Ethereum: the treaty was pirate – understand the problem
As a smart contract developer in the Ethereum block chain, it is not a stranger for potential risks associated with the use and interaction with external contracts. In this article we will deal with what went wrong with a chopped contract that extracted the token from another contract.
The incident: a simplified version
Suppose our contract was called “Mycontract”. Another intelligent contract, which was called “his contract”, used a contract (also known as event or function) and then called it. This event led to our “MyContract” contract and executes the functionality of this contract.
The Hack: Token extraction
When “YourContract” calls “Mycontract”, it is essentially attracted to the “Mycontract”. These tokens were extracted and used by another malicious intelligent contract (let’s call it “hackercontrato”) on another blockchain network. HackerContract would perform the functionality of “YourContract”, which in turn interacted with “Mycontract” to get more chips.
What went wrong?
So what was happening with this trick? Here are some important points:
* Lack of adequate authentication : It seems that “your contract” had no way to verify the identity or authorizations of the contract called. This security susceptibility allows an attacker to take advantage of this lack of security.
* Treatment of false events : The fact that a second contract was called and the functionality of another contract carried out without being properly authentically caused cause significant concerns about the reliability and integrity of intelligent contracts for Ethereum.
* Token extraction without permission
: The extraction of tokens of another contract is a serious violation of the conditions for the use of external libraries or API. This can lead to identity theft, unauthorized access or other malicious activities.
Massive risk
To avoid similar hacks in the future:
* Implement the appropriate authentication mechanisms : Verify the identity of the contracts before interacting with you.
* Use safe practices to handle safe events : Make sure events and functions are properly authenticated and authorized to avoid involuntary consequences.
* Monitor and verify the interactions of the smart contract : regularly verify transactions and event records to recognize possible security infractions.
If we understand what went wrong in this case, we can improve our own safe contracts and minimize the risk of similar hacks. As Ethereum developer, it is important to stay attentive and adapt these principles to guarantee the integrity and reliability of our intelligent contractual interactions.