Fundamentals of Smart Contract Security 세미나 1. 1장 Introduction, 2장 The State of Blockchain Security
이 세미나는 블록체인레벨업 페이스북 그룹에서 진행하는 온라인 세미나입니다. 대상은 마스터링 이더리움, 이더리움 댑 개발 세미나에 참석한 멤버를 대상으로 합니다. Fundamentals of Smart Contract Security를 주교재로 해서 매주 1장에서 2장 분량을 가이드 글에 따라 읽고, 해당 내용을 기반으로 스마트 컨트랙트 보안에 대해 의견을 나눕니다.
Fundamentals of Smart Contract Security는 내용 상으로 볼 때 높이 평가할 만하지는 않지만, 스마트 컨트랙트 보안이란 주제를 한 권의 책으로 묶어놔서 보안이란 주제를 전체적으로 한 번 정리해 볼 수 있다는 점에서 선정했습니다.
Chapter 1. Introduction
빠르게 전체 내용을 읽습니다.
아래 내용은 다시 한 번 주의 깊게 읽어봅니다.
Smart contract security exists precisely to ensure that smart contracts are written in a way that matches expectations, through what are known as smart contract audits. A smart contract audit is a thorough inspection of an individual smart contract or smart contract project to help ensure that the code cannot misbehave in any way or be misused by an attacker. This means not only looking for common computer science vulnerabilities such as integer overflow and memory mismanagement, but also more involved vulnerabilities often encountered in systems programming, such as race conditions. In addition to software vulnerabilities, smart contract audits must also investigate game theoretical security, avoiding misalignment of incentives which could allow an actor to gain an unfair economic advantage even though they’re technically following contract logic.
Chapter 2. The State of Blockchain Security
2.1 Blockchain Fundamentals
블록체인에 대한 기본적인 사항들을 설명합니다. 복습차원에서 스킵하면서 빠르게 읽습니다.
2.2 Blockchain Environment Security Layers
아래 내용을 먼저 주의깊게 꼼꼼하게 읽어보고, 전체 내용을 빠르게 읽습니다.
Blockchains have several security layers by design, employing cryptographic primitives and economic models to achieve this security. Smart contracts are secured by the virtual machine, and in some cases, the semantics of the language they are written in (though they also need to be designed and written in a secure manner). Despite these security mechanisms, exploits still exist on all layers: the blockchain mechanics, the virtual machine, and the high-level language for writing smart contracts.
Despite the high level of security provided by the aforementioned cryptographic primitives, the blockchain is not perfect and may be hacked by other means. For instance, as the exact state of a smart contract is hard to predict, timestamps may be modified, and smart contracts relying on randomness may expose a vulnerability to miners, who could be in a position of exploiting the randomization process.