区块链审计

智能合约审计

Smart Contract Autdit

溢出审计

Overflow audit

上溢,下溢

Integer Overflow and Underflow

时间戳依赖

Timestamp Dependence

重放攻击

Replay Attacks

拒绝服务审计

DOS

通过区块gas limit,unexpected revert等产生的dos攻击
DOS with (unexpected) revert, Dos with Gas Limit, etc

用户信息泄露

Information Leakage

私钥泄露,硬编码等

leak of private key, hardcoded secrecy

权限审计

Improper Access Control

权限滥用,水平,垂直越权等

insuffcient authentication,vertical privilege escalation,horizontal privilege escalation,etc

假充值漏洞

Fake Deposit

逻辑漏洞

Short Address Attack

短地址攻击审计

Logical Vulns

竞态条件审计

Race Condition

重入,交易顺序依赖,跨函数竞争,竞态条件解决方案缺陷等
Reentrancy, Cross-Fuction Race Conditions, Pitfalls in Race Condition Solutions, Transaction-Ordering Dependence

EVM

EVM

内存泄露,拒绝服务,多合同和多事务攻击审计(complex multi-contract and multi-transaction attacks) Memory Leak, Dos, complex multi-contract and multi-transaction attacks

设计缺陷

Flaws In Design

不安全的随机函数, 不安全的哈希算法, 编译器版本, 不合适的Fall back函数调用, 不安全的call, transfer, send等底层函数调用, 外部调用失败检测, 使用tx.origin做认证 Insecure Randomness, insecure hash algorithms, insecure solidity version,improper using of fallback function,improper using of send transfer call function, lacking handle of external call errors, using tx.origin for authorization

针对区块链的审计

Blockchain Audit

双花攻击

Double-Spending

竞争攻击, Finney攻击, 51%攻击, Vector76攻击, Alternative History 攻击

Race Condition attack,Finney Attack, Vector76 Attack, Alternative History Attack, 51% Attack

钱包安全

Wallet Security

签名缺陷, 地址生成算法缺陷, 碰撞攻击, Preimage攻击, 不安全的私钥生成机制

Vuneralble signature, Lack of control in address creation,Collison & Pre-Image Attack, Flawed key generation

网络攻击

Network Security

交易延展性攻击, 时间劫持攻击, 分区· 路由 延迟攻击, 女巫攻击, 日蚀攻击, 针对pow的blance 攻击, 退款攻击, 各种分叉攻击

DDoS Attack, Transaction Malleability Attack, Timejacking Attack, Partition Routing Attack, Delay Routing Attack, Sybil Attack, Eclipse Attack, Refund Attack, Balance Attack, Punitive and Feather forking Attack

合作伙伴

Partner