5. Ethereum
5
Wiki :
“以太坊是一個開源的有智慧型合約功能的公共區塊鏈平台。”
“ It provides a decentralized Turing-complete virtual
machine, the Ethereum Virtual Machine (EVM), which can
execute scripts using an international network of public
nodes. “
13. Smart Contract on Ethereum
• 認識名詞
• Gas : 每個動作都需要耗費燃料的單位
• Gas Price : 每個gas要的ether
• Gas Limit : 執行所有動作的gas消耗上限
• Contract : Deploy在以太坊上的動作集合
13
https://www.cryptocompare.com/coins/guides/what-is-the-gas-in-ethereum/
14. From Smart Contract to
Decentralized application (DApp)
• Normal application
= Frontend + Backend
• Decentralized application
= Frontend + BlockChain
• DApp on Ethereum
= Frontend + Smart Contracts
14https://ethereum.stackexchange.com/questions/383/what-is-a-dapp
15. DApp - ICO
• Initial Coin Offerings
• ICO on Ethereum: Publish your own token (for specific purpose)
• Change ether into token
• Rather than create your own BlockChain
• Only thing you need to do is write a contract on the Ethereum
15
去中心化超級電腦去中心化市場預測平台
https://www.bnext.com.tw/article/44959/what-is-ethereum-and-how-ico-become-the-reason-that-ether-exceeds-bitcoin
$5.2 million $8.6 million $35 million
in 30 sec
去中心化透明數位廣告平台
BAT
16. DApp - ICO
• ERC20 Standard
• Describes the functions and events that an Ethereum token contract
has to implement
16
29. • Impact
• Over $30 Million lost
• 153K Ether
• Hacker only control 3/596 multisig wallets
• All the Parity multisig wallet are vulnerable
• User need to change their multisig wallet
29
Parity MultiSig Wallet - Vulnerability
33. DApp – The DAO
37
2016/05/29 2016/06/17 2016/07/24
ICO : 2016/04/30 ~ 2016/05/28
$1.5 Billion
34. 38
DApp – The DAO
2016/06/17
Hacker stole
over $150 million
from The DAO
(Almost the 1/3 funds)
2016/06/17
Ethereum stopped
all transactions
2016/06/18
Ethereum launched DDoS
to slow down blackhat hacker
And let whitehat hacker
to withdraw the rest of funds
2016/07/24
The Ethereum Classic
was born
2016/07/21
Ethereum launched
the hark fork for Ethereum
35. The DAO - Vulnerability
• splitDAO()
1. 從parent DAO移動資金到child DAO
2. 將原本在parent DAO中的獎勵做結算,發給想split的成員
3. Split完成,已無DAO token在parent DAO內,全數移轉至child DAO
39
36. 40
The DAO - Vulnerability
從parent DAO移動資金到child DAO
原本在parent DAO中的獎勵做結算,發給想split的成員
Split完成,已無DAO token在parent DAO內,全數移轉至child DAO
37. 41
The DAO - Vulnerability
計算此成員有多少reward
發出reward給該成員
在Ethereum真正發送ether的動作
38. • 問題出在送ether的function : _recipient.call.value(_amount)()
• 此function為了方便,後面第二個括號
讓contract可以在收到錢的時候,可以自訂去call別的function
例如寫log等等
• 此處沒有帶function name, 預設會呼叫接收者的fallback function
• Fallback function讓hacker有機會再次遞迴呼叫splitDAO()
• 但此時並沒有將帳戶結清
• DAO內還是有錢
• 持續遞迴呼叫,直到gas耗盡,或是達到stack size limit
42
The DAO - Vulnerability
39. 43
The DAO - Vulnerability
從parent DAO移動資金到child DAO
原本在parent DAO中的獎勵做結算,發給想split的成員
Split完成,已無DAO token在parent DAO內,全數移轉至child DAO
40. • Impact
• Over $150 million lost
• Ethereum hard fork
• The DAO fail
44
The DAO - Vulnerability
Ethereum was proposed in late 2013 by Vitalik Buterin, a cryptocurrency researcher and programmer. Development was funded by an online crowdsale that took place between July and August 2014.[6] The system went live on 30 July 2015, with 11.9 million coins "premined" for the crowdsale.[7] This accounts for about 13 percent of the total circulating supply.
BornJanuary 31, 1994Kolomna, Russia
簡單的理解就是,如果一個語言是圖靈完備的,需要該語言支援迴圈語句,支援分支語句,支援迴圈和遞迴,理論上可以解決任何演算法,但也有可能進入死迴圈而導致系統崩潰。
比特幣指令碼不是圖靈完備的,因為它沒有條件判斷語句,不能執行迴圈,也不會產生遞迴。
2017/07/19
So far, 150,000 ethers, worth $30 million, have been reported by the company as stolen, data confirmed by Etherscan.io. As reported by the startup, the issue is the result of a bug in a specific multi-signature contract known as wallet.sol. Data suggests the issue was mitigated, however, as 377,000 ethers that were potentially vulnerable to the issue were recovered by white hat hackers.
也就是說 當你建立一個多簽錢包的同時 其實是產生一個智能合約在以太坊上
假定wallet就只有這幾個含式
Constructor 存錢 領錢
還有一個withdraw沒寫
很方便的fallback function 如果function在contract內找不到
就會進入 讓你做特別的處理