Jan 01, 1970
Mutengesi Anorasikirwa nemadhora 26M mu ezETH Tokens: Media Inopomera Mushandisi, Hacker Anodaidza ERC-20 Makanganiso by@dexaran
Nhoroondo itsva
Mutengesi Anorasikirwa nemadhora 26M mu ezETH Tokens: Media Inopomera Mushandisi, Hacker Anodaidza ERC-20 Makanganiso
Kurebesa; Kuverenga
Kukanganisa kweERC-20 kwakadhura vashandisi $115M nekuda kwekutadza kubata kukanganisa. Dexaran inoratidza njodzi, zvinonetsa vaongorori uye Ethereum kuita, uye vanotsigira ERC-223 semhinduro yakachengeteka.Ini ndinonzi Dexaran. Ini ndiri hacker, ndakagadzira uye ndikaita imwe yekurwisa kukuru kwekubvumirana muindasitiri . Muna 2019 ini DDOS'ed EOS network mainnet uye ndakaiomesa kwemwedzi nekushandisa chikanganiso mumuenzaniso wayo wekubvumirana. EOS yaive yakaiswa pamusoro7 panguva iyoyo. ( EOSGO mushumo , mushumo wenharaunda )
Ini ndiri muvambi weimwe yeEthereum Classic core development timu . ( Chinyorwa cheCointelegraph )
Ini ndakagadzira iyo Amendment kuNakamoto kubvumirana , seti yemitemo inogadzirisa 51% kurwiswa iyo yaive denda reindasitiri yemaketani ePOW.
Chinyorwa chemupepeti: Nyaya iyi inomiririra maonero emunyori wenyaya. Munyori haana hukama nevashandi veHackerNoon uye vakanyora nyaya iyi vari voga. Chikwata chevapepeti veHackerNoon chakango simbisa nyaya yacho kuti ichokwadi uye haitsigire/kushora chero zvichemo zvirimo. #DYOR
Tsaona
Mushandisi akarasikirwa ne $26,000,000 anokosha ezETH tokens nekuvatumira kune smart-contract. Pane zvinyorwa zvakawanda uye tambo dzepa twitter dzinoti iyi yaive mhosho yemushandisi, semuenzaniso iyi naCoinTelegraph .
Izvi hazvina kururama. Kukanganisa kwakafanana nemushandisi hakuzokonzeri kurasikirwa kweEth, NFT kana ERC-223 chiratidzo . Kuendesa kune ekunze kero uye kuendeswa kune akangwara-zvibvumirano zvinoshanda zvakasiyana.
Kana mushandisi akatumira tokeni kukero isiriyo (iyo isiri smart-kondirakiti) kana kero isiri yemunhu chero upi zvake - kungave kukanganisa kwemushandisi.
Muchiitiko ichi zvakadaro, mushandisi akaisa ma tokens kune smart-contract. Smart-zvibvumirano zvinofanirwa kudzivirira kukanganisa uku, uye ivo vanogona kuita izvo - semuenzaniso kana mushandisi aizoisa Ether (kana chero imwe mari yemuno), NFTs (ERC-721) kana ERC-223 tokens kune smart-contract iyo yakanga isina kugadzirwa kuti ivagamuchire - ipapo zviratidzo zvaisazorasika. Paizove nekukanganisa kwekutengeserana uye kutamisa ma tokens kwaisazoitika.
Kukanganisa kubata ndeimwe yemisimboti yakakosha yekuchengetedza software. Kugadzira software nenzira yekuti hazvizogone kubata nemazvo kukanganisa kwekukumbira kwakafanana nekushaikwa onlyOwner modifier yebasa rekutonga - iro ringava dambudziko rekuchengetedza.
Iri idambudziko reERC-20 standard - yakagadzirwa nenzira inoita kuti kukanganisa kubata kusagoneke. Uye iyi idambudziko rekuchengetedza. ERC-20 chiyero haina kuchengeteka . Muna 2023, mugadziri weERC-20 standard pachake akasimbisa kuti iyi inyaya yekuchengetedza yechiyero .
Ndakazvitaura muna 2017 pano nepano . Zvakare, ini ndakagadzira iyo ERC-223 chiyero kuti igadzirise dambudziko iri chairo muna 2017, heino yekutanga EIP-223 tambo painosimbiswa kuti chiyero ichi chinodzivirira kurasikirwa nemari.
Zviri nyore kwazvo kumakambani ekuchengetedza uye vanogadzira kupa mhosva vashandisi nekukanganisa. Nekudaro, imhosva yemugadziri kuti vakavaka maapplication avo vachishandisa iyo isina kuchengetedzwa mwero iyo inotadza kubata nezvikanganiso zvevashandisi izvo zvakakonzera kukuvara kwakashata.
Nhoroondo
Ndakaratidza kuti izvi zvinogona kukonzera kukanganisa kwemari kune vashandisi panguva yakataura izvi kuEthereum Foundation. Hapana chavakaita. Kwemakore manomwe.
- Paive nemadhora gumi nematanhatu akarasika nekuda kwenyaya iyi muna 2017.
- Paive ne $2,000,000 yakarasika muna 2018
- $60,000,000 muna 2023
- Musi waNovember 1, 2024 pakanga paine zviuru makumi mapfumbamwe zvemadhora (tisingasanganisi iyo 25M yakarasika muchibvumirano che ezETH)
- Iye zvino kune $115,000,000
Chikwata changu chakagadzira script inoverenga huwandu hweakarasika tokeni:
https://dexaran.github.io/erc20-losses
- Muna 2017 mumwe mushandisi akarasikirwa ne130K.
- Muna 2020 mushandisi akarasikirwa nehupenyu hwake hwekuchengetedza.
- Muna 2023 mushandisi akarasikirwa nemadhora mazana maviri nemakumi mana emadhora mune imwe kutengeserana.
- Ipapo Poloniex hacker yakarasika $2.5M.
Ndakakumbira kurega kusimudzira ERC-20 chiyero nekuda kweiyi nyaya yekuchengetedza mu2017, pakanga pasina mhinduro https://github.com/ethereum/ethereum-org/issues/755 .
Ndakawedzera nyaya iyi kuEthereumCatHerders, avo varume vanotarisira EIPs muEthereum.
Muna 2023 vakapindura kuti "hatina chekuita nekuburitswa pachena, isu hatina maitiro eizvozvo".
Kujekeswa: EIPs uye ERCs zvikumbiro izvo chero munhu anogona kuendesa kuEthereum. Vanogona kuve zviyero kana zvigadziriso izvo devs inoshanda kune iyo Ethereum inoshanda. Iwo mameseji mafaera mune yavo github repo.
Mamiriro ezvinhu: havana hurongwa hwekutarisana nekuchengetedzwa kwekuchengetedzwa muEIPs 10 makore mushure mekutangwa kweEthereum project.
Ini ndanga ndichikurudzira nzira yekugadzirisa mashandiro anoita EIPs kuti abvumire kuburitswa pachena: https://ethereum-magicians.org/t/modification-of-eip-process-to-account-for-security-treatments/16265
Ini ndafunga kuwedzera yambiro paERC-20 uye kunyora nyaya yacho muEIPs. Heino kufona kwavo, kwavakafunga kuti ini ndinofanira kuenda kunogadzira imwe EIP yeruzivo yaizoburitsa njodzi muEIP-20: https://github.com/ethcatherders/EIPIP/issues/257#issuecomment-1693372317
Ndakadaro. Vakaramba kuburitsa kwangu EIP mushure meizvozvo.
Ndakauya nechikumbiro chekumutsidzira pfungwa yangu yekutanga yandakatsanangura paEthereumMagicians forum iyo yaizobvumira kuchengetedzwa kwekuchengetedzwa mu "Security considerations" chikamu cheEIPs mu2024 zvakare.
Heino hurukuro yangu nevapepeti veEIP: https://www.youtube.com/watch?v=PKkJNqcozhw&t=744s
Semhedzisiro vapepeti veEIP vakandiudza kuti vari kuzovhota pane izvo: https://github.com/ethcatherders/EIPIP/issues/349
Pfungwa yangu yakavhoterwa. Hapasati pasati pave nehurongwa hwekutarisana nekuburitswa kwekuchengetedza muEIPs. Dambudziko reERC-20 harina kugadziriswa. Izvo hazvina kana kutaurwa kana kunyorwa sedambudziko saka vanozviita vanoramba vachizvigadzira kakawanda.
Unfair auditors
Ini pachangu ndakashuma nyaya iyi kuOpenZeppelin, ndichikumbira kugadzirisa katatu.
Muna 2018 https://github.com/OpenZeppelin/openzeppelin-contracts/issues/729
Muna 2023 https://github.com/OpenZeppelin/openzeppelin-contracts/issues/4451
Mushure mekunge varamba maviri apfuura, ndakafunga kuzvitaura nenzira yaizoratidza kuoma kwenyaya, saka ndakaiendesa kune yavo bug bounty nekuti inokwana mu "critical security vulnerability" maitiro zvichienderana nemitemo yavo https:/ /github.com/OpenZeppelin/openzeppelin-contracts/issues/4474#issuecomment-1646901022
OpenZeppelin yakairamba ne "kuburitswa pachena kwehurombo husina kurongeka" (izvo zvinosimbisa kuti iri idambudziko rekuchengetedza zvirinani).
Mazuva mashoma apfuura paDevcon7, mubvunzo wakabvunzwa kumurume mumwechete kubva kuOpenZeppelin akavhara nyaya pane yavo github nezve dambudziko iroro: https://www.youtube.com/watch?app=desktop&v=DKJYpdXsOwQ&start=406
6 makore mushure mekunge yataurwa uye mushure mekunge yakonzera kurasikirwa kwe $ 115,000,000 kune vashandisi vavo.
Mhinduro yavo haisi yechokwadi. Pane kuti vave nenyaya yakavhurika, vakavhara 3 nyaya dzandakavhura uye vakaramba chero mazano andakaita.
Mhedziso
Ethereum Foundation iri kuongorora chero kuedza kuratidza dambudziko, izvo zvakaita kuti vashandisi ve ecosystem varasikirwe nemadhora zviuru zana nemakumi mashanu neshanu. Dambudziko harina kuziviswa, kuburitsa pachena hakuna kubatwa nemazvo, vashandi vanoramba vachizviburitsa mumakondirakiti matsva.
Ndinofunga ivo vanofunga kuti zvingave zvakanyanya kukuvadza kuti zita ravo riburitse pachena.
Vaongorori vakaita seOpenZeppelin havasi kuburitsawo nyaya yacho, pamwe nekuti vane gakava rezvido sezvo vakatoisa zita rekuti “Chengetedzwa” pamazana emakondirakiti eERC-20 avakaongorora.
Devs vari kuti "Tiri kungoshandisa chiyero sezvazviri."
Iyo chiyero inotongwa neEIP maitiro, iyo EIP maitiro haina kuvakwa kuitira kubata nekuchengetedza kuburitswa.
EIP maitiro anofanira kuchinjwa. ERC-20 nyaya inofanirwa kuburitswa uye kunyorwa zvakanaka. Sezvineiwo, mwero mutsva unofanirwa kuitwa. Kuisa seti ye "bandaids" paERC-20 kuderedza kukuvadzwa kuri nani pane kusaita chinhu, asi hazvigadzirise nyaya sese.
Wese munhu anoti "dambudziko rinogona kugadziriswa padanho rewallet" harina hunyanzvi hwekuchengetedza. Pane musimboti wekuchengetedza nedhizaini muchengetedzo yesoftware zvinoreva kuti haugone kuvaka chidimbu chesoftware isina kuchengeteka, taurira munhu wese mashandisiro ayo kuitira kuti irege kukanganisa vashandisi vako uye kunyepedzera kuti haizokonzerese kukuvadza. Kwete muindasitiri yemari. Iyo nzira inogona kushanda muwebhu dhizaini, semuenzaniso, uko mutengo wekukanganisa uri munhu asingakwanise kurodha font yakakodzera kune yavo peji rewebhu. Muindasitiri yezvemari izvi zvinoita kuti mamiriyoni emadhora arasikirwe.
Hazvibviri zvachose kuvimbisa kuti vese vanogadzira chikwama mune ramangwana rebudiriro yemunhu vaizogara vachiita nemazvo zvigadziriso zvese zvinodiwa.
L O A D I N G
. . . comments & more!
. . . comments & more!
