Smart Contract Security Audit
What is Ethereum
Ethereum (Ethereum) is a decentralized application platform built on blockchain technology. It allows anyone to build and use decentralized applications running on blockchain technology in the platform.
The Ethereum platform encapsulates the underlying blockchain technology, allowing blockchain application developers to develop directly based on the Ethereum platform, as long as they focus on developing smart contracts for the logic of the application itself, which can greatly reduce the difficulty of development.
The big difference between Ethereum and Bitcoin is that Ethereum has the concept of smart contracts. Bitcoin is a digital currency — a store of value, while Ethereum is not just a digital currency, smart contract audit but also supports smart contracts.
For a more in-depth understanding of what Ethereum is, you can also refer to another article: What is Ethereum — A Beginner’s Guide to Ethereum Development
What is a smart contract
So what is a smart contract? A program running on the Ethereum network is called a smart contract, which, like other programs, is a collection of code and data (state).
Smart contracts are event-driven, stateful computer programs running on a replicable, shared ledger that automatically execute when certain conditions are met. Once the contract is deployed, it cannot be modified, it is irreversible after the contract is executed, and all execution transactions can be traced.
Smart contracts are ideal for application scenarios that require high trust, security and durability, such as: digital currency, digital assets, voting, insurance, financial applications, prediction markets, property ownership management, Internet of Things, peer-to-peer transactions, and more.
Blockchains are decentralized systems that exist between all permitted parties, and smart contracts eliminate the need for middlemen that cause conflicts between parties in traditional systems.
If you want to learn more about the principle of smart contracts, you can also refer to another article: How Smart Contracts Work
Smart Contract Security Vulnerability Practical Environment Construction
At present, bsc smart contract audit the IDE for developing smart contracts is still Remix. Remix is a browser-based IDE for the Ethereum smart contract programming language Solidity. It is strongly recommended that novices use the Remix-Solidity IDE for development without installing Solidity locally.
If you want to build your own local development environment, you can read another article: Building a Smart Contract Development Environment Remix IDE and Using it .
We need to develop and test during the actual combat of security vulnerabilities of smart contracts. If we do it through the Remix online IDE , there are different methods according to the Environment options of the Remix IDE, as shown in the following figure:
null
There are three Environment options for Remix IDE:
Javascript VM, the built-in virtual machine of Remix, provides the function of contract deployment and operation. It has the same function as the Ethereum virtual machine. This is equivalent to simulating a blockchain in memory. If the Javascript VM mode is selected, the contract can be executed. Debug debugging;
Injected Web3 is mainly used through plug-ins, and with metamask, it is easy to deploy smart contracts to the Ethereum testnet or mainnet;
Web3 Provider, which connects Remix to the specified Ethereum node, such as a private chain node built locally by installing the Ethereum client geth.
The following is an explanation of the construction of the actual combat environment for security vulnerabilities of smart contracts from the above three modes, so as to facilitate subsequent practical exercises on vulnerabilities of smart contracts.
The Solidity development used in this article will also be based on the online Remix IDE.
Javascript VM
Javascript VM mode is also the easiest way. You can directly use the online Remix-Solidity IDE to develop, compile, deploy, invoke, test, and debug smart contracts. It is very suitable for beginners to practice, as shown in the following figure:
The specific use of Remix IDE will not be repeated here. You can move to the official Remix documentation: Remix, Ethereum-IDE Official User Manual .
Injected Web3
Injected Web3 is mainly used through plug-ins. With metamask, smart contracts can be easily deployed to the Ethereum testnet or mainnet.
In this mode, you can use the remix + metamask + myetherwallet mode to develop and deploy smart contracts, which is the simplest and most commonly used method; you can also use the engineered advanced development and deployment method of Truffle + Infura.
Remix ** needs no introduction;
MetaMask is a plug-in type Ethereum wallet used on Google Chrome Chrome. The wallet does not need to be downloaded. You only need to add the corresponding extension in Google Chrome. It is very lightweight and easy to use. It is also very convenient, Metamask detailed graphic tutorial :
MyEtherWallet or MEW Wallet for short, is one of the most famous Ethereum wallets, MEW Wallet is a web based service that allows you to control your funds. It is used to securely store, solidity contract audit send and receive ether and ERC-20 tokens, and to interact with smart contracts. The service provides its users with an address (public address) where they can receive coins and tokens from anyone. It also provides users with a quick way to send coins via a private key (secret passphrase).
Infura is a platform that allows your dApp to quickly connect to Ethereum, without the need to run Ethereum nodes locally, and behind it is a load-balanced API node cluster. The nice thing about using it is that you never have to worry about a connected node failing, Infura takes care of it all.
Truffle is a development framework for the Ethereum-based Solidity language. itself based on Javascript. Deep integration of the Ethereum client, development, testing, and deployment can be done with one line of commands. Truffle — A Guide to Using the Ethereum Solidity Programming Language Development Framework
The following describes how to develop, deploy and call contracts through the simple method of remix + metamask + myetherwallet. Before starting, please install the Metamask wallet plug-in to the browser.
Then create an account, unlock the account, write a contract, compile the contract, copy the content in WEB3DEPLOY from the compilation details, enter the geth client to execute after modifying the relevant information, and deploy the contract.
After the deployment is successful, the contract can be called directly in the geth console. The entire deployment and invocation process ensures that there is a balance in the account. For more detailed process, please refer to another article: Use remix+geth to develop and deploy smart contracts .
Sharpening the knife is not the same as chopping firewood. You must first understand the basic knowledge before you can better understand smart contracts and the security issues of smart contracts.
If you want to do good things, you must first sharpen your tools. Only by knowing how to build an environment for smart contract security vulnerability practice exercises can you better review contract vulnerabilities.