2018年漫谈以太坊公链安全.pdf

《2018年漫谈以太坊公链安全.pdf》由会员分享，可在线阅读，更多相关《2018年漫谈以太坊公链安全.pdf（33页珍藏版）》请在三个皮匠报告上搜索。

1、漫谈以太坊公链安全About Me罗元琮(Edward)Director of Vulnerability Research at PeckShieldHas extensive experiences in OS kernel layer with deep knowledge in advanced vulnerability discovery and exploitationBefore joining PeckShield,I worked for Qihoo 360 as the team lead of C0RE Team,which was recognized by Goog

2、le as the top research team in 2017.I am now focusing on the security of blockchain infrastructureSubmitted several vulnerabilities to the Ethereum FoundationETHEREUM IN 20171,090 Dapps&700+Tokens100,000 New Users Per DayDaily Trading 1,000,000MARKET CAP IN 20181,845 CryptocurrenciesMarket Cap 200 B

3、illionGlobal GDP Rank:50thBlockchain Status QuoMt.Gox Hacks with Followed BankruptcyPoloniex Hacks with 12.3%BTC LostBitstamp Hacks with 19,000 BTC StolenCryptsy Hacks with 13,000 BTC and 300,000 LTC StolenBitfinex Hacks with 120,000 BTC Stolen of 75Million DollarsBithumb Hacks with 1 Billion Korean

4、 Yuan Loss and 30 Thousand User Info.LeakedNicehash Hacks with 4700 BTC Missing with 62 Million DollarsCoincheck Hacks with 530 Million Dollars StolenBitGrail Hacks with Stolen Nano Tokens of 170 Million DollarsMyetherwallet Suffer from DNS HijackingBEC,SMT Smart Contracts BugsEDU,BAIC Smart Contrac

5、ts Bugs2014/022014/032015/012016/012016/082017/062017/122018/012018/022018/042018/042018/052018/06Bithumb Hacks with$31 Million Dollars StolenSecurity IncidentsBlockchain EcosystemInfrastructureSmart ContractCryptocurrency ExchangeDAppsDigital WalletMining PoolBlockchain EcosystemInfrastructureSmart

6、 ContractCryptocurrency ExchangeDAppsDigital WalletMining PoolSecurity of Smart ContractsDisclosed by PeckShieldcodenameCVE-IDbatchOverflowCVE-2018-10299proxyOverflowCVE-2018-10376transferFlawCVE-2018-10468ownerAnyoneCVE-2018-10705multiOverflowCVE-2018-10706burnOverflowCVE-2018-11239ceoAnyoneCVE-201