How to ensure the reliability of Ethereum smart contract

1.

There is an essential difference between Ethereum and bitcoin. What is the difference? Bitcoin defines a set of currency system, while Ethereum focuses on building a main chain (which can be understood as a road) to allow a large number of blockchain applications to run on this road

from this point of view, Ethereum's application scenarios are more extensive, which is why we say that Ethereum marks a simple monetary system in the era of blockchain

1.0, and a transformation to other instries and application scenarios in the era of blockchain 2.0

however, there is no perfect thing in the world. Although Ethereum has expanded the application scope of blockchain in all walks of life and improved the speed of transaction processing, it also has some disputes and doubts

first, the solution to the lack of scalability of Ethereum: slicing technology and lightning network

the bottom design of Ethereum, the biggest problem is that Ethereum has only one chain and no side chain, which means that all programs have to run on this chain equally, consuming resources and causing system congestion. Just like last year's very popular Ethereum game "encryption cat", when this game was very popular, it once caused Ethereum network paralysis

to improve the processing capacity, Ethereum proposes two ways: shard and lightning network. Let's introce these two technologies respectively

(1) fragmentation technology

vitalik buterin, founder of Ethereum, believes that the reason why mainstream blockchain networks such as bitcoin process transactions very slowly is that every miner has to process every transaction in the whole network, which is actually very inefficient. The idea of fragmentation technology is: a transaction does not need to be processed by all nodes in the whole network, as long as some nodes (miners) in the network are allowed to process it. Therefore, Ethereum network is divided into many pieces. At the same time, each piece can handle different transactions. In this way, the network performance will be greatly improved

however, the slicing technology is also controversial. As we all know, the important idea of blockchain technology is decentralization. Only when the whole network witnesses (processes) the same transaction can it have the highest authority. The Ethereum slicing technology is similar to the group witness, not all nodes witness together. In this way, it will lose the absolute "decentralization" attribute, and can only achieve the purpose of high performance by sacrificing certain characteristics of decentralization

(2) lightning network

lightning network uses the way of transaction under the chain. What does that mean? It means: when the participants of lightning network transfer money to each other, they do not need to confirm the transaction through the main chain of Ethereum, but create a payment channel between the participants and complete it under the chain

however, lightning network is not separated from the main chain. Before establishing a payment channel, you need to use the assets on the main chain as collateral to generate a balance proof, which indicates that you can transfer the corresponding balance. In the case that both parties of the transaction hold the balance certificate, both parties can make unlimited number of transfers under the chain through the payment channel

only when the off chain transaction is completed and the assets need to be transferred back to the chain, the balance change information of the main chain account will be registered on the Ethereum main chain, and no matter how many transactions occur ring this period, there will be no record on the main chain

another real benefit of lightning network is that it can save the cost of miners for you. At present, when we trade on the main chain of Ethereum, we need to consume gas and pay for miners. Once we move the transaction to the lower chain, we can save this part of the cost

Of course, lightning network is not perfect. When using the lightning network, the assets on the main chain should be used as collateral; And this part of assets as collateral can not be used before the user completes the transaction under the chain. This also determines that lightning trading is only suitable for small transactions

the above is the problem of insufficient scalability of Ethereum, as well as the two main solutions: fragmentation technology and lightning network

Second, there are loopholes in Ethereum's smart contract and the infamous Dao event

Ethereum's smart contract is very powerful, but there are loopholes in any code. The biggest controversy of Ethereum's smart contract lies in the so-called loopholes, that is, security issues. According to relevant research, 34200 (about 3%) of the nearly 1 million smart contracts based on Ethereum contain security vulnerabilities, which will allow hackers to steal eth, freeze assets or delete contracts, such as the infamous Dao incident

(1) what does Dao mean

before introcing the Dao event, let's first introce what Dao is. Dao is the abbreviation of decentralized

autonomous organization, which can be understood as decentralized autonomous organization. From the perspective of Ethereum, Dao is a kind of contract or a combination of contracts on the blockchain, which is used to replace the government's review and complex intermediate proceres, so as to achieve an efficient and decentralized trust system. Therefore, Dao is not a specific organization, that is to say, there can be many Dao, all kinds of Dao

(2) the infamous Dao event

however, when we talk about Dao now, we basically refer to the Dao event, that is, the infamous hacker attack event we just mentioned. As we know, the English word "the" refers to "the Dao event". The Dao event

refers to "the Dao event", because we just said that Dao is not a specific organization, there can be many Dao, all kinds of Dao

in 2016, slock.it, a German company focusing on "smart locks", launched the Dao project on Ethereum in order to realize decentralized physical exchange (such as apartments and ships). Since April 30, 2016, the financing window has been open for 28 days

unexpectedly, this Dao project is very popular. It raised more than US $100 million in just half a month. By the end of the whole financing period, it raised a total of US $150 million. Therefore, it has become the largest crowdfunding project in history. However, it didn't last long. In June, hackers took advantage of the loopholes in the smart contract to successfully transfer more than 3.6 million Ethernet coins and put them into a Dao sub organization, which has the same structure as the Dao. At that time, the price of Ethernet currency fell directly from more than $20 to less than $13

this event shows that there are loopholes in smart contracts, and once the loopholes are exploited by hackers, the consequences will be very serious. This is why many people criticize Ethereum and say that its smart contract is not smart

to solve this problem, many foreign companies begin to provide code audit services in order to solve the vulnerability problem of smart contract. From a technical point of view, some teams are currently testing smart contracts. Most of these teams are led by professors from Harvard, Stanford and Yale, and some of them have obtained investment from leading institutions

in addition to the problems of insufficient expansibility and loopholes in smart contracts, the controversy over Ethereum lies in the POS consensus mechanism it pursues, that is, the proof of equity mechanism. Under the proof of equity mechanism, if anyone holds more money and holds it for a longer time, he will get more "rights" (interests) and have the opportunity to get bookkeeping power, Bookkeeping can also be rewarded. In this way, it is easy to create the oligarchic advantage of "the stronger the stronger"

Another problem is the chaos of ICO. ICO is a common way to raise funds for blockchain projects, which we can understand as pre-sale. The outbreak of ICO projects on Ethereum has caused illegal activities such as fund allocation and money fraud under the banner of ICO, which has caused security risks to social and financial stability

2. Smart contract & quot The term "smart contract" can be traced back to at least 1995 and was proposed by the prolific interdisciplinary legal scholar Nick Szabo. He mentioned the concept of smart contract in several articles published on his website. His definition is as follows:
& quot; A smart contract is a set of promises defined in digital form, including the agreements on which the contract participants can execute these promises& quot;
let's explore the meaning of his definition in more detail
commitment
a set of commitments refers to the (often mutual) rights and obligations agreed by contract participants. These commitments define the nature and purpose of the contract. Take a sales contract as a typical example. The seller promises to deliver the goods and the buyer promises to pay a reasonable price
digital form
digital form means that contracts have to be written into computer-readable code. This is necessary, because as long as the participants reach an agreement, the rights and obligations of smart contract establishment are executed by a computer or computer network
to further explain:
(1) when will the parties to the smart contract reach an agreement? The answer depends on the specific smart contract implementation. Generally speaking, the contract is discovered when the parties are committed to the execution of the contract by installing the contract on the contract host platform< (2) contract execution
& quot; Execute & quot; And the real meaning of it also depends on implementation. Generally speaking, implementation means active implementation through technical means
(3) computer readable code
in addition, the contract needs specific & quot; Digital form & quot; Very much depends on the agreement that the parties agree to use
protocol
protocol is technical implementation, on this basis, the contract commitment is realized, or the contract commitment is recorded. Which agreement to choose depends on many factors, the most important of which is the nature of the assets being traded ring the performance of the contract
take the sales contract as an example. Suppose that the participants agree to pay in bitcoin. The chosen protocol will obviously be bitcoin protocol, on which the smart contract will be implemented. Therefore, the contract must use & quot; Digital form & quot; It's bitcoin scripting language. Bitcoin scripting language is a non Turing complete, imperative, stack based programming language, similar to forth.

3.

The smart contract has been written for a long time

if they can add changes, the description is centralized

the contract is written into the Ethereum smart contract, which is a contradiction sentence

the financial customer service doesn't understand, which is very unreliable

community sites

4.

One of the characteristics of blockchain projects (especially public chains) is open source. Through open source code, to improve the credibility of the project, so that more people can participate. But the open source code also makes it easier for attackers to attack blockchain system. In the past two years, there have been a number of hacker attacks. Recently, the anonymous currency verge (xvg) was attacked again. The attacker locked a vulnerability in the xvg code, which allowed malicious miners to add false timestamps on the block, and then quickly dig out new blocks. In a few hours, the attacker obtained nearly $1.75 million worth of digital currency. Although the subsequent attack was successfully stopped, no one can guarantee whether the attacker will attack again in the future

of course, blockchain developers can also take some measures

one is to use professional code audit services,

the other is to understand the security coding specifications and take preventive measures

the security of cryptographic algorithm

with the development of quantum computer, it will bring a major security threat to the current cryptosystem. Blockchain mainly relies on elliptic curve public key encryption algorithm to generate digital signature for secure transactions. Currently, the most commonly used ECDSA, RSA, DSA, etc. can not withstand quantum attacks in theory, and there will be greater risks. More and more researchers begin to pay attention to cryptographic algorithms that can resist quantum attacks

of course, in addition to changing the algorithm, there is another way to improve the security:

refer to bitcoin's treatment of public key address to rece the potential risk of public key disclosure. As users, especially bitcoin users, the balance after each transaction is stored in a new address to ensure that the public key of the address where bitcoin funds are stored is not leaked

security of consensus mechanism

the current consensus mechanisms include proof of work (POW), proof of stake (POS), delegated proof of stake (dpos), practical Byzantine fault tolerance (pbft), etc

POW faces 51% attack. Because POW depends on computing power, when the attacker has the advantage of computing power, the probability of finding a new block will be greater than that of other nodes. At this time, the attacker has the ability to cancel the existing transaction. It should be noted that even in this case, the attacker can only modify his own transaction, but not the transaction of other users (the attacker does not have the private key of other users)

in POS, attackers can attack successfully only when they hold more than 51% token, which is more difficult than 51% computing power in pow

in pbft, when the malicious nodes are less than 1 / 3 of the total nodes, the system is secure. Generally speaking, any consensus mechanism has its own conditions. As an attacker, we also need to consider that once the attack is successful, the value of the system will return to zero. At this time, the attacker does not get any other valuable return except destruction

for the designers of blockchain projects, they should understand the advantages and disadvantages of each consensus mechanism, so as to select an appropriate consensus mechanism or design a new consensus mechanism according to the needs of the scene

security of smart contract

smart contract has the advantages of low operation cost and low risk of human intervention, but if there are problems in the design of smart contract, it may bring greater losses. In June 2016, the Dao, the most popular funding project of Ethereum, was attacked. The hacker obtained more than 3.5 million Ethereum coins, which later led to the bifurcation of Ethereum into Eth and etc

there are two aspects of the proposed measures:

one is to audit the security of smart contract, and the other is to follow the principle of smart contract security development

the security development principles of smart contract are: to be prepared for possible errors, to ensure that the code can correctly handle the bugs and vulnerabilities; Release smart contracts carefully, do well in function test and security test, and fully consider the boundary; Keep smart contracts simple; Pay attention to the threat intelligence of blockchain and check and update in time; Be clear about the characteristics of blockchain, such as calling external contracts carefully

security of digital wallet

there are three main security risks in digital wallet: first, design defects. At the end of 2014, a user lost hundreds of digital assets e to a serious random number problem (repeated r value). Second, the digital wallet contains malicious code. Third, the loss of assets caused by the loss or damage of computers and mobile phones

there are four main countermeasures:

one is to ensure the randomness of the private key

The second is to check the hash value before installing the software to ensure that the digital wallet software has not been tampered with

The third is to use cold wallet

The fourth is to back up the private key

5. Because blockchain technology has natural advantages in realizing smart contracts. Bitcoin, Ruitai, Laite, Ethereum and other digital cryptocurrencies all use blockchain technology. Blockchain is an important concept of bitcoin. In essence, it is a decentralized database and the underlying technology of bitcoin. Blockchain is a chain of uses

6. Ethereum is not a scam, but there are countless scams designed by criminals around Ethereum. The best way to avoid Ethereum scams is not to trust the guaranteed return on investment and manage your own money bag. Choose a formal digital currency exchange to invest. At present, the mainstream digital currency transactions in the market are all coin security, fire coin network, bitnet, etc.

7. At present, there are many digital currency wallets, some of which have good personal experience

light wallets are good for imtoken, geekwallet, kcash, Cobo, etc.

Hardware wallets are good for ledger, trezor, etc., which involve large amount of digital currency or hold for a long time. Generally, hardware wallets are recommended

big body introces these personal good light wallets

1. Imtoken:

is a mobile light wallet app, which supports Eth and Ethereum erc2.0 standard tokens (such as EOS, DGD, SNT, qtum)

advantages: as Ethereum series light wallet, mtoken supports all the tokens of Ethereum erc2.0 standard, can control the miner's fee of each coin, can set the collection amount, and has convenient transaction record query, refreshing interface and easy operation, so it is suitable for ICO investors who need to receive a variety of erc2.0 standard tokens and trade infrequently

disadvantages: 1. The "discovery" mole of the wallet is not intuitive enough. 2. The tokens that can only be stored on the Ethereum platform, such as BTC and Neo, can't be stored. At the same time, the bifurcations of bitcoin can't be stored

2. Geek wallet

geek wallet is a simple and convenient light wallet, which supports the storage and management of mainstream digital currency assets such as bitcoin (BTC), lightcoin (LTC), Ethereum (ETH), EOS, usdt, etc. Using bip44 mnemonics, local private key, off-line signature and other security mechanisms, as well as mobile phone and computer al backup strategy, completely solve the loss of digital currency assets caused by hacker attacks, virus infection, mobile phone loss, forgetting mnemonics and other ways, and provide users with online Multi Chain digital assets one-stop management service. The platform also has tiaoshao market, which can carry out token trading of physical assets on the chain

advantages: it has high security factor, adopts local private key security mechanism, as well as mobile phone and computer al backup strategy, supports the current mainstream currency, and has a jump market on the platform, which can carry out token trading of physical assets on the chain

disadvantages: usdt transaction must use 0.0001 BTC as transaction handling fee, does not support some small currencies, page optimization is good, but the function is relatively few

3. Kcash

kcash is also a light wallet. At present, it supports BTC, ETH, LTC, etc, act and digital currency based on Ethereum and achain smart contract platform. Kcash has cross chain and cross contract technology, and the supported currencies are still increasing

advantages: as a Multi Chain Wallet, kcash supports multiple types of digital currencies and is very friendly to users who invest in multiple series of digital currencies. In addition, kcash also has the function of sending red packets, and in the future, it will launch currency transaction, bank card connection and other functions

deficiency: too many features lead to poor usability. In addition, there are some compatibility problems with Android versions. Some Android models will flash back when opening apps< Cobo

4. Cobo

Cobo is a professional digital asset management wallet, which can help you store your assets safely. The unique POS gain can help you increase the value of your assets. It supports more than 20 kinds of digital assets including eth, EOS and TRX, as well as more than 500 kinds of tokens

advantages: Cobo security is in the lead in the same level, using multiple security verification, hot and cold separation storage, HSM multi signature, Cobo provides you with stable income through intelligent voting, dpos vote pool, POS mining digital asset gain matrix

disadvantages: poor page optimization, complex functions, a little difficult to get started, and there is also a flash back problem of Android version

5. Ledger

Hardware wallet, which supports eth, BTC, zcash and other mainstream currencies, uses encryption chip technology to build security solutions for users, and is used to protect users' digital assets and block chain application security. This is a hardware bitcoin wallet specially designed for consumers. It provides enterprise level security hardware moles and hardware procts supporting the Internet of things

6, ledger

Hardware wallet, support eth, BTC, zcash and other mainstream currencies; Using encryption chip technology to build security solutions for users to protect users' digital assets and block chain application security. This is a hardware bitcoin wallet specially designed for consumers. It provides enterprise level security hardware moles and hardware procts supporting the Internet of things.

8. Not necessarily, but Ethereum has no upper limit, which is really good

9. Smart contract is a kind of computer protocol, which aims to accelerate, verify and enforce the negotiation or performance of contract in digital way. Smart contracts allow transactions to be executed reliably without a third party. These transactions are traceable and irreversible. The smart contract on Ethereum blockchain represents that the blockchain technology adopts Turing's complete transformation system. It is proved that the financial contract can be encoded by computer language and executed automatically and explicitly without the need for middleman to provide the credit endorsement required by most traditional finance.