...e?learning?experience?for?the?Ethereum?community?and?wish?you?all?the?best?of?luck.Yours?truly,"The?Attacker"=====?END?SIGNED?MESSAGE?=====Message?Hash?(Keccak):?0xaf9e302a664122389d17ee0fa4394d0c24c33236143c1f26faed97ebbd017d0eSignature:?0x5f91152a2382b4acfdbfe8ad3c6c8cde45f73f6147d39b072c81637fe81006061603908f692dc15a1b6ead217785cf5e07fb496708d129645f3370a28922136a32以太坊尚未解决的弊...
知识:以太坊,以太币,分叉,智能合约
...切从未发生。 自那时以来,ETH和ETC经受了大量的垃圾交易攻击(spam attacks)和流量攻击(DDOS attacks)。为了彻底解决这类问题,ETC决定进行硬分叉。但与ETH改变区块链历史的分叉不同,ETC本次分叉的目的仅仅是修复一些技术漏洞。 虽然ETC的硬分叉是出于修复技术问题的目的,但仍存在不小的...
知识:ETC硬分叉,DAO攻击
...可以多方对一笔付款一起达成共识,才能支付成功。 双花攻击 Double Spend Attack 双花攻击(Double Spend Attack)即一笔钱花了两次,双重支付,利用货币的数字特性两次或多次使用“同一笔钱”完成支付。双花不会产生新的 Token,但能把自己花出去的钱重新拿回来。简单说就是,攻击者将一笔 Token 转到另外...
知识:分叉,区块链,算力
...the defender. Castles are far easier to destroy than build, islands are defendable but can still be attacked, but an average person’s ECC keys are secure enough to resist even state-level actors. Cypherpunk philosophy is fundamentally about leveraging this precious asymmetry to create a world that better preserves the autonomy of the individual, and cryptoeconomics is to some extent an extension...
知识:PoS,PoW,以太坊2.0
... on staked voting. Consensus upgraded to PoW + Finality which will eliminate the possibility of 51% attacks.[Proteus]网络升级— 完善线上 DAO 治理功能;— 提升零知识证明相关操作的效率;增加由事件驱动合约代码的执行模式;增加安全性更高的新编程模式。NETWORK UPGRADE— Onchain DAO governance for Conflux.— Improve efficiency of ZKP-related o...
知识:钱包,以太坊地址,链上,合约
...网,供黑客破解以换取漏洞赏金。The Ethereum foundation has released two Ethereum 2.0 attack networks for hackers to crack in exchange for vulnerability rewards.以太坊基金会发布两个ETH 2.0攻击网供黑客攻击新闻。Ethereum foundation releases two eth 2.0 attack networks for hackers to attack.以太坊基金会已经基于现有的稳定客户端发布了针对以太...
知识:以太坊,以太坊基金会,太坊,出块时间
...到了官方披露了一些细节,基本验证了我们的推测。https://blog.iota.org/trinity-attack-incident-part-1-summary-and-next-steps-8c7ccc4d81e8重点关注下这段:The attacker started on November 27 th, 2019 with a DNS-interception Proof of Concept that used a Cloudflare API key to rewrite the api.moonpay.io endpoints, capturing all data going to api.moonpay.io for potential anal...
知识:钱包,链上,公链,加密货币
...到了官方披露了一些细节,基本验证了我们的推测。https://blog.iota.org/trinity-attack-incident-part-1-summary-and-next-steps-8c7ccc4d81e8重点关注下这段:The attacker started on November 27th, 2019 with a DNS-interception Proof of Concept that used a Cloudflare API key to rewrite the api.moonpay.io endpoints, capturing all data going to api.moonpay.io for potential analy...
知识:钱包,公链,加密货币,链上
...到了官方披露了一些细节,基本验证了我们的推测。https://blog.iota.org/trinity-attack-incident-part-1-summary-and-next-steps-8c7ccc4d81e8重点关注下这段:The attacker started on November 27 th, 2019 with a DNS-interception Proof of Concept that used a Cloudflare API key to rewrite the api.moonpay.io endpoints, capturing all data going to api.moonpay.io for potential anal...
知识:钱包,IOTA,安全,慢雾
...of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while th...
知识:区块,算力,双重支付,链上
...手们更快适应区块链危机四伏的安全攻防世界。 hard_fail 状态攻击 hard_fail Attack hard_fail 是什么呢?简单来说就是出现错误但是没有使用错误处理器(error handler)处理错误,比方说使用 onerror 捕获处理,如果说没有 onerror 捕获,就会 hard_fail。EOS 上的交易状态记录分为 executed, soft_fail, hard_fail, delayed 和 exp...
知识:合约,区块链,以太坊
...经变成了 6 ether。攻击者 (0xAb8483F64d9C6d1EcF9b849Ae677dD3315835cb2) 调用攻击合约的 attack 函数模拟攻击,之后调用被攻击合约的 wallet 函数去查看合约的余额,发现已经归零,此时回到攻击合约查看余额,发现被攻击合约中的 6 ether 已经全部提款到了攻击者合约中,这就造成了重入攻击。源码分析上面讲解了如...
知识:合约,以太币,智能合约,代币
...编写的攻击合约中的攻击手法是否与我们的漏洞分析相同:攻击合约contract Attack { EtherStore public etherStore;constructor(address _etherStoreAddress) { etherStore = EtherStore(_etherStoreAddress); }// Fallback is called when EtherStore sends Ether to this contract. fallback() external payable { if (address(etherStore).balance >= 1 ether) { etherStore.withdraw(); } }fu...
知识:智能合约
...到社会和技术攻击。社会攻击包括共谋攻击和女巫攻击。共谋攻击(collusion attacks)是指相当大比例的某种类型的成员串通一气,专门指导 DAO 的活动。女巫攻击(Sybil attacks)是人们创建多个身份以破坏声誉规则并利用系统的地方。贿赂和中心化也被视为对 DAO 的威胁,这可能是机制设计(信息和激励)...
知识:以太坊,Vitalik Buterin,治理,观点,DAO,
...到社会和技术攻击。社会攻击包括共谋攻击和女巫攻击。共谋攻击(collusion attacks)是指相当大比例的某种类型的成员串通一气,专门指导DAO的活动。女巫攻击(Sybil attacks)是人们创建多个身份以破坏声誉规则并利用系统的地方。贿赂和中心化也被视为对DAO的威胁,这可能是机制设计(信息和激励)的...
知识:DAO