摘要
从2016年The DAO被盗取6000万美元开始^([1]),到美链BEC价值归零^([2])、BAI和EDU任意账户转帐^([3-4]),再到最近EOS漏洞允许恶意合约穿透虚拟机危害矿工节点^([5]),"智能合约"俨然成为区块链安全重灾区。"清华-360企业安全联合研究中心"团队在区块链安全方面进行了持续研究,开发了自动化漏洞扫描工具,近期发现了多个新型整数溢出漏洞,可造成超额铸币、超额购币、随意铸币、高卖低收、下溢增持等严重危害。
In 2016,The DAO was stolen for 60 million US dollars,and later the value of Beauty Chain( BEC) became zero,and BAI and EDU were transferred to any account. What's worse,recently the EOS vulnerability allowed malicious contracts to penetrate virtual machines to harm miner nodes. The smart contract became the hardest-hit area of blockchain. The Tsinghua-360 Enterprise Security Joint Research Center team has conducted continuous research on blockchain security,developed automated vulnerability scanning tools,and recently discovered a number of new integer overflow vulnerabilities that can result in over Mint,over Buy,mint Any,under Sell,ower Underfolw,and other serious threats.
作者
陈力波
殷婷婷
倪远东
张超
Chen Libo, Yin Tingting, Ni Yuandong, Zhang Chao(Tsinghua University-360 Enterprise Security Group Joint Research Center, Beijing 100015, Chin)
出处
《信息技术与网络安全》
2018年第8期3-6,共4页
Information Technology and Network Security
关键词
智能合约
区块链
漏洞扫描
smart contract
blockchain
vulnerability scan
