Ethereum smart contract attack
a brief history of etheric Classics (etc)
etheric classics began with an unfortunate event
in May 2016, the decentralized autonomous organization (DAO) held a token sale with the goal of establishing a blockchain based venture capital to fund future decentralized applications (dapps) in the Ethereum ecosystem
basically, Dao is a complex smart contract that operates in a decentralized way - computer code that automatically performs tasks between multiple parties when conditions are met
despite its ambitious goals and successful token sales, Dao's code has a major vulnerability that allows attackers to steal eth from decentralized organizations
the attacker took advantage of this vulnerability in June 2016, triggering the infamous Dao hacking event, and maliciously stole eth worth about US $50 million
there is no doubt that Dao hacking has shocked Ethereum community and made eth price drop from $20 to $13
after the Dao hacking, the Ethereum community has to choose from three options
< UL >do nothing and try to bear the consequences of the attack
start soft bifurcation to recover funds
deploy a hard fork to recover the lost eth
both soft and hard bifurcations are significant network upgrades. However, soft fork allows users who are not upgraded to communicate with upgraded users, while hard fork is not backward compatible with previous versions
as developers realize that deploying soft forks will expose the network to distributed denial of service (DDoS) attacks, Ethereum community decides to initiate hard forks to recover the funds lost in Dao hacking attacks
although this scheme is supported by most people, a small number of people in Ethereum community oppose it. They think that "code is the law" and blockchain network should be unchangeable
the failure of both sides to reach an agreement on the solution eventually led to the fragmentation of Ethereum blockchain
those who tried to recover the lost eth chose the hard fork and opened the Ethereum (ETH) blockchain as we know it today, while another group stayed on the original Ethereum classic (etc) chain
what problems does ethereal classic solve Ethernet classic (etc) is a blockchain platform that allows developers to deploy smart contracts and dapps although this function is the same as Ethereum (ETH), etc blockchain has two main differences first of all, Ethereum classic community opposes tampering with distributed ledger and supports the view that "blockchain network cannot and should not be modified" secondly, although there is no rigid upper limit on the total supply of eth, it is allowed to create 230 million etc at most by adopting the monetary policy of constant supply as a bonus item, ethereal classic launched Atlantis hard bifurcation last year to increase the interaction with Ethereum and improve the privacy protection of transactions through ZK snarks the trading platforms recommended by ethereal classic etc are: Fire coin, okex, AAX, etc
There is an essential difference between Ethereum and bitcoin. What is the difference? Bitcoin defines a set of currency system, while Ethereum focuses on building a main chain (which can be understood as a road) to allow a large number of blockchain applications to run on this road
from this point of view, Ethereum's application scenarios are more extensive, which is why we say that Ethereum marks a simple monetary system in the era of blockchain
1.0, and a transformation to other instries and application scenarios in the era of blockchain 2.0
however, there is no perfect thing in the world. Although Ethereum has expanded the application scope of blockchain in all walks of life and improved the speed of transaction processing, it also has some disputes and doubts
first, the solution to the lack of scalability of Ethereum: slicing technology and lightning network
the bottom design of Ethereum, the biggest problem is that Ethereum has only one chain and no side chain, which means that all programs have to run on this chain equally, consuming resources and causing system congestion. Just like last year's very popular Ethereum game "encryption cat", when this game was very popular, it once caused Ethereum network paralysis
to improve the processing capacity, Ethereum proposes two ways: shard and lightning network. Let's introce these two technologies respectively
(1) fragmentation technology
vitalik buterin, founder of Ethereum, believes that the reason why mainstream blockchain networks such as bitcoin process transactions very slowly is that every miner has to process every transaction in the whole network, which is actually very inefficient. The idea of fragmentation technology is: a transaction does not need to be processed by all nodes in the whole network, as long as some nodes (miners) in the network are allowed to process it. Therefore, Ethereum network is divided into many pieces. At the same time, each piece can handle different transactions. In this way, the network performance will be greatly improved
however, the slicing technology is also controversial. As we all know, the important idea of blockchain technology is decentralization. Only when the whole network witnesses (processes) the same transaction can it have the highest authority. The Ethereum slicing technology is similar to the group witness, not all nodes witness together. In this way, it will lose the absolute "decentralization" attribute, and can only achieve the purpose of high performance by sacrificing certain characteristics of decentralization
(2) lightning network
lightning network uses the way of transaction under the chain. What does that mean? It means: when the participants of lightning network transfer money to each other, they do not need to confirm the transaction through the main chain of Ethereum, but create a payment channel between the participants and complete it under the chain
however, lightning network is not separated from the main chain. Before establishing a payment channel, you need to use the assets on the main chain as collateral to generate a balance proof, which indicates that you can transfer the corresponding balance. In the case that both parties of the transaction hold the balance certificate, both parties can make unlimited number of transfers under the chain through the payment channel
only when the off chain transaction is completed and the assets need to be transferred back to the chain, the balance change information of the main chain account will be registered on the Ethereum main chain, and no matter how many transactions occur ring this period, there will be no record on the main chain
another real benefit of lightning network is that it can save the cost of miners for you. At present, when we trade on the main chain of Ethereum, we need to consume gas and pay for miners. Once we move the transaction to the lower chain, we can save this part of the cost
Of course, lightning network is not perfect. When using the lightning network, the assets on the main chain should be used as collateral; And this part of assets as collateral can not be used before the user completes the transaction under the chain. This also determines that lightning trading is only suitable for small transactionsthe above is the problem of insufficient scalability of Ethereum, as well as the two main solutions: fragmentation technology and lightning network
Second, there are loopholes in Ethereum's smart contract and the infamous Dao event
Ethereum's smart contract is very powerful, but there are loopholes in any code. The biggest controversy of Ethereum's smart contract lies in the so-called loopholes, that is, security issues. According to relevant research, 34200 (about 3%) of the nearly 1 million smart contracts based on Ethereum contain security vulnerabilities, which will allow hackers to steal eth, freeze assets or delete contracts, such as the infamous Dao incident
(1) what does Dao meanbefore introcing the Dao event, let's first introce what Dao is. Dao is the abbreviation of decentralized
autonomous organization, which can be understood as decentralized autonomous organization. From the perspective of Ethereum, Dao is a kind of contract or a combination of contracts on the blockchain, which is used to replace the government's review and complex intermediate proceres, so as to achieve an efficient and decentralized trust system. Therefore, Dao is not a specific organization, that is to say, there can be many Dao, all kinds of Dao
(2) the infamous Dao event
however, when we talk about Dao now, we basically refer to the Dao event, that is, the infamous hacker attack event we just mentioned. As we know, the English word "the" refers to "the Dao event". The Dao event
refers to "the Dao event", because we just said that Dao is not a specific organization, there can be many Dao, all kinds of Dao
in 2016, slock.it, a German company focusing on "smart locks", launched the Dao project on Ethereum in order to realize decentralized physical exchange (such as apartments and ships). Since April 30, 2016, the financing window has been open for 28 days
unexpectedly, this Dao project is very popular. It raised more than US $100 million in just half a month. By the end of the whole financing period, it raised a total of US $150 million. Therefore, it has become the largest crowdfunding project in history. However, it didn't last long. In June, hackers took advantage of the loopholes in the smart contract to successfully transfer more than 3.6 million Ethernet coins and put them into a Dao sub organization, which has the same structure as the Dao. At that time, the price of Ethernet currency fell directly from more than $20 to less than $13
this event shows that there are loopholes in smart contracts, and once the loopholes are exploited by hackers, the consequences will be very serious. This is why many people criticize Ethereum and say that its smart contract is not smart
to solve this problem, many foreign companies begin to provide code audit services in order to solve the vulnerability problem of smart contract. From a technical point of view, some teams are currently testing smart contracts. Most of these teams are led by professors from Harvard, Stanford and Yale, and some of them have obtained investment from leading institutions
in addition to the problems of insufficient expansibility and loopholes in smart contracts, the controversy over Ethereum lies in the POS consensus mechanism it pursues, that is, the proof of equity mechanism. Under the proof of equity mechanism, if anyone holds more money and holds it for a longer time, he will get more "rights" (interests) and have the opportunity to get bookkeeping power, Bookkeeping can also be rewarded. In this way, it is easy to create the oligarchic advantage of "the stronger the stronger"
Another problem is the chaos of ICO. ICO is a common way to raise funds for blockchain projects, which we can understand as pre-sale. The outbreak of ICO projects on Ethereum has caused illegal activities such as fund allocation and money fraud under the banner of ICO, which has caused security risks to social and financial stabilityThank you for your recommendation. Here I would like to share with you the following:
forsage international crowdfunding, the revolutionary smart contract technology of the new generation platform, originated from the development of Russian technical team, provides distributed market participants with the ability to directly engage in personal and commercial transactions. The smart contract of forsage distributed global shared matrix project is open and can always be viewed on the Ethereum blockchain. These are real smart contracts, which will be implemented on the Ethereum public chain forever without any third party tampering. The global shared matrix project is completely decentralized, aiming to preach Ethereum, so that more players can know Ethereum, smart contracts and forsage code btshijie
what is Ethereum
Ethereum is often compared with bitcoin, but the situation is different. Bitcoin is a kind of cryptocurrency and distributed payment network, which allows bitcoin to be transferred between users
the Ethereum project has a bigger goal. As Ethereum said, "Ethereum is a distributed platform running smart contracts.". These smart contracts run on "Ethereum virtual machine", a distributed computing network composed of all devices running Ethernet nodes
"distributed platform" means that anyone can set up and run an Ethereum node just as anyone can run a bitcoin node. Anyone who wants to run "smart contracts" on nodes must pay the operators of these nodes in ether, which is a cryptocurrency related to Ethereum. Therefore, the person running the Ethernet node provides computing power and gets paid in the Ethernet, which is similar to the way that the person running the bitcoin node provides hash power and pays in bitcoin
in other words, although bitcoin is only a blockchain and payment network, Ethereum is a distributed computing network, and its blockchain can be used for many other things. Details are provided in the Ethereum white paper
what is smart contract
smart contracts are applications that run on Ethereum virtual machines. This is a distributed "world computer" with computing power provided by all Ethereum nodes. Any node providing computing power will pay in ether digital currency as a resource
they are named smart contracts because you can write "contracts" that execute automatically when you meet the requirements
for example, imagine building a KickStarter like crowdfunding service on Ethereum. Someone can set up an Ethereum smart contract to pool funds to others. The smart contract can be written as follows: when $100000 of currency is added to the pool, it will be sent to the recipient. Or, if the $100000 threshold is not reached within a month, all currencies will be returned to the original holder of the currency. Of course, this would use ether instead of dollars
all this will be done according to the smart contract code, which can automatically execute the transaction without the need for a trusted third party to hold the currency and sign the transaction. For example, KickStarter charges 5% above the 5% payment processing fee, which means it will charge $8000 to $10000 for a $100000 crowdfunding project. Smart contracts don't have to pay a fee to a third party like KickStarter
smart contracts can be used for many different things. Developers can create smart contracts to provide functions for other smart contracts, similar to the way software libraries work. Alternatively, smart contracts can simply be used as applications to store information on the Ethereum blockchain
in order to really execute the smart contract code, someone has to send enough Ethernet tokens as the transaction fee - how much depends on the required computing resources. This costs the Ethereum nodes to participate and provide computing power. The global shared matrix project, which is completely decentralized, aims to preach Ethereum and let more players know Ethereum, smart contracts and forsage code btshijie
The smart contract has been written for a long time
if they can add changes, the description is centralized
the contract is written into the Ethereum smart contract, which is a contradiction sentence
the financial customer service doesn't understand, which is very unreliable
community sites
a total of 22 weeks, divided into five stages,
the first stage is 4 weeks, go language foundation and network concurrency, learning the introctory go language,
the second stage is 4 weeks, go language practical web development, crawler development, cryptography, consensus algorithm, realizing lightweight public chain, learning the website and crawler that can develop golang, Achieve lightweight blockchain
stage 3, 4-week Ethereum source code analysis and smart contract DAPP development, master Ethereum core and smart contract development, as well as blockchain,
stage 4, 4-week super ledger, bitcoin EOS, source code analysis and smart contract practice, master super ledger development, cat bitcoin, bifurcated EOS after learning, As well as DAPP development of smart contract
phase 5, 6-week project practice, five enterprise level projects, and one year of blockchain project experience after learning
from the characteristics of the language itself, go is a very efficient language, which highly supports concurrency. Go language itself pays more attention to distributed system, and concurrency processing is relatively good, such as advertising and search, That kind of high concurrency server
go language advantages:
excellent performance, can be directly compiled into machine code, does not rely on other libraries, go is extremely fast. Its performance is similar to Java or C + +
concurrency is supported at the language level, which is the biggest feature of go. It is born to support concurrency, and go is the concurrency supported in gene, which can make full use of multi-core and make it easy to use concurrency
the built-in runtime supports garbage collection, which is one of the features of dynamic language. Although GC is not perfect at present, it is enough to cope with most of the situations we can encounter, especially GC after go1.1
it's easy to learn. The authors of go language all have the gene of C, so go naturally has the gene of C. There are 25 go keywords, but the expressive ability is very strong. It almost supports most of the features you've seen in other languages: inheritance, overloading, object, etc
rich standard libraries, go has built a large number of libraries, especially the network library, which is also my favorite part< As like as two peas, br / > built-in powerful tools, Go language is built with many tools chain, the best should be gofmt tools, automatic formatting code, make team review become so simple, code format is exactly the same, it is very difficult to think differently.
cross platform compilation and fast compilation. Compared with the sluggish compilation speed of Java and C + +, the fast compilation time of go is a major efficiency advantage
disadvantages of go language:
package management: package management of go language is absolutely not perfect. By default, it has no way to make a specific version of the dependency library, nor can it create replicable builds. In contrast, python, node and Ruby all have better package management systems. However, with the right tools, the package management of go language can also perform well
lack of development framework: go language does not have a major framework, such as Ruby's rails framework, Python's Django framework or PHP's laravel. This is a heated discussion in the go language community, because many people think that we should not start with using frameworks. This is true in many cases, but if you just want to build a simple crud API, it's much easier to use Django / djrf, rails laravel, or Phoenix
exception handling: go language can help developers deal with compilation errors by simply returning errors (or call stack) through functions and expected calling codes. Although this method is effective, it is easy to lose the scope of the error, so it is difficult to provide meaningful error information to users. Error package can solve this problem by allowing us to add context and stack trace to return error
another problem is that we may forget to handle errors. Static analysis tools such as errcheck and megacheck can avoid these errors. Although these solutions are very effective, they may not be the right way.
what is Ethereum
Ethereum is often compared with bitcoin, but the situation is different. Bitcoin is a kind of cryptocurrency and distributed payment network, which allows bitcoin to be transferred between users
related: what is bitcoin? How does it work
Ethereum has a bigger goal. As Ethereum says, "Ethereum is a distributed platform running smart contracts.". These smart contracts run on "Ethereum virtual machine", a distributed computing network composed of all devices running Ethernet nodes
"distributed platform" means that anyone can set up and run an Ethereum node just as anyone can run a bitcoin node. Anyone who wants to run "smart contracts" on nodes must pay the operators of these nodes in ether, which is a cryptocurrency related to Ethereum. Therefore, the person running the Ethernet node provides computing power and gets paid in the Ethernet, which is similar to the way that the person running the bitcoin node provides hash power and pays in bitcoin
in other words, although bitcoin is only a blockchain and payment network, Ethereum is a distributed computing network, and its blockchain can be used for many other things. Details are provided in the Ethereum white paper
what is ether
Ethernet is a digital token (or cryptocurrency) related to Ethereum blockchain. In other words, Ethereum is the token and Ethereum is the platform. But now people often use these terms alternately. For example, coinbase allows you to buy Ethereum, which stands for Ethereum
this is technically "altcoin", which actually means a non bitcoin cryptocurrency. Like bitcoin, ether is supported by distributed blockchain - in this case, Ethereum blockchain
developers who want to create applications or Ethereum smart contracts on Ethereum blockchain need Ethernet token to pay for nodes to host it, while users of Ethereum based applications may need Ethernet to pay for services in these applications. People can also sell services outside the Ethereum network and accept Ethernet payments, or they can sell Ethernet tokens in cash - just like bitcoin
at present, the vast majority of digital currency transactions are concted in exchanges. Among the numerous exchanges, bitfinex, binance, okex and so on are well-known
However, bitcoin and other digital currencies, as decentralized assets, have to be traded in a centralized exchange, which seems to have hidden contradictions and dangers1. Problems and challenges of stock exchanges=“ //www.yuanxue365.com/en/img_fd039245d688d43fdf16c83b761ed21b0ff43bbf ">
in February 2014, Mt. GOx, the world's largest bitcoin exchange at that time, was stolen 850000 bitcoins, and the price of bitcoin suffered a" cliff "crash on that day. Later, it was revealed that Mt. GOx was in fact a thief, and only 7000 bitcoins were actually stolen
in August 2016, bitfinex, the largest U.S. dollar bitcoin trading platform, suffered a security vulnerability, resulting in the theft of 120000 bitcoins, which was worth $65 million at that time. If converted into the price in December 2017, it would be worth nearly $2 billion
on December 19, 2017, South Korea's youbit exchange was attacked by hackers and lost 4000 bitcoins, and the exchange declared bankruptcy
on December 21, 2017, the Ukrainian liqui exchange was stolen 60000 bitcoins, and the unit price of bitcoin plummeted by US $2000
in 2018, such a drama will only continue
in addition to the threat of hackers, traditional exchanges also have some inherent shortcomings, such as lack of supervision and inefficiency. The security of the exchange for investors can only rely on its own credit, and the cost of running is very low. The stock exchange is regulated at the national level, but there is no such sword of Damocles on the top of the digital currency exchange. Moreover, in an exchange, the same order can only be submitted to one exchange. After the user places an order, the funds used for the transaction will be frozen and can only wait for the completion or cancellation of the transaction. These are undoubtedly inefficient
All in all, the problems of exchanges are the problems of centralization2. Decentralization of exchanges=“ //www.yuanxue365.com/en/img_86d6277f9e2f070889a173c9e224b899a801f257 ">
(1) the progress of the exchange itself
the upgrade of security means is various. At present, the best use is cold wallet, that is, to keep the digital currency in the offline U disk. At the end of 2017, when the YouTube exchange was attacked, 75% of its assets were withdrawn into the cold purse in time to avoid greater losses. However, it seems to be a helpless way to protect the online assets by offline means. Of course, there should be many other methods, which will not be repeated here
(2) the representative of cross ledger transaction is ripple network, and the operating company is ripple labs, which is a semi centralized system. Ripple is a decentralized clearing agreement. In order to solve the high cost and delay of inter-bank clearing, its base currency is XRP. Ripple network can connect all kinds of assets, such as US dollar, RMB, Japanese yen, bitcoin, etc. to its own network. In this system, U.S. dollars or bitcoin can be converted into reborn currency, and then reborn currency can circulate freely in the network, just as a highway is built between various assets. Due to the support of major banking institutions, the reborn currency achieved nearly 300 times growth in 2017
(3) decentralized exchange
some teams try to use blockchain technology to build a decentralized exchange. This kind of decentralized exchange, to some extent, is an extension of cross ledger trading
bitshares is the most representative of early rising projects. It builds a blockchain development platform with servers scattered all over the world. Even if some of them are attacked, the system will not collapse. Anyone can transfer money and borrow money freely on this platform, and can also quickly build a centralized exchange based on this platform. In order to ensure stable value, bitstocks also require three times of digital assets as collateral. At present, bitstocks are running fairly well
later, with the development of Ethereum and smart contract, the x x protocol came into being. This is an open protocol running in the Ethereum blockchain and a decentralized exchange in the Ethereum ecosystem. The agreement has attracted many investors. At present, it has completed financing and started to build open source software tools and infrastructure. Of course, there are many competitors. Ether Delta, IDEX and oasis DEX are trying to provide similar functions. Moreover, it is a smart contract system based on Ethereum, which only supports erc20 token. If other smart contract public chains start to rise, the demand will be reced
in addition, there are some teams that are entering, such as the domestic road seal agreement, looping (LRC) in English. They adopted a design similar to the X protocol, and also introced a fast payment function similar to the lightning network. It is characterized by trying to match multiple exchanges, the user's order can be broadcast to multiple exchanges, and completed by different exchanges. Moreover, the user can still use the account funds after placing an order, and the user's behavior of transferring part or all of the funds is equivalent to partial or total cancellation. To some extent, it improves the breadth and timeliness of the transaction. However, this system seems to have damaged the "power" of the existing exchanges. Whether we can persuade everyone to play together will be a difficult problem
At present, there is still a long way to go for the construction of decentralized exchange. In 3-5 years, traditional exchange will still be the main battlefield of digital currency However, in the future, it is worth looking forward to let the decentralized digital currency get rid of the shackles of centralization