Bösartige intelligente Verträge

Home Foren Ledger Wallet Bösartige intelligente Verträge

  • Dieses Thema hat 3 Antworten sowie 1 Teilnehmer und wurde zuletzt vor vor 1 Jahr, 4 Monaten von Jim-Helpert aktualisiert.
Ansicht von 3 Antwort-Themen
  • Autor
    Beiträge
    • 14. Oktober 2023 um 09:08 Uhr #3049652
      root_s2yse8vt
      Administrator
      Up
      0
      Down
      ::

      Uns allen ist klar, dass die Verbindung zu bösartigen intelligenten Verträgen zu einem Diebstahl von Vermögenswerten führen kann. Kann jemand, der technisch versiert ist, die Dinge erklären und Beispiele geben.

      Ich frage mich, ob es bestimmte Arten von Smart Contract Exploits gibt, die Unternehmen wie Ledger blockieren können.

      Oder ist es nicht möglich, weil die Art und Weise, dass Blockchain-Technologien arbeiten.

      Zum Beispiel gibt es für Webanwendungen eine WAF, die bestimmte Angriffe erkennen und blockieren kann.

      Welche Sicherheitsmaßnahmen gibt es in der Blockchain-Technologie, die verhindern können, dass Vermögenswerte gestohlen werden?

    • 14. Oktober 2023 um 09:08 Uhr #3049653
      Zatouroffski
      Gast
      Up
      0
      Down
      ::

      No they can’t block it. If you implement a filter for blacklisting known malicious codes, they can write something else to bypass it. Same as computer viruses, database is always updated but you are never %100 safe.

      Why this happens? In EVM, you are giving smart contracts permissions to withdraw tokens from your wallet.

      ELI5: When you want to swap X BNB to X WBTC on Pancakeswap, first you have to set rule to let Pancakeswap’s swap smart contract withdraw X or unlimited amount of BNB from your wallet.

      Why unlimited? Maybe you don’t want to set an approval every time you make a swap. If you are only going to swap for 1-2 times, just approve X amount so when you finish your trade, your spending allowance will go zero. You can revoke spending allowances later on with [revoke.cash](https://revoke.cash) or bscscan, etherscan, polygonscan vice versa…

      When you set a spending allowance, you let that smart contract access that amount of tokens. If contract goes malicious sometime later because of a hack, it can directly suck out your funds depending on your spending allowance. Imagine you are signing a blank bank check when you approve an unlimited spending allowance.

      Or someone can send you a token with malicious smart contract. When you interact with it (sign a transaction), it can suck your all ETH as GAS fees or do something else that can harm you. Or you can buy a token that cannot be sold. If someone wants to harm you, possibilities are endless. As long as you don’t sign anything related to it, you are good.

    • 14. Oktober 2023 um 09:08 Uhr #3049654
      Ninjanoel
      Gast
      Up
      0
      Down
      ::

      smart contracts enable ‚programmable‘ money. for money to be programmable in any meaningful way they need to be able to manipulate the contents of your wallet. for that purpose, you need to give them permission to move your funds. long story short, it’s functionality baked into the technology, and catching the request to give permission to your funds is the point you need to pay the most attention. when you are on a dodgy site, don’t give it permission, and if you don’t think you on a dodgy site when it starts asking… DOUBLE CHECK that you are not on a dodgy site (i.e. sometimes you do wanna give permission to your funds)

    • 14. Oktober 2023 um 09:08 Uhr #3049655
      Jim-Helpert
      Gast
      Up
      0
      Down
      ::

      Hey, in the context of blockchain technology, the security measures are quite different from traditional web applications. The primary security measure is the use of cryptographic keys (private keys) that are used to sign transactions. These keys are kept secure and are never shared.

      When it comes to smart contracts, they are pieces of code that run on the blockchain and are immutable once deployed. This means that if there’s a bug or a malicious function in the contract, it can’t be changed or stopped by anyone, including Ledger.

      However, Ledger devices do provide an additional layer of security. They store your private keys in a secure element, isolated from the internet, which makes it extremely difficult for anyone to steal your assets.

      Moreover, Ledger devices provide clear signing, which gives you more transparency when you interact through the Ledger ecosystem. This can help you avoid signing malicious transactions.

      It’s also important to note that you should always verify the contract you’re interacting with. Never interact with contracts from untrusted sources and always double-check the contract address.

      For more information on how to protect yourself from malicious smart contracts, you can refer to these articles:

      1. [https://www.ledger.com/academy/topics/security/stronga-comprehensive-guide-to-ethereum-exploits-and-security-best-practicesstrong](https://www.ledger.com/academy/topics/security/stronga-comprehensive-guide-to-ethereum-exploits-and-security-best-practicesstrong)

      2. [https://www.ledger.com/academy/how-crypto-gets-stolen-and-how-to-avoid-it](https://www.ledger.com/academy/how-crypto-gets-stolen-and-how-to-avoid-it)

      Remember, the best defense against scams and malicious contracts is staying informed and exercising caution

  • Autor
    Beiträge
Ansicht von 3 Antwort-Themen
  • Du musst angemeldet sein, um auf dieses Thema antworten zu können.