Global security issues in DeFi are common. Does the Immunefi Wealthy Hunter Hunter Platform solve it?

百家号 view 30737 2022-1-3 11:13
share to
Scan QR code with WeChat

DeFi世界的安全问题频发,黑客赏金猎人平台Immunefi能够解决吗?

Three years ago, the total value of cryptocurrencies closed on DeFi was only $ 800 million. In February 2021, the figure exceeded US $ 40 billion, while in April 2021 it exceeded US $ 80 billion, and now it exceeds US $ 246 billion. This new version captures the rapid growth in the value of the investment. From a hacker perspective, attacking the challenge ecosystem is the best and fastest way to get rich and it's clear that it's become a fun place for hackers and scammers. . CipherTrace noted in its latest "Crypto Asset Crime and Anti-Money Laundering Report" that by the end of July, DeFi-related hacks had cost users $ 361 million. What are their main characteristics? And how should we react?

How is DeFi protocol stolen?

RE-ENTRY ATTACK

The Dforce hacking incident of April 19, 2020 is a prime example.

First, in the challenge protocol, the smart contract has the following 4 removal steps:

1. The user calls up the contract and plans to withdraw all funds from the contract.

2. The contract recognizes that the consumer has money in the contract.

3. The contract sends money to the user in the contract to the user.

4. The contract itself is changed and the user has no money in the contract.

Easy re-entry can allow the thief to recall ("re-enter") the contract before it is completed. In the example above, the attacker can reenter the contract between levels 3 and 4 and close it before the user's balance can be adjusted. By repeating this process, you can withdraw all the existing money from the contract, and by paying off, you can steal $ 25 million.

FLASH LOAN ATTACK

In recent years, love at first sight has become the most popular medium. Lightning loans are loans that can only be used in a blockchain industry and without the risk of default. This means that the borrower agrees to give you the loan even if the loan is returned to the lender on time. Otherwise, the lender can reimburse the entire transaction. Hackers ignore loans that have various vulnerabilities, such as the management of house prices.

Lightning takes advantage of the security of a special platform for smart contracts, in which loan sharks carry large sums of money that often don't demand accountability. They then check the value of crypto assets on one exchange and quickly sell them to another.

Weaknesses in smart contracts

Coding errors are caused by mistakes while checking contract security or not recognizing smart contract and defect. Unfortunately, the developers of many blockchain projects decided to run the project with inadequate metrics and ignore the implications of security oversight.

Oracle Price Manipulation Machine: Oracle Design Agent

The success of smart contracts depends on the data provided by valuable oracles. However, getting this data rate is not as safe and reliable as people would like. If the oracle provides incorrect data, the smart contract will result in inaccuracy. This fact is useful for hackers who want to better control the price.Manipulating the data center where oracles rely on short-term manipulation to achieve the chain error value is a classic oracle attack. Its purpose is to control the oracles to create differences between internal and external rates and to use new financial instruments such as: Lightning Loans for Arbitrage. .

The Defi bug bounty platform was born out of the history of time

Existing website and application bug platforms such as HackerOne and BugCrowd have been supplemented in this older model. However, there is a big difference between the old 'Web 2.0' bug bounty and the new 'Web 3.0' bug related to blockchain and cryptocurrency. In the age of decentralized finance (DeFi), the key to Web 3.0's bad bounties is not software vulnerabilities, but real value.

What is prevention?

Immunefi was established in December 2020 to provide successful cockroach safety contracts. Most importantly, they are guaranteed to be the best cockroaches in the world! To achieve this goal, we provide free consulting, bug detection, project management and most importantly an army of hackers for your blockchain operations. Immunefi wants to connect the DeFi protocol with hackers to protect the platform and the users.

What is the cost of a bug?

The Bug Bounty Program rewards scientists who find it potentially potentially disruptive in smart contracts and applications. The results also encourage white hat hackers to spot vulnerabilities and report them to the project, and the project pays them based on the size of the vulnerability.

The traditional premium dilemma

1. Financial support

Pirates all over the world are divided into white hats and the pirates are still around, but most of the people work in the gray area. For example, a hacker who sees a downside that could quickly make $ 5 million will face moral problems in the face of big profits of their own. He did the right thing and negotiated with the bike platform for the $ 5,000 bug. Or do you make the virus yourself? Without a similar and honest white hat, the temptation to the dark side of human nature is still there.

2. Report

Defi projects are generally not responsible for maintaining the premium. So when the white hat tries to show the gap, they try to find the decision maker. Additionally, when the CTO receives dangerous warnings from the outside that the law is not in place, their ego wins easily and hunters are unhappy. While the entire virus detection process has been reported to the company representative through the appropriate channels, there can be no assurance that the company will be paid. The finance company won't agree with the improvement team on the cost of the cockroaches, and the whole process could end up stalled.

Immunepi Bounty Program

The Immunefi platform works / communicates and communicates on behalf of the white hat and the team, which makes it more efficient and saves time for both parties.

The Immunefi platform has yielded great benefits, and Astroport customers have donated up to $ 3 million. Other significant benefits include up to $ 200,000 for Celer, up to $ 2 million for xDAI and $ 1.25 million for Sushi.

Immunefi now has $ 71 million in earnings and wants to turn hobby hunting into a career. To date, the platform has disbursed more than $ 10 million and avoided a loss of $ 20 billion in revenue to its customers.

How to start a financial program?

Consumers will receive a questionnaire after completing the Immunepy Bug Bounty app.

In response to these questions, Immunefi began to develop a set of services and models sent to clients for review, and upon completion the program was referred to Immunefi specialists. The Project Specialist works with the team to determine the starting point for financial reporting, advertising / marketing terms of income, expenses and payments. .

There is no upfront charge for posting Immunefi bugs. When a hacker finds a real breach, consumers only pay a 10% Immunefi transaction fee as a financial bug.

Due to the rapid development of challenge fields, most of the platform and users lost due to future security issues. This will explain why Immunefi, one of DeFi's bug fixing and security services, can capture the price so quickly. Join Blueprint Forest, Framework Ventures, Bitscale Capital, P2P Capital, IDEO Colab, The LAO, BR Capital, 3rd Prime Ventures, North Island Ventures and other venture capital firms.

In an interview with TechCrunch, Amador added, “The point is, Web 3 is a more controversial environment. This means that every part of the bug fixing process is different from before, by default. send and execute files for file processing. true.Always Web 2 for use and paid chat.Bounty is a virus repair tool and Web 3 Bug Bounty is more important than emergency for DeFi operations.

defi ecological's shield is constantly rich and strong, is always hanging on the top field, and defi strike will still stop from hacking and will continue.

take place

1.https://cointelegraph.com/news/how-do-defi-protocols-get-hacked

2.https://blog.csdn.net/weixin_54594070/article/details/120087900 ib

3.https://cloud.tencent.com/developer/article/1851776

4.https://immunefi.com/

5.https://www.admantium.co/how-to-prevent-your-defi-project-from-hacking/

6.https://defilama.com/

7.https://academy.moralis.io/blog/what-is-immunefi

btcfans公众号

Scan QR code with WeChat

Disclaimer:

Tags: 黑客 DeFi
Previous: Is the meta-world a hoax or the future of humanity? Next: How to solve the "free ride" problem in DAO management

Related