Ethereum audit

1.

There is an essential difference between Ethereum and bitcoin. What is the difference? Bitcoin defines a set of currency system, while Ethereum focuses on building a main chain (which can be understood as a road) to allow a large number of blockchain applications to run on this road

from this point of view, Ethereum's application scenarios are more extensive, which is why we say that Ethereum marks a simple monetary system in the era of blockchain

1.0, and a transformation to other instries and application scenarios in the era of blockchain 2.0

however, there is no perfect thing in the world. Although Ethereum has expanded the application scope of blockchain in all walks of life and improved the speed of transaction processing, it also has some disputes and doubts

first, the solution to the lack of scalability of Ethereum: slicing technology and lightning network

the bottom design of Ethereum, the biggest problem is that Ethereum has only one chain and no side chain, which means that all programs have to run on this chain equally, consuming resources and causing system congestion. Just like last year's very popular Ethereum game "encryption cat", when this game was very popular, it once caused Ethereum network paralysis

to improve the processing capacity, Ethereum proposes two ways: shard and lightning network. Let's introce these two technologies respectively

(1) fragmentation technology

vitalik buterin, founder of Ethereum, believes that the reason why mainstream blockchain networks such as bitcoin process transactions very slowly is that every miner has to process every transaction in the whole network, which is actually very inefficient. The idea of fragmentation technology is: a transaction does not need to be processed by all nodes in the whole network, as long as some nodes (miners) in the network are allowed to process it. Therefore, Ethereum network is divided into many pieces. At the same time, each piece can handle different transactions. In this way, the network performance will be greatly improved

however, the slicing technology is also controversial. As we all know, the important idea of blockchain technology is decentralization. Only when the whole network witnesses (processes) the same transaction can it have the highest authority. The Ethereum slicing technology is similar to the group witness, not all nodes witness together. In this way, it will lose the absolute "decentralization" attribute, and can only achieve the purpose of high performance by sacrificing certain characteristics of decentralization

(2) lightning network

lightning network uses the way of transaction under the chain. What does that mean? It means: when the participants of lightning network transfer money to each other, they do not need to confirm the transaction through the main chain of Ethereum, but create a payment channel between the participants and complete it under the chain

however, lightning network is not separated from the main chain. Before establishing a payment channel, you need to use the assets on the main chain as collateral to generate a balance proof, which indicates that you can transfer the corresponding balance. In the case that both parties of the transaction hold the balance certificate, both parties can make unlimited number of transfers under the chain through the payment channel

only when the off chain transaction is completed and the assets need to be transferred back to the chain, the balance change information of the main chain account will be registered on the Ethereum main chain, and no matter how many transactions occur ring this period, there will be no record on the main chain

another real benefit of lightning network is that it can save the cost of miners for you. At present, when we trade on the main chain of Ethereum, we need to consume gas and pay for miners. Once we move the transaction to the lower chain, we can save this part of the cost

Of course, lightning network is not perfect. When using the lightning network, the assets on the main chain should be used as collateral; And this part of assets as collateral can not be used before the user completes the transaction under the chain. This also determines that lightning trading is only suitable for small transactions

the above is the problem of insufficient scalability of Ethereum, as well as the two main solutions: fragmentation technology and lightning network

Second, there are loopholes in Ethereum's smart contract and the infamous Dao event

Ethereum's smart contract is very powerful, but there are loopholes in any code. The biggest controversy of Ethereum's smart contract lies in the so-called loopholes, that is, security issues. According to relevant research, 34200 (about 3%) of the nearly 1 million smart contracts based on Ethereum contain security vulnerabilities, which will allow hackers to steal eth, freeze assets or delete contracts, such as the infamous Dao incident

(1) what does Dao mean

before introcing the Dao event, let's first introce what Dao is. Dao is the abbreviation of decentralized

autonomous organization, which can be understood as decentralized autonomous organization. From the perspective of Ethereum, Dao is a kind of contract or a combination of contracts on the blockchain, which is used to replace the government's review and complex intermediate proceres, so as to achieve an efficient and decentralized trust system. Therefore, Dao is not a specific organization, that is to say, there can be many Dao, all kinds of Dao

(2) the infamous Dao event

however, when we talk about Dao now, we basically refer to the Dao event, that is, the infamous hacker attack event we just mentioned. As we know, the English word "the" refers to "the Dao event". The Dao event

refers to "the Dao event", because we just said that Dao is not a specific organization, there can be many Dao, all kinds of Dao

in 2016, slock.it, a German company focusing on "smart locks", launched the Dao project on Ethereum in order to realize decentralized physical exchange (such as apartments and ships). Since April 30, 2016, the financing window has been open for 28 days

unexpectedly, this Dao project is very popular. It raised more than US $100 million in just half a month. By the end of the whole financing period, it raised a total of US $150 million. Therefore, it has become the largest crowdfunding project in history. However, it didn't last long. In June, hackers took advantage of the loopholes in the smart contract to successfully transfer more than 3.6 million Ethernet coins and put them into a Dao sub organization, which has the same structure as the Dao. At that time, the price of Ethernet currency fell directly from more than $20 to less than $13

this event shows that there are loopholes in smart contracts, and once the loopholes are exploited by hackers, the consequences will be very serious. This is why many people criticize Ethereum and say that its smart contract is not smart

to solve this problem, many foreign companies begin to provide code audit services in order to solve the vulnerability problem of smart contract. From a technical point of view, some teams are currently testing smart contracts. Most of these teams are led by professors from Harvard, Stanford and Yale, and some of them have obtained investment from leading institutions

in addition to the problems of insufficient expansibility and loopholes in smart contracts, the controversy over Ethereum lies in the POS consensus mechanism it pursues, that is, the proof of equity mechanism. Under the proof of equity mechanism, if anyone holds more money and holds it for a longer time, he will get more "rights" (interests) and have the opportunity to get bookkeeping power, Bookkeeping can also be rewarded. In this way, it is easy to create the oligarchic advantage of "the stronger the stronger"

Another problem is the chaos of ICO. ICO is a common way to raise funds for blockchain projects, which we can understand as pre-sale. The outbreak of ICO projects on Ethereum has caused illegal activities such as fund allocation and money fraud under the banner of ICO, which has caused security risks to social and financial stability

2. At the top of Ethereum is DAPP. It exchanges with the smart contract layer through Web3. JS. All smart contracts run on EVM (Ethereum virtual machine) and use RPC calls. Below EVM and RPC are the four core contents of Ethereum, including: blockchain, consensus algorithm, mining and network layer. Except DAPP, all other parts are in the Ethereum client. The most popular Ethereum client is geth (go Ethereum)

3.

Anti counterfeiting, such as frog coin and Weilian the source and process of frozen food monitoring of final procts such as imported milk powder and luxury goods: red wine, bags and refrigerators, because it is impossible to cheat by writing into the blockchain Back modification is being implemented or has been implemented (only the chain's partners are very strong)

smart contract or intellectual property rights, such as publishing a song. In the blockchain, you own the song, use the smart contract to sell and protect the property rights, such as Neo and Ethereum. Game development or program development: for example, cryptokitties are free to breed and trade different kinds of cats without age or rarity (the closer the age is, the more expensive it is)

the evolutionary version of ICO IPO raised $40 billion in 2017, which is the securities of any company or indivial to support its development of e-money Platform (polymeth)

free trade of game items under development

4. Blockchain is a shared distributed database technology. Although the wording of a sentence about blockchain in different reports is different, the following four technical features are consensus
1. Decentralized: the left side of Figure 1 describes the centralized characteristics of today's financial system, and the right side describes the emerging decentralized financial system, which has no intermediary, and the rights and obligations of all nodes are equal. Any node that stops working will not affect the overall operation of the system
2. Trustworthiness: all nodes in the system can trade without trust, because the operation of the database and the whole system is open and transparent, and nodes cannot cheat each other within the rules and time range of the system
3. Collective maintenance: the system is maintained by all the nodes with maintenance function, and all the people in the system participate in the maintenance work together
4. Reliable database: every node in the system has the latest complete database , so it is invalid to modify the database of a single node, because the system will automatically compare and think that the same data record that appears most times is true
the blockchains of bitcoin, Ethereum and decent all have these characteristics.

5. Many people are optimistic about the decentralized exchange. The private key is in their own hands and they enjoy complete control over the user's assets. However, e to the congestion of Ethereum's public chain, the trading experience of the decentralized exchange on Ethereum is not very good and slow. At present, the most promising is the X protocol, but if the problem of Ethereum is not solved, its application problems can not be started at all
in comparison, the decentralized exchange based on EOS is much better, because its TPS is fast enough to handle the decentralized application at the present stage, and its speed is much better than that on Ethereum. Whaleex, in particular, is very smooth in use, with fast transactions. It is not inferior to those centralized exchanges. Among all decentralized exchanges, whaleex is excellent
therefore, I think the decentralized exchange on EOS may break out faster than that on Ethereum, especially the whale exchange, which will be a dark horse. The smart contract of their home is also the only one that has passed the slow fog security audit. The security is particularly high and the use is assured.

6. Plan is to study the code carefully

7. Smart contract audit is the process of carefully studying the code. (130) in this case, it refers to discovering errors (7296), vulnerabilities and risks before deploying the solidness contract into the Ethereum main network (1890) and using it; Because once released, the code can no longer be modified. This definition is for discussion purposes only
structure of smart contract audit report
Disclaimer: Here you will say that audit is not a legally binding document, it does not guarantee anything. This is just a discussion document
audit overview and excellent features: quickly view the smart contracts to be audited and find good practices
moderate loopholes found in contracts: those that may damage contracts but do limited harm. For example, a mistake that allows people to modify random variables
low severity vulnerabilities: these problems do not really damage the contract, and may already exist in the deployed version of the contract
line by line comment: in this section, you will analyze the most important lines that have potential for improvement
audit summary: your views on the contract and the final conclusion about the audit.