Blockchain Security Introductory Notes (4)

Multi-sig (Multi-sig) refers to operations that require multiple signatures (these signatures are generated by different private keys). This can be used to provide additional security, as even the loss of a single private key will not allow an attacker to gain access to the account, multiple trusted parties must approve the update at the same time, otherwise it will not work.

first level title

Vector76 Attack is also known as one-time confirmation attack, that is, the transaction can still be rolled back after being confirmed once. It is a combination of Finney Attack and Race Attack.

The attacker creates two nodes, node A connects to the merchant node, and node B connects to other nodes in the blockchain network. Then, the attacker uses the same token to initiate two transactions, one transaction is sent to the merchant address, we call it transaction 1; one transaction is sent to his own wallet address, we call it transaction 2. Like the Race Attack mentioned above, the attacker added a higher miners fee to transaction 2 to increase the miners packaging probability. At this time, the attacker did not broadcast these two transactions to the network.

Then, the attacker starts mining on the branch where transaction 1 is located, which we name as branch 1. After the attacker dug up the block, he did not broadcast it, but did two things at the same time: send transaction 1 on node A, and send transaction 2 on node B.

Since node A is only connected to the merchant node, when the merchant node wants to pass transaction 1 to other peer nodes, node B, which is connected to more nodes, has broadcast transaction 2 to most nodes in the network. Therefore, in terms of probability, transaction 2 is more likely to be considered valid by the network, and transaction 1 is considered invalid.

After transaction 2 is considered valid, the attacker immediately broadcasts the block he dug on branch 1 to the network. At this time, the merchant who accepts payment after one confirmation will confirm that the transaction is successful, and then the attacker can immediately cash out and transfer assets.

secondary title

At present, most of the attack methods of public chain security incidents are 51% attacks. As of the date of publication, the losses caused by the attackers mastering a large amount of computing power to launch 51% attacks totaled 19,820,000 US dollars. On January 6, 2019, the slow fog area issued an early warning51% attack on the ETC networkfirst level title

The more famous hard fork event in history is The DAO event. As a well-known project on Ethereum, funds were transferred by hackers due to a loophole in the smart contract. Hackers stole ETH worth about 60 million US dollars at the time, making this project suffered huge losses. In order to make up for this loss, in July 2016, the Ethereum team modified the Ethereum contract code to implement a hard fork, and forcibly transferred all funds of The DAO and its sub-DAOs to a specific refund contract at the 1920000th block address, and then take back the coins on the DAO contract controlled by the hacker. However, this modification was rejected by some miners, thus forming two chains, one is the original chain (Ethereum Classic, ETC), and the other is the new forked chain (ETH), each of which represents the consensus and values ​​of different communities.