make certain compromises. For example, when there are loopholes in the contract, the contract management mechanism is very important. In the case of vulnerabilities, how to identify and repair vulnerabilities according to the predetermined process to minimize losses. This approach is a little centralized, but in the case of immature technology, it is necessary to take precautions as a precaution.
        Otherwise, nothing can be done in case of problems, which will cause greater losses and panic. Zheng Chunheng: first of all, it is important to recognize that blockchain is a technology different from Internet services. In the application of blockchain technology, in addition to an independent web browser, a wallet program (such as metamask) must be loaded. In addition, additional network fees different from existing Internet services need to be paid. Even if you can accept all the above costs, this blockchain application must have a "must use" reason, otherwise it can only become an "unused application" in the end.
        Li Zhe: from the code level, security audit can prevent risks to a certain extent. Now many projects have attached importance to this. For example, some public chains will invite a number of third-party security companies to conduct regular audits, and many application projects will also conduct security audits before going online. On the other hand, from the perspective of users, individuals also need to improve security awareness, especially strengthening private key management, guarding against phishing sites, using cold wallets, and so on. Wusijin: now the industry says that its own system is very safe. As for why it is safe, it is difficult to be convincing. If the "safety specification" is issued, then at least it can be said that your system is in line with the "safety specification" and is relatively safe.
        After the introduction of the safety code, enterprises in the industry will certainly study it and make their systems comply with the safety code, which will eventually promote the overall safety of the industry system. Li Zhe: the development process of blockchain technology has a strong geek color and high heterogeneity. At present, blockchain technology lacks a standard system in infrastructure design, smart contract deployment, data privacy protection, governance, compliance supervision, security and other aspects all over the world. However, the low degree of standardization of blockchain technology objectively restricts its scale application in various scenarios. In order to promote the application of blockchain technology, it is necessary to formulate general and universal blockchain standards.
        Moreover, as an emerging technology, blockchain is equivalent to establishing access standards for infrastructure, and even the standards will affect the development of "blockchain +" in the future. The standard of the security specification focuses on the security risks of blockchain information services, which is also urgently needed for the development of the blockchain industry. Security is the cornerstone of blockchain. As a machine to solve trust, if it is not secure, then trust is impossible. Especially at present, blockchain is widely used in financial and government scenarios, asset security and data security are particularly important. It can be predicted that the formulation and future implementation of the security specification will have a positive impact on standardizing blockchain technology and improving the overall security performance of blockchain projects.
        If the security of the underlying technology is qualitatively improved, the security of the application projects on it will also be improved, which is conducive to the promotion and application of blockchain technology.
Previous:Zhangtai Taoyuanju nucleic acid detection epidemic situation in recent years, the scene seen on TV finally came into reality
Next:No more

Related articles:

© 2005-2032 | Blockchain Circle & & All Rights Reserved    Sitemap1 Sitemap2 If there is infringement, please contact us at: