Popular blockchain security company, Blocksec has invalidated a viral rumor of an Ethdev contracting hack. Blocksec used Phalcon’s simulation to prove the security of a SMART contract of $ 532 million.
Blocksec Debunks Hack Rumors with Phalcon simulation
Blocksec, a technology company established in China that focuses on the security of the entire life cycle of smart contracts, digital assets supervision and anti-money laundering practices, has been brought to its Twitter page to a widespread rumor about the hack of an Ethdev- to discredit contract in which an Ethdev contract is involved in which an Ethdev contract is approximately $ 532 million. According to a very recent Twitter -thread The Ethdev contract in question was released earlier today by Blocksec and is still very intact.
Met behulp van Phalcon’s simulatie, een krachtige transactie -explorer die is ontworpen voor de DEFI -community, presenteerde BlockSec een gedetailleerde analyse om de beveiliging van het ETHDEV -contract met de TAG te bewijzen (0XDE0B295669A9FD93D5F28D9EC85E40F4CB697BAE) Worth $ 532 miljoen.
Blocksec also revealed that countless attempts had been made to violate the smart contract by changing the ownership of the contract, albeit in vain. In his exact words, BlockSec’s tweet is:
“Rumors said that everyone could hack the Ethdev contract (0xde0b29569fd93d5f28d9ec85e40f4cb697bae – with $ 532 million). It has been observed that many tests change the owner of this contract. We will use Phalcon’s simulation to tell you the truth that the contract has not been hacked ”.
The Ethdev -ownership operates
Ethereum, the commonly used and most commercially successful blockchain, is a neutral, open-source, public visible, unchanging public ledger, making it susceptible to hacks and infringements, one of which is the infringement of ownership. If a position in the smart contract is an external function, it can be called by someone (attacker), apart from the implementation or the owner to make changes and to bring about transactions.
The ownership attack is one in which an attacker can invoke a function to update the values on a smart contract and to use it easily. It is said that the Ethdev contract in question was hacked through the infringement of property.
Accompanied by screenshots of the transaction, the tweets of Blocksec have disproved this wrong information, which shows that although an attacker could change the ownership by performing the “Add owner” function, they could not successfully violate the contract. Blocksec explained:
“We can simulate the implementation of the owner function to check whether an address is the owner of the contract. Let’s view the result of the address: 0xd9301BF972372AC0F33AA8734B1A23072DF6DB4C. It seems that it is not the owner, even if it can successfully perform the ADD owner function. ”
Have smart contracts become infallible?
Blocksec focused on the reason why the performance of the “Add owner” was not returned, explained that this was “because the contract did not return, even when the caller is not the actual owner of the contract.”
Although various smart contracts have been successfully hacked through the property exploitation, it is very preventable. Blockchain security experts have shown two possible solutions for the Problem Procedant Procedure. These are the adjusted modificator and the Ownership of Openzeppelin. One of them was perhaps employed to secure the Ethdev contract in question.
By introducing a variable from an owner, initialized with MSG.Sender, during the initialization in the Constructor, developers can add a modified modificator who verifies the real property of a contract before allowing changes.
