The author's source is modular smart account, which introduces a new paradigm of smart account, which can achieve scalability and future-oriented needs. However, modular account is more complicated than whole or integrated account, and its security needs more attention, especially when installing third-party modules. Last year, the discussion on the security of modular account has been going on, for example, the debate about deletion. This debate is about the use of diamond agents and smart accounts and related security issues, and in addition, it is about security. There are relatively few debates. The purpose of this blog post is to outline the different methods to protect modular accounts and the potential advantages and disadvantages of each method. Setting the scene Modular accounts have existed for some time. The main example years ago was that different modules were built and used over time, such as the set of modules built. Most of these modules were built by institutions, for example, so the main method is that a single entity builds and uses modules for its own use case. The advantage of this is that besides modules. There is no trust and dependence on external parties except the module auditor selected and signed by the builder. However, in the world, we put forward the idea of customizable wallet, which allows users to easily add and delete functions in their accounts with the support of smart account module. Although this product vision has developed to include the rise of embedded wallet and the potential of using modules to build more powerful and seamless products, there is still a core problem. In order to accelerate the innovation of modular smart accounts, we need a more. An idea of using modules is to separate the role of module builder from that of module user, which may lead us to an existing application or expansion store similar to or on the module store, which means that developers or teams can build one or a group of modules that other developers can use to support their products or users can install directly on their accounts to enable novel wallet functions. Trust dependence is introduced between users and builders of modules, so solving module security is one of the main unlocking points to accelerate the innovation of smart accounts. The key problem is how to reduce trust dependence and allow users or developers to obtain the guarantee of module security before installing or using modules. So far, there are two emerging modular account security methods to prove that the registry and module licensing system need to be further explored, including circuit breakers based on offline monitoring or transaction sharing. An example of the latter is that it provides a way to add a trusted co-signer to your account. Before studying these methods in depth, we will first check what known security problems exist in order to evaluate the advantages of each method. The discussion of security issues around modular account security focuses on ensuring the integrity and allowed operations of the module. Although this may happen before installation and during use, it should be noted that this blog is not built in the way of the account itself. Some potential security problems that may arise are that modules that are allowed to be executed on behalf of the account can be executed arbitrarily in roughly the order of severity. For example, modules that transfer all funds out of the account to perform verification can allow the account to perform any module that performs use calls, which may self-destruct the account. Modules that have storage access rights to the account can take over the account or brick it when using calls. Modules that perform verification can perform verification on the account. A module that launches a denial-of-service attack and hooks other processes can launch a denial-of-service attack on an account. During the uninstallation, the module may recover or cause recovery, which may cause the module to fail to install. During the uninstallation, the module cannot fully clean up its configuration, which may even lead to unexpected behavior and may even lose access to the account when reinstalling. The above are some examples of possible vulnerabilities of the module, but many other vulnerabilities may also occur. An example of such vulnerabilities occurred in the last chapter. Custom called but forgot to initialize it correctly, because of the unfortunate combination of events, attackers can delete the white list of transactions from it, thus effectively refusing to provide services to the safe. Fortunately, we found a clever way to remove it, but this incident almost caused the permanent blockage of the safe. An overview of the two main methods that have been explored so far is to prove the registration center and the module licensing system. Next, we will expand these contents further and weigh their relative advantages, especially with different classes. Advantages related to other vulnerabilities One of the main ways to verify the security of modular accounts in the registry is to use the certificate registry on the chain to allow accounts to obtain security guarantees about the modules to be installed or used. This allows users or application developers to determine their trusted certifiers, such as some auditors, and verify this trust on the chain. Conceptually, this is somewhat similar to verifying the audit reports of the contracts you will interact with and use, but there are two key differences. Non-technical users can use this. Solution verification runs on the chain, which makes it much more difficult to fool people. For example, impersonating an auditor actually proves that the registry is a trusted entity, such as the chain storage of assertions made by the auditor. In order to make such proof, the auditor will compile some data, such as an audit report, and post it on the chain to link it to the proved module. Then when the user or developer wants to install or use the module, the account will query the chain registry and determine whether the trusted entity has been certified. It is clear that the module is safe. In practice, we can customize the data according to our use case smart account module and include more relevant data, such as standardized module list and risk score. Now we have been developing the module registry, which is a license-free registry. We have obtained funding from the Ethereum Foundation and the modular account builder is integrating the registry, including the registry that provides users with security when using third-party modules, and the team has been reviewing with different companies. Generally speaking, the module registry has two functions: firstly, the module will not intentionally use the account, and secondly, it will ensure that the module runs in its proper way and cannot be used to use the account even if it is used in a non-compliant way. Therefore, the module registry can solve all the potential vulnerabilities discussed. Nevertheless, this solution also faces some challenges, including building and maintaining the registry that can be used safely by any account to adjust incentives to fully motivate the prover to ensure that the module can safely choose the appropriate default certificate trusted by the account. 比特币今日价格行情网_okx交易所app_永续合约_比特币怎么买卖交易_虚拟币交易所平台

注册有任何问题请添加 微信：MVIP619 拉你进入群

文章转载注明 网址：https://netpsp.com/?id=55642