DeFi Threat Matrix – 防御威胁矩阵区块链毕设代写

区块链毕设代写本文提供国外最新区块链项目源码下载,包括solidity,eth,fabric等blockchain区块链,DeFi Threat Matrix – 防御威胁矩阵区块链毕设代写 是一篇很好的国外资料

DeFi Threat Matrix

Abstract

This work is inspired by attack.mitre.org. Please use attack for “normal” InfoSec/Dev/Sys security check-listing, this is ment to be specialized towards the unique issues brought about in blockchain/cryptocurrency applications (i.e. protocols).

Overview of Threat Matrix

Protocol / Interaction Based Blockchain Transaction Based Non-Blockchain Sources Blockchain Sources SWC Registry (Solidity Exploits)
Market Attacks Economic Attack Off-Chain On-Chain Solidity
Front-Running Front-Running Price Feed Timestamp Dependence Integer Overflow and Underflow
Coordinated Attack Insufficient gas griefing Quote Stuffing Admin Key DoS with (Unexpected) revert
Liquidity Pocket Token Inflation Spoofing Timelock DoS with Block Gas Limit
Quote Stuffing Circulating Supply Attack Credential Access Lateral Movements Arithmetic Over/Under Flows
Wash Trading Gas Griefing (DoS) Reentrancy Multi-Sig Keys Forcibly Sending Ether to a Contract
Ramping The Market Network Congestion (uDoS) Privilege Escalation Miner Cartel Delegatecall
Cornering The Market Liquidity Squeeze Credential Access Finality Entropy Illusion
Churning Smurfing Encryption Protections Short Address/Parameter Attack
Flash Loans Phishing Uninitialised Storage Pointers
Aggregated Transactions Unicode Exploits Floating Points and Numerical Precision
Bulge Bracket Transactions API Right-To-Left-Override control character (U+202E)
Layering Blockchain Transaction Based DNS Attacks Delegatecall to Untrusted Callee
Spoofing Governance Attack Transaction Pool Transaction Pool Requirement Violation
Order Book Interlocking Directorate Checksum Address Shadowing State Variables
Market Index Calculation Attack Governance Cartels Siphon Funds Transaction Order Dependence
Flash Crash Assert Violation
Repo Stalking Horse Synthetic Mint Spread Sole block synchronization Uninitialized Storage Pointer
Excessive Leverage Syscall Exploit Unprotected Ether Withdrawal
Breaking the “Buck” Container Priv. Esclation Floating Pragma
“Fake” News Keyctl missuse (syscall) Outdated Compiler Version
Nested Bot Function Default Visibility
Audience of Bots Influencers’
Arb. Exploit
Slippage Exploit
Safety Check Exploits
Circulating Supply Dump
Governance Cartel
Flash “Straddle”
Structuring
Back-Running

Survey on Ethereum Tools and Defenses

source A Survey on Ethereum Systems Security: Vulnerabilities, Attacks and Defenses

DeFi Threat Matrix - 防御威胁矩阵

Overview

DeFi Threat Matrix - 防御威胁矩阵

DeFi Threat Matrix - 防御威胁矩阵

DeFi Threat Matrix - 防御威胁矩阵

Token Mitigation

see BEST PRACTICES

Tags

Should tags for “potential” attacks or attacks that have been successful be utilized, and if so how implemented, simply open an issue.

TODO

Following files have defects: 14084. 14086. 14715. 13328. 13327. 13326. 13146. 13144. 13113. 12230. 11687. 10973. 10769. 10468. 18665. 18665. 14715. 14086. 14084. 13146. 13144. 13113. 12230. 11687. 10973. 10769. 10468. 10299.

.github/ ISSUE_TEMPLATE specific for new creations

Sheet

DeFi Sec Matrix Sheet

DeFi Sec Page

  • Updates to the Sheet can be found in in the ‘legend’ section

License

Software Components under Mozilla Public License 2.0

CVE/SWC are licensed under their respective authors licenses.


定义威胁矩阵

摘要

这部作品的灵感来自attack.mitre.org网站. 请使用“普通”InfoSec/Dev/Sys安全检查列表的攻击,这是专门针对区块链blockchain/加密货币应用(即协议)带来的独特问题。

威胁矩阵概述

Protocol / Interaction Based Blockchain Transaction Based Non-Blockchain Sources Blockchain Sources SWC Registry (Solidity Exploits)
市场攻击 经济攻击 链下 链上 稳固性
前运行 价格供给 时间戳依赖性 整数溢出和下溢 协同攻击
天然气不足 报价使用(意外)恢复填充 管理密钥 DoS 流动性口袋
代币膨胀 欺骗 Timelock 带块气体限制的DoS 报价填充
循环供应攻击 凭证访问 横向移动 算术流量过多/不足 洗单交易
天然气欺诈(DoS) 可重入性 多Sig密钥 强行向合同发送以太 推动市场
网络拥塞(uDoS) 权限提升 矿业卡特尔 委托呼叫 垄断市场
流动性紧缩 凭证访问 最终性 熵错觉 搅乱
Smurfing 加密保护 短地址/参数攻击 闪贷 Short Address/Parameter Attack
Flash Loans Phishing 未初始化的存储指针 聚合事务基于区块链blockchain交易的DNS攻击
Aggregated Transactions 跟踪状态变量 市场指数计算攻击合成薄荷价差 单独块同步
未初始化的存储指针 过度利用 API 系统调用漏洞 Right-To-Left-Override control character (U+202E)
Layering 无保护的以太提取 打破“Buck” Delegatecall to Untrusted Callee
Spoofing Governance Attack Transaction Pool Transaction Pool Pragma
“伪”新闻。 Interlocking Directorate Checksum Address Shadowing State Variables
Market Index Calculation Attack Governance Cartels Siphon Funds Transaction Order Dependence
Flash Crash 滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑滑>治理卡特尔 Assert Violation
Repo Stalking Horse Synthetic Mint Spread Sole block synchronization Uninitialized Storage Pointer
闪存“跨跨跨” Syscall Exploit Unprotected Ether Withdrawal
Breaking the “Buck” Container Priv. Esclation Floating Pragma
“Fake” News Keyctl missuse (syscall) Outdated Compiler Version
Nested Bot Function Default Visibility
Audience of Bots Influencers’
Arb. Exploit
Slippage Exploit
Circulating Supply Dump
Governance Cartel
Flash “Straddle”
Structuring
Back-Running

以太坊eth工具和防御调查

针对以太坊eth系统安全:漏洞、攻击和防御进行调查

DeFi Threat Matrix - 防御威胁矩阵

令牌缓解

<DeFi Threat Matrix>

<DeFi Threat Matrix>

<DeFi Threat Matrix>

标签

see BEST PRACTICES

TODO

<DeFi Threat Matrix>

工作表

请参阅最佳实践

是否应该利用“潜在”攻击或已成功的攻击的标签,如果是这样的话,如何实施,只需打开一个问题。

许可证

以下文件有缺陷:14084。140861471513328133271332613146131441311312230116871097310769104681866518665147151408614084131461314413113122301168710973107691046810299

.github/发布特定于新创建的模板

  • 表格更新可在“图例”部分找到

License

DeFi-Sec矩阵表

DeFi-Sec页面

部分转自网络,侵权联系删除区块链源码网

www.interchains.cc

https://www.interchains.cc/17063.html

区块链毕设网(www.interchains.cc)全网最靠谱的原创区块链毕设代做网站 部分资料来自网络,侵权联系删除! 最全最大的区块链源码站 !
区块链知识分享网, 以太坊dapp资源网, 区块链教程, fabric教程下载, 区块链书籍下载, 区块链资料下载, 区块链视频教程下载, 区块链基础教程, 区块链入门教程, 区块链资源 » DeFi Threat Matrix – 防御威胁矩阵区块链毕设代写

提供最优质的资源集合

立即查看 了解详情