当前位置:首页 > 报告详情

周亚金_利用您的法术针对您通过重用操作码跟踪进行智能合约漏洞威胁防范.pdf

上传人: 张** 编号:175549 2024-09-13 34页 1.64MB

1、#BHUSA BlackHatEventsUse Your Spell Against Y ou:A Proactive ThreatPrevention of Smart Contract ExploitYajin ZhouBlockSec&Zhejiang UniversityThis work is a team effort of researchers from Zhejiang University and BlockSec.Hailin Wang,Jianfeng Zhu,Hang Feng,Youwen Hu,Runhuai Li,Sheng Yu,Lei Wu,Yajin Z

2、houAbout MeCo-founder of BlockSec and Professor of Zhejiang UniversityResearch interestsDeFi security,Blockchain system securityPublish:60+papers with 9,000+citationsHack and build systemsRead more:https:/yajin.org#BHUSA BlackHatEventsSecurity Matters in Web3#BHUSA BlackHatEvents0.0020.0040.0060.008

3、0.00100.00120.00140.00160.00180.00200.0001/01/202027/01/202022/02/202019/03/202014/04/202010/05/202005/06/202001/07/202027/07/202022/08/202017/09/202013/10/202008/11/202004/12/202030/12/202025/01/202120/02/202118/03/202113/04/202109/05/202104/06/202130/06/202126/07/202121/08/202116/09/202112/10/2021

4、07/11/202103/12/202129/12/202124/01/202219/02/202217/03/202212/04/202208/05/202203/06/202229/06/202225/07/202220/08/202215/09/202211/10/202206/11/202202/12/202228/12/202223/01/202318/02/202316/03/202311/04/202307/05/202302/06/202328/06/2023TVLLOSSDespite the bull and bear cycles in the crypto market

5、,losses caused by exploits and scams have been growing at a rapid pace.Security Matters in Web3#BHUSA BlackHatEventsDeFi Security Incidents Dashboardhttps:/ Security Incidents are PrevalentEconomical incentiveHackers can get“paid”.Think about a house full of gold but without a good security system L

6、ess security-qualified developersDevelopers are not trained well in security concepts DeFi composability:creates more attack vectors#BHUSA BlackHatEventsWhy Security Incidents are PrevalentOpenness:everyone can see the code on the chain,and everyone can issue an attack tx if a vulnerability existsAn

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文介绍了一种由浙江大学和BlockSec团队共同研发的智能合约攻击预防方法。该方法能在智能合约部署后有效检测并阻止黑客攻击,主要通过以下步骤: 1. **攻击逻辑提取与构建**:自动重构包含攻击逻辑的智能合约,通过分析攻击交易的操作码轨迹来实现。 2. **收入地址识别与替换**:识别并替换攻击中利润流向的地址,使用余额变化表和堆栈操作来实现。 3. **攻击预条件识别**:分析辅助合约和多笔交易,确定攻击的准备和执行阶段。 研究团队开发了一个名为“Phalcon”的商业化系统,该系统已成功阻止了价值超过2000万美元的DeFi攻击,如ParaSpace和Saddle Finance。该方法的有效性在历史攻击数据集上得到了验证,其中87个攻击中有80%能在25毫秒内完成攻击合约的合成。 核心数据: - 成功阻止的攻击数量:超过20起。 - 阻止的攻击涉及的金额:超过2000万美元。 - 攻击合约合成的效率:80%的案例在25毫秒内完成。 通过这些技术手段,文章强调了即使在加密市场波动期间,DeFi安全仍然是迫切需要关注的问题,并提出了一个实用的解决方案。
"如何主动预防智能合约攻击?" 如何识别并替换收益地址?" 如何追踪并阻止攻击者?"
客服
商务合作
小程序
服务号
折叠