MLSNews

《未闻》区块链技术日报,聚焦业内技术更新,做您最好的眼睛。

View project on GitHub

​MLSNEWS

——————◆ 20190521 ◆——————

  • Solidity 安全:已知攻击方法和常见防御模式

    Part-1:可重入漏洞、算法上下溢出

    Part-2:不期而至的 Ether、Delegatecall

    Part-3:默认可见性、随机数误区

    Part-4:外部合约引用、短地址攻击

    Part-5:未检查的 Call 返回值,条件竞争

    Part-6:拒绝服务、时间戳攻击

    Part-7:构造函数失控、未初始化的存储指针

    Part-8:浮点和精度、Tx.Origin 用作身份验证

  • VDF FAQ Part-1:概述、用途和方案(VDF FAQ pt. 1 or Making an Open Source Chip)

    该项目的目的是创建一个关于可验证延迟功能的强大知识源,以便为可自由访问的研究社区提供支持,以便为VDF开源硬件的潜在开发。

    VDF研究为加密社区提供了一个提倡硬件设计的开放性,公平性和教育性的绝佳机会,因为这是第一次主要的区块链平台率先为此创建和提供ASIC硬件。一般公众而非私人营利性采矿。

    The purpose of this project is to create a robust source of knowledge on Verifiable Delay Functions in order to bootstrap a freely accessible research community for the potential development of open source hardware for VDFs.

    VDF research provides the crypto community with an excellent opportunity to advocate for openness, fairness, and education in hardware design, given that this is the first time a major blockchain platform has spearheaded an effort to create and provide ASIC hardware for the general public and not for private for-profit mining.

  • 削弱区块链最有效的方式——气馁攻击 (Discouragement Attacks - Part 1

    “Discouragement Attacks”的概念最初是由 Vitalik 提出,他认为是削弱区块链的一种特别有效的方法,也是最难防御的攻击类型之一。它们包括攻击者在共识机制内不诚实地行事,以试图劝阻其他验证者参与。

    从本质上讲,攻击者可能会选择在短期内赔钱,如果他们认为他们可以阻止其他验证人参与,最终迫使其中一些人退出。攻击者可能会这样做有两个原因:

    1. 从长远来看,他们可以赚更多的钱——如果共识机制的设计方式使得验证者退出会增加剩余验证者的收入——换句话说,如果它包含一个滑动的激励结构——那么越多验证者退出,攻击者赚的钱就越多。
    2. 他们正准备进行51%攻击——随着越来越多的验证者退出,留下的可以抵御攻击者的诚实验证者就越少。这降低了51%攻击的成本。

    来自 hackingresearch 的 Barnabé Monnot 等人对这种攻击类型做了进一步探讨。

    Discouragement attacks are a particularly effective way of bringing down blockchains and are one of the hardest types of attacks to defend against. They consist of an attacker acting dishonestly inside a consensus mechanism in order to try to discourage other validators from participating.

    Essentially, an attacker may choose to lose money in the short term, if they believe they can discourage other validators from participating, eventually forcing some of them to drop out. There are two reasons why an attacker might do this:

    • (1) They will make more money in the long term – If the consensus mechanism is designed in such a way that validators dropping out increases revenue to the remaining ones – in other words if it contains a sliding incentive structure – then the more validators drop out, the more money the attacker stands to make.
    • (2) They are preparing for a 51% attack – as more validators drop out, there are fewer honest validators left to ward off the attacker. This lowers the cost of a 51% attack.
  • 对话 Nervos:加密经济系统就像国家财政,它才是公链战争的胜负手

    公链的竞争是惨烈的,这个战场里的玩家要想生存下来,既要有绝活,还得没短板。技术,社区,讲故事,甚至“市值管理”,这些是明面上大家都能看到的。

    但是有一个关键板块被严重低估了,那就是加密经济系统设计,国外社区称之为Token economy 或者Cryto Economy 。同真实世界的经济学一样,它关注的也是经济体系如何运转,当然,前提是在加密世界中。

    经济系统的设计是一个听起来离普通人很遥远的主题,虽然我们每天都生活在其中,但是却难窥其全貌。往大了讲,国家甚至世界的财政系统是一个例子,往小了看,游戏里的经济设计也随处可见。

    —————《未闻》(MLSNews)—————

    未来实验室新闻工作室