Ether
除了 TheDAO——還有哪些乙太幣被黑客入侵、被盜或失去的例子?
除了 TheDAO——還有哪些乙太幣被黑客入侵、被盜或失去的例子?
在 DAO 被黑之後,一些人在 Reddit 上一起創建了一個列表。您還可以查看Vitalik 的部落格文章:
The DAO (obviously) The “payout index without the underscore” ponzi (“FirePonzi”) The casino with a public RNG seed Governmental (1100 ETH stuck because payout exceeds gas limit) 5800 ETH swiped (by whitehats) from an ETH-backed ERC20 token The King of the Ether game Rubixi : Fees stolen because the constructor function had an incorrect name, allowing anyone to become the owner Rock paper scissors trivially cheatable because the first to move shows their hand Various instances of funds lost because a recipient contained a fallback function that consumed more than 2300 gas, causing sends to them to fail. Various instances of call stack limit exceptions.我們可以按錯誤類別對列表進行分類:
Variable/function naming mixups: FirePonzi, Rubixi Public data that should not have been public: the public RNG seed casino, cheatable RPS Re-entrancy (A calling B calling A): the DAO, Maker’s ETH-backed token Sends failing due to 2300 gas limit: King of the Ether Arrays/loops and gas limits: Governmental Much more subtle game-theoretic weaknesses where at the limit people even debate whether or not they’re bugs: the DAO
存在導致至少 7000 ETH 被盜的 geth 安全風險。
EthereumJS 有一個錯誤,偶爾會導致它從給定的私鑰派生出錯誤的地址。它會以 1/128 的機率發生。這可能導致大量 ETH 失去。
交易所 GateCoin 被黑,導致 185,000 ETH 被盜。