Tuesday, March 21, 2023
  • Login
  • Register
btclive365.com
  • Home
  • Cryptocurrency News Today
  • Bitcoin (BTC)
  • Altcoins
  • Blockchain
  • Crypto Mining
  • CryptoCurrency Predictions
  • Defi
  • Dogecoins
  • Earn Crypto
  • Ethereum (ETH)
  • Forex Trading
  • ICO
  • Litecoin ( LTC )
  • NFT
  • Ripple
  • Trend cryptocurrency
No Result
View All Result
  • Home
  • Cryptocurrency News Today
  • Bitcoin (BTC)
  • Altcoins
  • Blockchain
  • Crypto Mining
  • CryptoCurrency Predictions
  • Defi
  • Dogecoins
  • Earn Crypto
  • Ethereum (ETH)
  • Forex Trading
  • ICO
  • Litecoin ( LTC )
  • NFT
  • Ripple
  • Trend cryptocurrency
No Result
View All Result
btclive365.com
No Result
View All Result
Home Defi

In-depth Analysis from the Audit Perspective 

btclive365 by btclive365
November 9, 2022
in Defi
0
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter


Read Time: 5 minutes

Tezos blockchain project had a splendid start by raising $232 million with the Initial Coin Offering, obtaining second place in receiving the biggest funds among the 20 largest ICOs.

Amongst the most popular blockchain networks, such as Ethereum or Bitcoin, how was Tezos able to gain all the hype? To find out the answer, let’s take a closer look at the distinctive attributes of Tezos that have attracted hordes of supporters. 

While the blockchain that emerged during its times worked on Proof-of-Work(PoW) consensus, Tezos blockchain was innovative in using Proof-of-Stake(PoS) based consensus with a self-amending mechanism and on-chain governance. 

As a result of which, Tezos got into the limelight as the perfect alternative for building eco-friendly DeFi applications that require substantially less energy and low costs. So, how does the Tezos infrastructure equates to the flexibility in implementing upgrades much more easily?

That gets us to learn about the architectural set-up, which adds value to the Tezos.

Smart Contracts on Tezos

Smart contracts are executable contracts programmed to process the exchange of tokens between two parties without requiring either of the parties to trust the other. 

When it comes to Tezos, it is uniquely written using the Michelson programming language. Furthermore, Tezos employs formal verification to ensure the correctness of the code, which makes it more secure and reliable. 

Enumerating The Specifics of The Tezos Blockchain

The highlights of the Tezos are given here for a better understanding of its configuration and uniqueness. 

Self-amending

Tezos, which validates blocks operating on the consensus algorithm, is built-in with a self-amendable mechanism. Any amendments to the protocol, such as switching to a different consensus, modifying the reward system, adding transactions, etc., are implemented based on the on-chain voting system. 

Any minor to major changes in the Tezos economic protocol is triggered by the on-chain voting procedure. This self-amending protocol has the upper hand in avoiding the forks or splitting in the community.

On-chain governance

Tezos stands contrary to Bitcoin and Ethereum, which followed the non-formalized governance systems which led to the blockchain splits (Bitcoin Cash and Ethereum classic). 

The on-chain governance in Tezos facilitates the “Bakers”, aka Miners, to propose and cast votes on protocol upgrades. The on-chain methodology in Tezos is designed to automatically implement the upgrades in the underlying protocol’s code without going through a centralized director. 

Proof-of-stake consensus: The PoS 

The PoS consensus in Tezos allows anyone to participate. In order to be a Tezos baker who validates the block and enables consensus building, the baker should possess a minimum holding of XTZ(native) tokens. 

It also adopts a method where if the user doesn’t have enough to spare for baking, they can delegate XTZ tokens to a baker with a big Tez bankroll. In turn, the rewards earned by the baker are re-distributed to the delegators. 

Exploit grounds found in Tezos smart contracts

One of the audit reports revealed errors in the message-passing architecture of Tezos smart contracts. We shall decode them here now. 

Message passing architecture

An external contract which is supposed to be called during the execution of the function is instead queued in a list of calls to be executed in the Tezos contract. 

The order found in Tezos contract is, 

  • Execute a() # Next calls: [b, d]
  • Execute b() # Next calls: [d, c]
  • Execute d() # Next calls: [c]
  • Execute c() # Next calls: []

Wherein you can see that code d() is executed before code c().

This type of execution has the possibility for two types of vulnerabilities,

Callback Authorization Bypass 

The architecture of Tezos is built to prevent the contract from reading the return value of an external call using the callback function. But here, since there’s no restriction, the use of callback may lead to access control issues. 

Call Injection

It offers scope for the attacker to compromise the contract by injecting calls between a function and an external call generated. 

On the execution of the functions, the generated calls are queued in the list of calls to be executed. An attacker can gain an advantage by placing their call in the queue and executing the code between the end of the executed function and the generated calls. 

When the attacker’s call is executed, the contract’s balance or the memory of the contract goes to an invalid state, and the attacker successfully achieves the call injection. 

Precautions To Be Observed While Coding Tezos Smart Contract Using Michelson

Michelson programming language is a go-to option for writing secure contracts resistant to data leaks and fund thefts. Although the programming language is so strong, there is a list of mistakes that can appear in the contract. 

Let’s understand the common mistakes and the ways to rule out the errors.

Refunding To A List Of Contracts

This is a condition wherein a group of people’s funds are refunded at once. It occurs on accepting arbitrary contracts where a malicious user initiates such an issue. 

The possible issues from this error are a contract swallows all the gas through a series of callbacks, the ‘FAIL’ instruction is called that stops all computation, reentrancy errors and so on. 

What’s the solution?

Default accounts do not execute the code; therefore, the above issue can be sorted by creating a default account from people’s keys. Also, it can be programmed to have users pull their funds individually. 

Not Setting State Before Transfer

Reentrancy is a common hurdle in the blockchain. When the contract calls to another external contract for making transfers, the arbitrary gains an upper hand in making further transfers if the state is not updated after each transfer.

It causes multiple withdrawals of funds from the contract. 

What’s the solution?

Be careful while making calls to external contracts, and make sure that their behaviour cannot be modified. To forbid reentrancy, flag in the storage so that users cannot reenter unless they have a good reason. 

Storing Or Transferring Private Data

The data which is published could be viewed explicitly. That means the private information becomes visible to everyone when the transaction is broadcasted. This gives a chance for the malicious node in the system to manipulate the unsigned transaction by delaying or modifying them. 

What’s the solution?

Sign the transactions that contain sensitive information. Using counters to enforce transaction orders can solve the issue. 

Ensure Pro Protection To Projects Through Tezos Smart Contract Audits 

Tezos built with a self-amending structure offer better scalability and reliability, but although security is always a matter of question for blockchain-based applications. The smallest of issues can cause the biggest fund loss. 

And that’s where QuillAudits takes a step forward to protect the assets from the grip of bad actors. We give them no chance of exploiting the contract as we recognize and fix those issues by conducting thorough Tezos smart contract audits. 

Have a free consultation with our experts to learn about our auditing services. 

221 Views



Source link

Previous Post

ApeCoin is Predicted to Drop to $3.28 By Nov 14, 2022

Next Post

Hardware Wallets Explained: How They Work & How to Use Them Like a Whale

btclive365

btclive365

Next Post

Hardware Wallets Explained: How They Work & How to Use Them Like a Whale

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Stay Connected test

  • 23.8k Followers
  • 99 Subscribers
  • Trending
  • Comments
  • Latest

How to sell Bitcoin – Bitcoin Magazine

November 9, 2022

Add a Tangible Asset to Your Portfolio: Buy Gold

January 7, 2023

Building Bitcoin Standard In Portugal – Bitcoin Magazine

November 9, 2022

USD/ZAR Rallies as SA President Ramaphosa Faces Potential Impeachment

December 1, 2022

Bitcoin price hits 2-week lows as FTX ‘bank run’ drains BTC reserves

1

Building Homesteader Lifestyle With Bitcoin – Bitcoin Magazine

1

Arbitrum dealings activity rockets 550% since August: Delphi Digital

0

Bitcoin․com Doubles Down on Self-Custody With Launch of Verse DEX – Press release Bitcoin News

0

Elon Musk, Bill Ackman, Peter Schiff Caution US Fed, and FDIC Ahead of FOMC Rate Hike

March 21, 2023

Enya Labs Signs Partnership Agreement With Dubai Multi Commodities Centre (DMCC)

March 21, 2023

Silicon Valley Bank’s collapse is not a 2008 moment – UBS

March 21, 2023

Web3 a hot topic at SXSW despite bear market and declining interest in NFTs

March 21, 2023

Recent News

Elon Musk, Bill Ackman, Peter Schiff Caution US Fed, and FDIC Ahead of FOMC Rate Hike

March 21, 2023

Enya Labs Signs Partnership Agreement With Dubai Multi Commodities Centre (DMCC)

March 21, 2023

Silicon Valley Bank’s collapse is not a 2008 moment – UBS

March 21, 2023

Web3 a hot topic at SXSW despite bear market and declining interest in NFTs

March 21, 2023

We deliver up-to-date, breaking crypto news about the latest Bitcoin, Ethereum, Blockchain, NFTs, and Altcoin trends and happenings

Follow Us

Browse by Category

  • Altcoins
  • Bitcoin (BTC)
  • Blockchain
  • Crypto Mining
  • Cryptocurrency News Today
  • CryptoCurrency Predictions
  • Defi
  • Dogecoins
  • Earn Crypto
  • Ethereum (ETH)
  • Forex Trading
  • ICO
  • Litecoin ( LTC )
  • NFT
  • Ripple
  • Trend cryptocurrency

Recent News

Elon Musk, Bill Ackman, Peter Schiff Caution US Fed, and FDIC Ahead of FOMC Rate Hike

March 21, 2023

Enya Labs Signs Partnership Agreement With Dubai Multi Commodities Centre (DMCC)

March 21, 2023
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2022 btclive365 All Right Rivered .

No Result
View All Result
  • Home
  • Cryptocurrency News Today
  • Bitcoin (BTC)
  • Altcoins
  • Blockchain
  • Crypto Mining
  • CryptoCurrency Predictions
  • Defi
  • Dogecoins
  • Earn Crypto
  • Ethereum (ETH)
  • Forex Trading
  • ICO
  • Litecoin ( LTC )
  • NFT
  • Ripple
  • Trend cryptocurrency

© 2022 btclive365 All Right Rivered .

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In