• 平台通知 交易行情
      查看更多
    • 语言&汇率
    • 偏好设置
      涨跌颜色
      涨跌幅起始时间
    Web3 交易所
    Gate博客

    加密货币新闻、热点&行业洞察

    Gate.io 博客 How do web3 firewalls and smart contract security services mitigate crypto security flaws?

    How do web3 firewalls and smart contract security services mitigate crypto security flaws?

    11月04日 10:26



    TL;DR

    🔹 More than US$27 trillion in cryptocurrency has been stolen since 2012, according to SlowMist, a Xiamen-based blockchain security company, with the top three types of attacks being scams, flash loan attacks, and contract vulnerabilities.

    🔹 Some Web3 security flaws stem from the interaction of Web3 and Web 2.0 architectures, while others are inherent in how protocols such as blockchain and other functions operate.

    🔹 The many attacks and the number of vulnerabilities caused by the lack of security patches have given rise to smart contract security services. These smart contract services provide monitoring services, problem detection, real-time contract event analysis, and alerts.

    🔹 Web3 firewalls and smart contract security services mitigate crypto security flaws by filtering malicious traffic, auditing smart contracts, and providing security alerts and warnings.







    Introduction


    The growing number of high-profile crypto scams has highlighted the need for Web3 security solutions. Celebrities have been targeted, including Bill Murray and Seth Green in the United States, as well as Taiwanese Mandopop sensation Jay Chou, who lost a valuable Bored Ape Yacht Club NFT to a phishing website in April. More than US$27 trillion in cryptocurrency has been stolen since 2012, according to SlowMist, a Xiamen-based blockchain security company. The top three attacks were scams, flash loan attacks, and contract vulnerabilities. Many smart contract attacks have occurred over the years, costing victims large sums of money.

    On the other hand, the DAO and Parity Wallet hacks are well-known. The DAO smart contract contained flaws that allowed attackers to steal funds from the network. Because of the fault, the hacker could request funds from the smart contract before the balance was updated.


    What are Web3 Firewalls?

    The switch from Web 1.0 to Web 2.0 exposed users and businesses to several new security threats. Because any user could publish content to the Internet, untrusted and malicious inputs could more easily compromise websites, leak data, and infect databases. As people begin to explore the new world of Web3, a new set of security vulnerabilities has emerged, some of which they may have never encountered before. A Web3 firewall is a web3 network security device looking to assist firms in combating cyberattacks that frequently target their products and services in this new terrain.


    Web3 Security Risks

    Some Web3 security flaws stem from the interaction of Web3 and Web 2.0 architectures, while others are inherent in how protocols such as blockchain and other functions operate. Examples of Web3 security risks include:

    Lack of encryption
    Web3 is wholly decentralized in theory, and any connected node on the network can directly interface with stored data. In practice, Web3 application front-ends will continue to rely on Web 2.0 technologies with which user endpoints can easily interact. Most Web3 app front-ends use API queries to the Web3 back-end for business logic and data storage.

    Many Web3 API queries are currently not cryptographically signed. This exposes them to on-path attacks, data interception, and other attacks, just as using unencrypted, unsigned HTTP Web 2.0 apps exposes users to data leakage and on-path attacks.

    2. Smart contract hack
    Smart contracts, like any other code, can have significant security flaws that expose user data or, in many cases, funds to vulnerabilities. In December 2021, defects in smart contracts enabled attackers to steal approximately $31 million in digital currency. In May 2022, a flaw in the TerraUSD algorithm caused the cryptocurrency to lose about $50 billion in value.

    3. Privacy concern
    In contrast to a Web 2.0 model, where access to databases can be highly restricted, data on a blockchain can be stored and accessed by any connected node. Depending on the data stored, this raises many security and privacy concerns. Even if it is anonymized while in transit, studies show that no data is truly anonymous.

    4. Bridge and Protocol Attack
    Web3 is not entirely based on blockchain. Blockchain, like the Internet, is made up of layers built on top of each other. One example is the widespread use of "bridges," which are protocols that allow transfers between blockchains. These protocols are also vulnerable to attack. For example, in February 2022, thieves used the Wormhole bridge to steal approximately $320 million in cryptocurrency.

    5. Wallet and Account Theft
    The media is awash with stories about cryptocurrency or NFT wallet attacks. This is most commonly accomplished by attackers gaining access to users' private keys or duping users into handing them over via phishing. If these private keys are kept locally on a user's device, they can be physically stolen.





    What are smart contracts and smart contract security services?

    A smart contract is a transaction protocol that is designed to execute, control, or document legally relevant events and actions following the terms of a contract or agreement. The smart contract provides many advantages over the legacy system but also represents opportunities for attackers looking to profit from vulnerabilities. Public blockchains exacerbate the issue of securing smart contracts. Deployed contract code is typically unchangeable to patch security flaws. Also, assets stolen from smart contracts are complicated to track and, in most cases, irredeemable due to immutability. Even though figures vary, it is estimated that the total value stolen or lost due to security flaws in smart contracts exceeds $1 billion.

    These attacks and the number of vulnerabilities caused by the lack of security patches have given rise to smart contract security services. These smart contract services provide monitoring, problem detection, real-time contract event analysis, and alerts. When project parties need to upgrade contracts, some smart contract security services provide systematic technical support tools such as contract upgrades and cross-chain migrations.

    How web3 firewalls and smart contract security services mitigate crypto security flaws

    Web3 firewalls, and smart contract security services mitigate crypto security flaws in many ways. Some of these ways include:

    1.A shield between Web3 applications and the Internet:
    When a Web3 firewall is deployed, it creates a barrier between the web3 application and the Internet. While a proxy server protects the identity of a client machine by using an intermediary, a Web3 firewall is a type of reverse proxy that protects the server from exposure by requiring clients to pass through the firewall before reaching the server.

    2. Filtering out malicious traffic:
    A Web3 firewall operates according to a set of rules known as policies. These policies aim to protect against application vulnerabilities by filtering out malicious traffic.

    3. Risk alert and warning:
    Web3 firewalls assist Web3 firms in combating cyberattacks by enabling wallet providers and custodians to provide users with real-time warnings and transaction context.

    4. Smart contract security audit
    Like other software applications, smart contracts need specialized audits to address security flaws. Smart contract security services carry out this audit to conduct periodic security assessments, avoid costly errors, and ensure that contracts are performing optimally.
    A smart contract audit is a thorough line-by-line examination of the underlying code of a contract. The audit aims to detect and eliminate all potential vulnerabilities and confirm reliable contract interactions.


    Examples of web3 firewalls and smart contract security services.


    Blowfish
    Blowfish is a web3 firewall and security services provider that addresses the cybersecurity risks associated with end-user interactions with blockchains. Because of the opacity of blockchain transactions, malicious transactions have increased in space. Blowfish is developing a service that scans proposed transactions for malicious intent on behalf of wallets, custodians, and individual users before signing and sending them to the network, adding an extra layer of security that can protect users from phishing attacks and malicious or hijacked dApps.

    2. Hacken
    Hacken is a cybersecurity firm founded in 2017 to make Web3 a safer place. It provides a competitive suite of professional cybersecurity services worldwide to technological businesses and crypto communities.

    3. Certik
    CertiK is a web3 and smart contract security service provider founded in 2018. It utilizes best-in-class Formal Verification and AI technology to secure and monitor smart contracts, blockchains, and Web3 apps.

    4. OpenZeppelin
    OpenZeppelin provides security products for decentralized applications' development, automation, and operation. It is one of the leading crypto cybersecurity technology and services providers and is trusted by the most popular DeFi and NFT projects. OpenZeppelin, founded in 2015 to protect the open economy, protects tens of billions of dollars in funds for leading crypto organizations such as Coinbase, Ethereum Foundation, Compound, Aave, the graph, and many others.


    Conclusion


    The ever-growing number of Web3, smart contracts, and DeFi projects controlling huge funds has made security measures essential. As practical and dependable as these smart contracts are, they can have serious security flaws if not thoroughly examined, audited, and monitored. Similarly, many Web3 API queries are currently not cryptographically signed, exposing them to attacks. Web3 firewalls and smart contract security services mitigate these flaws by filtering malicious traffic, auditing smart contracts, and alerts and warnings.



    Author:M. Olatunji, Gate.io Researcher
    Disclaimer:
    * This article represents only the views of the observers and does not constitute any investment suggestions.
    *Gate.io reserves all rights to this article. Reposting of the article will be permitted provided Gate.io is referenced. In all other cases, legal action will be taken due to copyright infringement.


    解锁盲盒最高获$6666奖励
    立即注册
    即刻领取20点卡
    新人专享,仅需2步马上获得点卡

    🔑 注册账户

    👨‍💼 24小时内进行身份认证

    🎁 获得点卡奖励

    马上领取
    语言及地区
    汇率

    选择语言及地区

    前往土耳其站点?
    土耳其站已上线
    可点击前往TR分站,或是继续留在国际站