Solana 生态安全和审计策略

Background A four-day off-line activity was held in Hong Kong from April to April, with on-site guidance from core engineers and support from mentors from other ecosystem teams. The head of public chain safety of slow fog safety team was invited to give a speech at the event, and explained the ecological safety and security considerations in audit strategy development from three aspects: how to do smart contract security audit, how to generate the algorithm security by the algorithm. It has a certain ability to resist quantum computing quickly and the generated signature is deterministic, which can better resist the signature extension attack. The design concept and files of the account are similar. The account can be used to store data, and it also has strict ownership and access control. By pointing to the file to be read, written or executed, it points to the account to be read, written or run. The difference is that the account needs to pay for the storage space. The account has the following characteristics: the account is the maximum storage of the account used to store data. Storage space is storage space, which needs to pay rent. By default, when creating an account, the executable program stored in the account can be called by users and others. The account is stateless. The maximum storage space is the program account. Because the data account is stateless, it needs to create an account for storing data when storing data, that is, the account can serialize the data in a specific structure and store it in the program instructions. The following figure shows the call schematic diagram of the smart contract and the smart contract of Ethereum. The difference is that a call can be constructed by passing in several key parameters when calling multiple clients. This call is very simple and flexible, but there are also many security risks. The verification of accounts is one of the serious security risks. Smart contracts need to design the relationship of accounts very strictly. We look at the structure below, pointing to the account itself, and we need to verify whether the rent is enough. We need to analyze the specific values according to specific scenarios for verification. Usually, it needs to be verified. Whether the signature account is writable or not, etc. Constraints of the program at runtime. For example, only the owner of the account can change the account that the owner has not allocated, and the balance of the read-only and executable account may not be changed. Only the owner can change the account size and data account, and after the executable attribute is added, it cannot be rolled back. No one can modify the re-entry protection associated with the account. This is another restriction on the call of smart contracts. A well-known re-entry attack occurred in the early stage of construction, which led to the theft of a large number of investors' funds. This lesson has been learned. It is forbidden to re-enter the contract. Account security coding Precautions Check whether the incoming account is the expected account, for example, whether the account verification data writer has the appropriate authorization to verify and authenticate the identity of the caller who initiated the request, and whether the execution environment meets the expected conditions. Check and verify the integrity of the data to confirm that it comes from a trusted source. Check and test for. The adequacy of the rent for storing data is checked and analyzed to ensure that the data format conforms to the expected structure, such as the asset token in the verification specification. Because it is stateless, it can not be realized only in a single account. Simply speaking, issuing a token is to create a new token, which is to create a new token. For example, the basic token information is stored in it, such as the token information held by the user and the authorization information of the account. The following figure shows the token between the accounts. The relationship diagram can create tokens infinitely, and users can also own them infinitely. What they have is also a standard that is used by default at present. Compared with the homogenization token, the main feature is that its representative is unique and inseparable. It is worth mentioning that in the authorization model, only one account is allowed to be authorized at a time, which greatly reduces the risk of token theft compared with the standard. The following are the matters needing attention in programming. Verify that the token is issued by an official project to ensure that it is received. The purpose is to verify the correct token, protect the casting right of the token, and use methods such as multiple signatures to prevent the abuse of the private key, verify the decimal precision of the token to ensure the accurate transaction verification, implement the scope verification to prevent overflow and maintain the accuracy of calculation, and ensure that the issuance authority is irreversibly terminated. According to the statistics of the slow fog blockchain by the black archive, the loss in the ecology has exceeded 100 million US dollars. Next, we will briefly introduce some hacking incidents that have occurred in the past for everyone. Explain how hackers attacked the cross-chain bridge of the application. The main reason for this accident was that an incoming system account was not verified. Hackers used forged accounts to fill accounts with carefully constructed data, which made smart contracts mistakenly issue more tokens to hackers. This incident caused tens of thousands of losses and was attacked by lightning loans. The project was not open source and could only be analyzed from the browser. We can see that hackers borrowed a lot of money from it to manipulate the price of tokens and then earned more than tens of thousands of dollars. It is not that the project will not be attacked by hackers if it is not open source. Experienced and patient attackers can still analyze the possible security loopholes in the agreement, so the development team can't be lucky. We found that a large number of users in the community had their private keys stolen. Strangely, the investigation found that they didn't use the same wallet and their usage habits were different, so the cause of the incident was inconclusive, but we found that some wallets were private because of the use of components. The key was uploaded to the server. The slow fog security team once wrote an analysis of the large-scale theft of coins in the slow fog public chain. Interested friends can click to view the fake recharge attack of tokens. This is a security problem under the chain. The attacker creates a recharge address to transfer tokens to this account and then transfers it to the exchange. When the exchange records on the detected chain, it will mistakenly think that this account has a real recharge, so it will recharge this malicious user, which leads to the attack. How to be smart? Contract security audit security is not only done technically, because the security environment may introduce new variables after time changes, which will make the system fragile. We believe that there are three important factors to be considered in doing a good job of security, such as a security budget, a continuous audit, and a senior manager who is directly responsible for security work. Smart contract security audit is a rigorous process, and many slow fog security teams have opened a smart contract security audit skill tree and smart contract security best practices on the Internet. Welcome interested friends to move to the website to read the conclusion. 比特币今日价格行情网_okx交易所app_永续合约_比特币怎么买卖交易_虚拟币交易所平台

注册有任何问题请添加 微信：MVIP619 拉你进入群

文章转载注明 网址：https://netpsp.com/?id=63203