#20 Days of “Why?” & “What in?” Security & Blockchain?
author: aman
Blog I - Part VI - Day 06
This blog will cover the motivation to what lead me write this blog series. I will be covering a few intriguing bugs(in the very next BLOG), which could seriously be enlightening to the people reading, and yeah, may serve the target of this blog series, of showing the people to what is called as “The road not taken”
Let’s go through…
In this micro-blog
- What am I talking about?
- Why am I talking about it?
- Have you heard before? (The “goto fail;”, Heartbeat, Meltdown, Spectre)
- What the world is upto against such __ ?
- Basic Challenges faced
- Unimportant sounding complete terms
- Motivation behind
Motivation Behind
The motivation to start this blog series came right from the incident where, PRIYANSH, the same 2nd year CEV members, who reached out to me regarding the BACKDOOR thing.
Just give it a clear view, everyone is now using the tech to transfer money, to share data, to create a “online portfolio” on instagram, … bla bla bla.. almost everywhere. The people are more accepting towards new technology, for ex. the UPI, initially people resisted, now using it almost everywhere. Atleast in my city, Surat.
You are so surrounded by data exchange, that a day without internet is honestly a day spent sleeping.
Since, blockchain hype has caught a boom, just like Machine Learning, people still can’t come over from learning to make applications, and actually focusing on the very ways they can make it safe to use.
It is clearly demand > supply.
So much work in developing applications and so less in securing them. The reason why the most of the BIG Institutions spend a lot of time in doing these critical researches.
The DAO bug I had talked about caused nearly $50 million worth ETH lost in the hands of attacker. Just because he was able to find and exploit the smart contract. The another attack famously called “Parity WAllet MULTI-SIG attack”, frozen the use of around 500,000ETH. The bug caused due to improper checks in the smart contract functions.
Next one is even more interesting, When a user submits a transaction with no to field, it is interpreted as a contract deployment. If they also leave out the data field this results in a contract being deployed with no code. If the transaction has ETH attached to it then the ETH becomes inaccessible as it is given to the “contract” even though the contract has no code associated with it. This problem most commonly occurs when someone constructs a transaction incorrectly (accidentally leaving off the to field) but can also occur when someone attempts to create a contract but accidentally leaves out the data. In either case, it is easy to identify and the proper owner is obvious (transaction submitter).
These motivated me enough to work in that directed. In the direction of security DISTRIBUTED LEDGER TECHNOLOGY, in general. BLOCKCHAIN, is just a type of DLT.
A lot to come ahead… Keep your spirits high…
Cheers…!!!