Blockchain Security Introductory Notes (6)

As more and more people participate in the blockchain industry, it injects new vitality into the industry, but also gives attackers more opportunities due to weak relevant knowledge and lack of security awareness. In the face of frequent outbreaks of security incidents, SlowMist launched a series of blockchain security introductory notes to introduce blockchain security-related terms to everyone, so that novices can adapt to the security attack and defense world of blockchain crises more quickly!

Series review:

As more and more people participate in the blockchain industry, it injects new vitality into the industry, but also gives attackers more opportunities due to weak relevant knowledge and lack of security awareness. In the face of frequent outbreaks of security incidents, SlowMist launched a series of blockchain security introductory notes to introduce blockchain security-related terms to everyone, so that novices can adapt to the security attack and defense world of blockchain crises more quickly!

Series review:

Blockchain Security Introductory Notes (1) | SlowMist Science Popularization

Blockchain Security Introductory Notes (4) | SlowMist Science Popularization

Blockchain Security Introductory Notes (5) | SlowMist Science Popularization

Smart Contract (Smart Contract) is not a new concept. It was proposed by Nick Szabo, an interdisciplinary legal scholar as early as 1995: Smart Contract is a set of promises (Promises) defined in digital form, including contract participants. agreement of these commitments. In the field of blockchain, the essence of a smart contract can be said to be a piece of code running in the blockchain network. It realizes the automatic processing of traditional contracts in the form of computer instructions and completes the business logic assigned by users.

Transaction rollback attack (Roll Back Attack), as the name suggests, refers to the ability to roll back the state of the transaction. What exactly does rollback mean? Rollback specifically refers to restoring the state that has occurred to what it was when it did not occur. Then, transaction rollback means to change the transaction that has occurred into a state that has not occurred. That is to say, the attacker has already made the payment action, but through some means, the transfer process makes an error, thereby rolling back the entire transaction process to achieve the purpose of transaction rollback. This attack method is mostly found in smart contracts on the blockchain. In the game, when the users betting action and the contracts drawing action are in one transaction, it is an inline transaction. The attacker can detect certain states of the smart contract when the transaction occurs, obtain the lottery information, and choose whether to roll back the betting transaction according to the lottery information.

Transaction crowding attack (Transaction Congestion Attack) is an attack method against the game contract on EOS that uses defer for lottery. The attacker can use some means to send a large number of defer transactions before the defer lottery transaction of the game contract, maliciously embezzling The CPU resources in the block make the defer lottery transaction that should be executed in the specified block in the smart contract unable to execute due to insufficient resources, and can only be executed in the next block. Since many game smart contracts on EOS use block information as the random number of the smart contract itself, the execution results of the same defer lottery transaction in different blocks are different. In this way, when the attacker knows that he cannot win the lottery, he sends a large number of defer transactions to force the smart contract to re-draw the lottery, so as to achieve the purpose of attack.