What security issues do crypto users need to be concerned about?
Written by: @cmdefi
「Safety"It should be the biggest topic in the industry for at least the next 10 years, because it currently has contradictions on both the decentralized and centralized ends.exchangeSafetyLet’s dive into the topic from the following angles:
1. Asset autonomy
3. Censorship resistance
4. wallet
1/4 Asset Sovereignty
Decentralization is far superior to centralization in terms of asset autonomy, which means that users have full control over their own assets. This was the mainstream narrative during the DeFi Summer period and was also the starting point for the massive coin withdrawal movement that year.
But with the advent of smartcontractAttacked, authorizedstealThere are more and more cases of currency, and the higher the autonomy of assets, the more it is not completely equivalent toSafety性越强,因为很多普通用户不具备相应的识别风险的能力,或者说在链上安全的管理资产在学习时间和经验上都有相当高的要求,这就导致自主管理资产的门槛越来越高。
Therefore, newcomers will still give priority to entrusting their assets toexchangeOr an institution, the original intention is to leave professional matters to professionals. Of course, you will lose the autonomy of your assets from then on, in exchange for the custody service provided by the centralized institution.
行业发展到今天,交易所和链上基本承载了不同的用户群体,且两者都存在相应的风险,只是风险的呈现方式不同,链上自主管理资产有非常强的自主权,你能够 100% 拥有你的资产,但需要有足够的经验和风险管理能力。委托给交易所管理足够简单,但可能面临中心化风险。没有完美的方案,重要的是清楚和了解风险存在哪里并永远保持敬畏。
2/4 Smart Contract Security
"Risk always occurs in the unknown"
In addition to asset management, from the perspective of DeFi projects, non-upgradeable, decentralized smart contracts are considered to be decentralized and cannot be tampered with. However, does this mean absolute security? In fact, this is not entirely true. Since the code risks of smart contracts cannot be fully predicted and simulated, if a critical smart contract has a fatal vulnerability and the central authority cannot intervene, it is truly beyond the reach of even the gods. Many cases of this have occurred in the early days of DeFi.
So how will the security of smart contracts develop in the future? According to the original intention of decentralization, simple smart contracts will be tested by time and the market and will first be "solidified", that is, completely decentralized and cannot be tampered with. Then the complexity will gradually increase. In this process, some complex projects will inevitably need to set up emergency buttons at key links to prevent and recover losses in major events (of course, various permissions are usually used to constrain control in this process to prevent the risks brought by excessive centralization).
Therefore, the security of smart contracts is something that must be tested and rectified over time. Currently, all the fud regarding DeFi security is actually the future of the fud industry. The security issues faced by smart contracts are what all future on-chain projects, whether GameFi or SocialFi, will have to go through. It’s just that DeFi is taking the lead first. Only when enough foundation is solidified in the front can the road ahead be easier to go.
3/4 Censorship Resistance
Anti-censorship is an aspect that many people tend to overlook, because most people think that they are just speculating in cryptocurrencies and doing simple transactions, and they are far away from anti-censorship. In fact, once you have experienced it, you will fully realize the importance of anti-censorship, because it is the most direct way for you to feel it. If there is no decentralization, in fact, your money cannot be said to be your money. I will not expand on this here. People who basically understand will realize that it is not an exaggeration to say that anti-censorship is the most important item in the decentralized vision.
In this regard, it complements asset autonomy, and decentralized management is indeed superior to centralized management.
4/4 wallet
在链上保存资产,我们经常接触到的就是冷wallet、热钱包、硬件钱包。
Cold wallet: Simply put, the private key is not connected to the Internet during the creation and management process. This kind of cold wallet can be made by yourself, such as using an old iPhone to make a cold wallet. You can find a lot of tutorials and information on the Internet. This method is currently very safe from the perspective of personal management. The only thing you need to pay attention to is not to lose the paper that records the mnemonic.
Hardware wallet: First of all, it is not equivalent to a cold wallet. Hardware wallets involve a lot of hardware technology. Generally speaking, the generation of private keys is not online. However, the controversy lies in the fact that the hardware manufacturers are also centralized organizations, which may have theoretical centralization risks. On the other hand, hardware wallets usually have an extra step of verification before you execute a transaction, which is equivalent to protection measures such as U shield/security card.
Hot wallet: Hot wallet is the wallet we use most in daily life. It is more lightweight and flexible to use. Frequent on-chain interactions will increase the authorization and signature of the wallet. Especially if some upgradeable contracts are authorized, there may not be any problems at the moment, but the upgraded contracts may bring new risks and lay mines for the future.
The use of a wallet is usually configured according to personal circumstances. The security of a wallet ultimately comes down to the security of private keys and permissions.
The article comes from the Internet:What security issues do crypto users need to be concerned about?
Looking ahead, Farcaster is committed to decentralization, user autonomy, and innovative features, positioning itself as a potential leader in the next wave of social media platforms. TL;DR Farcaster is a decentralized social platform that combines on-chain identity creation, storage leasing, and key maintenance, with off-chain data storage maintained by a decentralized network of nodes. This structure uses…
相关文章
