In recent days, the blockchain platform EOS smart contract vulnerability incident has once again pushed the blockchain security to the forefront. An attacker can control all the nodes in the blockchain network after a series of operations by issuing a "smart contract" containing malicious code. From The DAO to BEC, SocialChain, Hexagon, to the EOS vulnerability in these days, "smart contracts" have become the hardest hit area for blockchain security. So what is the smart contract, what kind of new challenges does the vulnerability of the smart contract bring to security, how should we deal with it? The following content 360 code guard team security experts will be deeply interpreted from these aspects. 1. What is a smart contract? The term smart contract was coined by Nick Szabo in 1994 and was later redefined in several different environments. The blockchain smart contract we usually refer to is represented by Ethereum. The author of Ethereum, Vitalik Buterin, realized that in the blockchain system, the transaction logic can be separated from the underlying system mechanism. The underlying system is responsible for the creation and verification of transaction blocks, the basic functions of the bookkeeper's consensus, and what the transaction itself can do is defined by means of secondary programming. So he designed a virtual environment EVM for transaction code execution. Users can develop custom transaction logic and publish it to the chain. When the transaction is going on, all nodes in the chain execute the same code, thus changing the chain synchronously. The status of the data. He used the name "smart contract" for this code, which is what we usually call smart contracts. Second, the smart contract loopholes, it is difficult! The essence of a smart contract is a piece of code that runs in a blockchain network that completes the business logic that the user gives. Take the token of the Ethereum system as an example. Its business logic is to issue coins and trades. At the beginning of the design, Ethereum designed the smart contract to be a mode that cannot be modified once deployed. This design may be to improve the credibility of smart contracts. But we know that as long as it is a program written by someone, there will be errors and defects. The design of Ethereum itself violates the general rules of programming, and may cause irreparable damage when a smart contract is flawed. We can see that the recent loopholes in the Ethereum system smart contract have had a huge impact, and some tokens have also been destroyed. At present, the mechanism design of the Ethereum system blockchain smart contract, combined with the devastating effects of the loopholes, makes the reporting and processing of loopholes in the on-line smart contracts very difficult. In the recent research, the 360 ​​Code Guardian team discovered the smart contract security vulnerabilities of many listed transactions under the Ethereum system, and has reported the vendors for the first time, but so far the vendors have not responded. For the manufacturer, due to the unmodifiable characteristics of the smart contract, it is necessary to redeploy the new contract to effectively fix the vulnerability discovered after going online. This will cost a lot of money, so some manufacturers may choose not to respond. Do not process. For security researchers, they are also facing embarrassing situations. It is unfavorable for the manufacturer to disclose the details of the vulnerability before the manufacturer fixes the vulnerability. There is a general principle of vulnerability disclosure. However, if the manufacturer does not fix the vulnerability, the public will be unaware of the existence of the vulnerability, and the risk will expand rapidly with time. It may cause even greater harm, affecting a larger group of people, and may cause many people's investment to disappear instantly. The next 360 Code Guardian team will also maintain positive contact and communication with the vendor to help them fix the vulnerability. Third, smart contract loopholes, how to deal with? In some alliance chains, the design of smart contracts can be updated after deployment, although this update requires a certain offline negotiation process. In order to deal with the security vulnerabilities of blockchain smart contracts, it is necessary to generally consider designing a corresponding smart contract negotiation update mechanism in the future to reduce the cost of bug fixes. But now, we need to face the reality and make almost the only feasible and effective effort - to conduct a comprehensive and in-depth code security audit before the smart contract goes online, to eliminate loopholes as much as possible and reduce security risks. 360 code guard team security experts said that there are at least 20 kinds of loopholes in the current blockchain smart contract. The following is a list of the types of vulnerabilities in some common blockchain smart contracts and their possible risks. These vulnerabilities should be thoroughly investigated before the smart contract goes online. Integer overflow Dangerous numerical operations in smart contracts May cause contract invalidation, unlimited currency, etc. Override access Improper handling of access control in smart contracts May lead to excessive currency risk Information disclosure Hardcoded address, etc. May lead to the disclosure of important information logical error Proxy transfer function missing necessary check Risks such as malicious transfers based on reentrant vulnerabilities Denial of service Loop statements, recursive functions, external contract calls, etc. are not handled properly Risk of denial of service, such as infinite loops, recursive stack exhaustion, etc. Function misuse Pseudo-random function call and interface function implementation problem Risks that can cause predictable random numbers, interface functions returning exceptions, etc.
ZGAR electronic cigarette uses high-tech R&D, food grade disposable pod device and high-quality raw material. All package designs are Original IP. Our designer team is from Hong Kong. We have very high requirements for product quality, flavors taste and packaging design. The E-liquid is imported, materials are food grade, and assembly plant is medical-grade dust-free workshops.
Our products include disposable e-cigarettes, rechargeable e-cigarettes, rechargreable disposable vape pen, and various of flavors of cigarette cartridges. From 600puffs to 5000puffs, ZGAR bar Disposable offer high-tech R&D, E-cigarette improves battery capacity, We offer various of flavors and support customization. And printing designs can be customized. We have our own professional team and competitive quotations for any OEM or ODM works.
We supply OEM rechargeable disposable vape pen,OEM disposable electronic cigarette,ODM disposable vape pen,ODM disposable electronic cigarette,OEM/ODM vape pen e-cigarette,OEM/ODM atomizer device.
Disposable Vape, bar 3000puffs, ZGAR bar disposable, Disposable E-cigarette, OEM/ODM disposable vape pen atomizer Device E-cig, ZGAR 25 Vape ZGAR INTERNATIONAL(HK)CO., LIMITED , https://www.zgarecigarette.com
