-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 121f4d5
Showing
55 changed files
with
1,955 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,130 @@ | ||
| #### 项目介绍 | ||
|
|
||
| 本项目主要用于整理归纳区块链安全相关的资料以及技术文档信息,主要包含以下几个方面: | ||
|
|
||
| - 基础知识 | ||
| - 协议分析 | ||
| - 合约审计 | ||
| - 公链基础 | ||
| - 公链安全 | ||
| - 安全事件 | ||
| - 跨链技术 | ||
| - 知识扩展 | ||
| - 思维导图 | ||
|
|
||
| #### 基本操作 | ||
|
|
||
| [波场合约部署测试](https://blog.csdn.net/Fly_hps/article/details/118711841) | ||
|
|
||
| [Remix+MetaMask实现以太坊合约的部署](https://blog.csdn.net/Fly_hps/article/details/90453071) | ||
|
|
||
| #### 实战操作 | ||
|
|
||
| [Ethernaut闯关录(上)](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247484269&idx=1&sn=0f690196813825bed79aa339cc8be903&chksm=cf62f865f8157173c625bad0a8b18634fd373e7e6e91cb4748bb3ea7dfd37114f9de995496b5&token=1097057746&lang=zh_CN#rd) | ||
|
|
||
| [Ethernaut闯关录(中)](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247484396&idx=1&sn=ccd0a73032e6971984756ef2f966b0b6&chksm=cf62f8e4f81571f25fdeaf14ea72c8a02523c9ba744a4d8954460f152b2079dcce5c8ef7f950&token=1097057746&lang=zh_CN#rd) | ||
|
|
||
| [Ethernaut闯关录(下)](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247484521&idx=1&sn=c820cce1ce05f1736db23f1474e7ee77&chksm=cf62ff61f8157677f017b805d18d17e674fbc5ac1051026dbf29ebd4d8cc56df1a1a2c5e7e9c&token=1097057746&lang=zh_CN#rd) | ||
|
|
||
| [强网杯区块链题目--Babybank深入分析](https://www.jianshu.com/p/5f14009f3afa) | ||
|
|
||
| [强网杯区块链题目--Babybet深入分析](https://www.jianshu.com/p/a1c8bc4c402a) | ||
|
|
||
| #### 阅读拓展 | ||
|
|
||
| [比特币学习笔记](https://blog.csdn.net/fly_hps/category_7728347.html) | ||
|
|
||
| [区块链2.0实战学习笔记](https://blog.csdn.net/fly_hps/category_8620385.html) | ||
|
|
||
| [浅谈区块链及其安全](https://xz.aliyun.com/t/4135) | ||
|
|
||
| [浅析区块链共识机制](https://xz.aliyun.com/t/4144) | ||
|
|
||
| [区块链安全—详谈合约攻击(一)](https://blog.csdn.net/Fly_hps/article/details/84296643) | ||
|
|
||
| [区块链安全—详谈合约攻击(二)](https://blog.csdn.net/Fly_hps/article/details/84297718) | ||
|
|
||
| [区块链安全—详谈合约攻击(三)](https://www.jianshu.com/p/7485c3270c07) | ||
|
|
||
| [区块链安全—详谈合约攻击(四)](https://www.jianshu.com/p/e8925fdf25fd) | ||
|
|
||
| [区块链安全—详谈合约攻击(五)](https://www.jianshu.com/p/b4df539e4fa0) | ||
|
|
||
| [以太坊随机数安全全面分析(一)](https://xz.aliyun.com/t/5608) | ||
|
|
||
| [以太坊随机数安全全面分析(二)](https://xz.aliyun.com/t/5614) | ||
|
|
||
| [区块链安全—合约存储机制安全分析](https://blog.csdn.net/Fly_hps/article/details/86014319) | ||
|
|
||
| [区块链安全—简单函数的危险漏洞分析(一)](https://blog.csdn.net/Fly_hps/article/details/86061511) | ||
|
|
||
| [区块链安全—简单函数的危险漏洞分析(二)](https://blog.csdn.net/Fly_hps/article/details/86062461) | ||
|
|
||
| [区块链安全—区块链技术安全讨论](https://blog.csdn.net/Fly_hps/article/details/80720164) | ||
|
|
||
| [Edgeware 锁仓合约的拒绝服务漏洞](https://blog.csdn.net/Fly_hps/article/details/94596377) | ||
|
|
||
| [eosio.token.hpp解析](https://blog.csdn.net/Fly_hps/article/details/86510064) | ||
|
|
||
| [eosio.token.cpp之创建资产](https://blog.csdn.net/Fly_hps/article/details/86511021) | ||
|
|
||
| [eosio.token.cpp之发行资产](https://blog.csdn.net/Fly_hps/article/details/86511638) | ||
|
|
||
| [eosio.token.cpp之增加资产](https://blog.csdn.net/Fly_hps/article/details/86511949) | ||
|
|
||
| [eosio.token.cpp之减少资产](https://blog.csdn.net/Fly_hps/article/details/86517783) | ||
|
|
||
| [EOS之发币eosio.token智能合约解析](https://blog.csdn.net/Fly_hps/article/details/83746040) | ||
|
|
||
| [EOS智能合约案例解析(上)](https://blog.csdn.net/Fly_hps/article/details/86526306) | ||
|
|
||
| [EOS智能合约案例解析(中)](https://blog.csdn.net/Fly_hps/article/details/86526555) | ||
|
|
||
| [EOS智能合约案例解析(下)](https://blog.csdn.net/Fly_hps/article/details/86527134) | ||
|
|
||
| [EOS 回滚攻击手法分析之黑名单篇](https://blog.csdn.net/Fly_hps/article/details/86063876) | ||
|
|
||
| [EOS回滚攻击手法分析之重放篇](https://blog.csdn.net/Fly_hps/article/details/86064810) | ||
|
|
||
| [EOS 智能合约最佳安全开发指南](https://blog.csdn.net/Fly_hps/article/details/83715340) | ||
|
|
||
| [Fomo3D随机数生成机制攻击](https://blog.csdn.net/Fly_hps/article/details/84189523) | ||
|
|
||
| [剪贴板幽灵:币圈的神偷圣手](https://blog.csdn.net/Fly_hps/article/details/83054573) | ||
|
|
||
| #### 前沿资讯 | ||
|
|
||
| https://ethfans.org/ | ||
|
|
||
| https://www.8btc.com/ | ||
|
|
||
| https://www.jinse.com/ | ||
|
|
||
| https://www.chainnews.com/ | ||
|
|
||
| https://www.huoxing24.com/ | ||
|
|
||
| #### 辅助工具 | ||
|
|
||
| - 波场IDE:http://www.tronide.io/ | ||
|
|
||
| - EOS-IDE:https://lianantech.com/EOS-IDE/#/ | ||
|
|
||
| - 以太坊IDE:https://remix.ethereum.org/ | ||
|
|
||
| - 以太坊反编译:https://ethervm.io/decompile | ||
|
|
||
| #### 参考链接 | ||
|
|
||
| https://certik.io/blog | ||
|
|
||
| https://github.com/slowmist/ | ||
|
|
||
| https://github.com/peckshield | ||
|
|
||
| https://github.com/Lianantech | ||
|
|
||
| https://paper.seebug.org/category/blockchain/ | ||
|
|
||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| #### 公链基础 | ||
|
|
||
| [公链启动过程](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247485162&idx=3&sn=01af7184543c6633eee05fabb4499c76&chksm=cf62fde2f81574f4d433cb639d4a6197f034eeaaf6fb35705dcc0d3e13da0fbc525ea8022e6c&scene=178&cur_album_id=1841133730610888705#rd) | ||
|
|
||
| [公链设计架构](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247485162&idx=2&sn=5b877e4241fea0e17480bc87e3bd5e15&chksm=cf62fde2f81574f499263be07ff2027f95e604c1fe7dec3f0813e0a107be9f27498f22fef9cc&scene=178&cur_album_id=1841133730610888705#rd) | ||
|
|
||
| [以太坊交互工具](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247485274&idx=2&sn=ce57ada60ad54a426bbb037f63b7f7dd&chksm=cf62fc52f8157544b1d195c4649a587d9f62e1ffbbd88adcdb1eb3c69fbe1199ffd76d5e29bf&scene=178&cur_album_id=1841133730610888705#rd) | ||
|
|
||
| [以太坊RPC机制](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247485447&idx=3&sn=85668626a8ccaa4a291fff8fd374f4ed&chksm=cf62f30ff8157a19969b624562393007981c6417bf7d77664434acb44158ebab4f8e46c0d165&scene=178&cur_album_id=1841133730610888705#rd) | ||
|
|
||
| [以太坊智能合约](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247485703&idx=1&sn=f3d9b838bcd1bcc2113290c504e9167b&chksm=cf62f20ff8157b192fd5247f8cbe25749e9425499d360cf9ac3c033a8532fab7f193534c4b0e&scene=178&cur_album_id=1841133730610888705#rd) | ||
|
|
||
| [以太坊区块同步](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247485742&idx=1&sn=2292e97813f444e8ecd1a3bf752de87a&chksm=cf62f226f8157b30ecf45d8822a6ebf6c0e20233dc2385779dcbf2394410e53ae12e20a617ad&scene=178&cur_album_id=1841133730610888705#rd) | ||
|
|
||
| [以太坊交易处理][https://mp.weixin.qq.com/s/A5HMfOMxJ91d7SeX6fmEiQ] | ||
|
|
||
| [以太坊虚拟机] | ||
|
|
||
| [以太坊P2P网络] | ||
|
|
||
| [以太坊共识算法] | ||
|
|
||
| [以太坊挖矿流程] | ||
|
|
||
| [以太坊MPT构建] | ||
|
|
||
| [以太坊数据存储] | ||
|
|
||
| [以太坊区块同步] | ||
|
|
||
| [以太坊叔块概述] | ||
|
|
||
| #### 公链体系 | ||
|
|
||
| ##### 波场 | ||
|
|
||
| [波场](https://cn.developers.tron.network/docs) | ||
|
|
||
| [波场编译器](http://www.tronide.io/) | ||
|
|
||
| ##### EOS | ||
|
|
||
| [EOS开发指南](https://developers.eos.io/welcome/latest/getting-started-guide/index) | ||
|
|
||
| ##### FileCoin | ||
|
|
||
| [FileCoin技术文档](https://spec.filecoin.io/#section-systems.filecoin_vm.interpreter) | ||
|
|
||
| ##### Cosmos Hub | ||
|
|
||
| [Cosmos Hub](https://hub.cosmos.network/main/hub-overview/overview.html) | ||
|
|
||
| ##### Tendermint | ||
|
|
||
| [Tendermint中文文档](https://learnblockchain.cn/docs/tendermint/) | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,116 @@ | ||
| ### 共识攻击 | ||
|
|
||
| [详谈共识攻击(一)](https://bcsec.org/index/detail/tag/2/id/342) | ||
|
|
||
| [详谈共识攻击(二)](https://bcsec.org/index/detail/tag/2/id/350) | ||
|
|
||
| [详谈共识攻击(三)](https://bcsec.org/index/detail/tag/2/id/376) | ||
|
|
||
| [详谈共识攻击(四)](https://bcsec.org/index/detail/tag/2/id/381) | ||
|
|
||
| ### 漏洞示例 | ||
|
|
||
| [Unitus公链拒绝服务和双花漏洞](https://blog.csdn.net/Fly_hps/article/details/86066683) | ||
|
|
||
| [比特币首个远程DoS漏洞详解](https://blog.csdn.net/Fly_hps/article/details/86013638) | ||
|
|
||
| [亦来云多个远程DoS漏洞详解](https://blog.csdn.net/Fly_hps/article/details/86012011) | ||
|
|
||
| [IOST公链P2P远程拒绝服务漏洞](https://bcsec.org/index/detail/tag/2/id/545) | ||
|
|
||
| [来自P2P协议的异形攻击漏洞](https://bcsec.org/index/detail/tag/2/id/547) | ||
|
|
||
| [区块链底层系统漏洞类型之-双生树漏洞](https://mp.weixin.qq.com/s/A_o3As2W3NJJ3LKug4WeCg) | ||
|
|
||
| [以太坊DNS重绑攻击](https://github.com/ethereum/go-ethereum/pull/15962) | ||
|
|
||
| [DPOS漏洞浅析] | ||
|
|
||
| [某公链UI鉴权逻辑缺陷] | ||
|
|
||
| [Filecoin双花攻击](https://mp.weixin.qq.com/s/iZ90ZsyaYOcpEFixzMMJYg) | ||
|
|
||
| ...... | ||
|
|
||
| **PS:由于部分信息过于敏感,而且目前有部分公链未修复相关类型漏洞,遂决定暂不公开相关漏洞详情,具体详情将在2022年7月份左右全面公开** | ||
|
|
||
| ### 漏洞仓库 | ||
|
|
||
| [CVE-list](https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures) | ||
|
|
||
|  | ||
|
|
||
| [talosintelligence](https://talosintelligence.com/vulnerability_reports#disclosed) | ||
|
|
||
|  | ||
|
|
||
| **Al1ex's CNVD list** | ||
|
|
||
| - CNVD-2020-30134 BlockChain Underlying network | ||
| - CNVD-2020-55003 Sinoc | ||
| - CNVD-2020-55001 Sinoc | ||
| - CNVD-2020-64701 Iotus | ||
| - CNVD-2020-64702 filecoin | ||
| - CNVD-2021-02089 filecoin | ||
| - CNVD-2021-02089 filecoin | ||
| - CNVD-2021-16002 KadiCoin | ||
| - CNVD-2021-16845 oilbtc | ||
| - CNVD-2021-16844 achievecoin | ||
| - CNVD-2021-18261 QbaoChain | ||
| - CNVD-2021-17272 ravecoin | ||
|
|
||
| **Al1ex's CVE List** | ||
|
|
||
| - CVE-2020-20546 Elastos ELA | ||
| - CVE-2020-20558 Elastos ELA | ||
| - CVE-2020-20559 Bytom vapor | ||
| - CVE-2020-20560 Bytom bytom | ||
|
|
||
| ### 安全思考 | ||
|
|
||
| ##### 数据层 | ||
|
|
||
| - 区块时间戳 | ||
|
|
||
| - MerkleTree构建 | ||
|
|
||
| ##### 网络层 | ||
|
|
||
| - P2P网络 | ||
|
|
||
| - 区块传播机制 | ||
|
|
||
| - 区块验证机制 | ||
|
|
||
| ##### 共识层 | ||
|
|
||
| - 共识算法设计 | ||
| - ....... | ||
|
|
||
| ##### 激励层 | ||
|
|
||
| - 激励机制设计 | ||
| - ....... | ||
|
|
||
| ##### 合约层 | ||
|
|
||
| - 合约部署 | ||
| - 合约调用 | ||
| - 合约运行 | ||
| - ...... | ||
|
|
||
| ##### 应用层 | ||
|
|
||
| - 钱包UI | ||
| - RPC接口鉴权 | ||
| - RPC数据处理 | ||
| - 密码安全策略 | ||
|
|
||
| ##### 其他类 | ||
|
|
||
| - 中间件安全 | ||
| - 节点运行环境 | ||
| - 节点安全配置 | ||
| - 开发语言特性 | ||
| - ....... | ||
|
|
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| ### 合约协议 | ||
|
|
||
| [ERC-20标准规范](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247484072&idx=1&sn=f7bce2078846b4c76bb53525e236bd1e&chksm=cf62f9a0f81570b6cfe84fbf0c9582a84cbe176c95a5654aac5ec94cddcc80997730a3a46438&scene=178&cur_album_id=1777414787442753546#rd) | ||
|
|
||
| [ERC-721标准规范](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247484088&idx=1&sn=23343ad7723185fce870f49cd06df45c&chksm=cf62f9b0f81570a630dc3d0e97d3c4ec154f37e40f4855b0de8fe02f0c0ba6970c67e21b0ff7&scene=178&cur_album_id=1777414787442753546#rd) | ||
|
|
||
| [ERC-777标准规范](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247484089&idx=1&sn=96fa6e63909e4cf89e74727be01f1dc8&chksm=cf62f9b1f81570a777d679a3bf1c589c9eb84d46a897a45e3eb9419f1f71c18d56d446391cc9&scene=178&cur_album_id=1777414787442753546#rd) | ||
|
|
||
| [ERC-1155标准规范](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247484090&idx=1&sn=af8acd640bbe0d642112bd24165a720c&chksm=cf62f9b2f81570a4be4d7f9b09b64b72637965c0d89b0be22a857ce2f86eeef2101edc44a30e&scene=178&cur_album_id=1777414787442753546#rd) | ||
|
|
||
| [UniswapV2协议解析](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247484108&idx=1&sn=53df1a5dcca89287c5e382b581b41c7a&chksm=cf62f9c4f81570d2c7f403c1bcb7d5eac9becd1277343dc970a9063d928aa24ae7ca1b4bcec3&scene=178&cur_album_id=1777414787442753546#rd) | ||
|
|
||
| [SushiSwap协议分析](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247484154&idx=1&sn=b69417a8e982b4a571c00a0545ffe7dc&chksm=cf62f9f2f81570e48ca35fbc8610c6bfbb5a335a0aa2a456a9499a383eeb7ba7e0789fdce0d5&scene=178&cur_album_id=1777414787442753546#rd) | ||
|
|
||
| [UniSwap V3协议浅析(上)](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247485880&idx=1&sn=9b3bcf765f7f965fe6980a3d0c5ec271&chksm=cf62f2b0f8157ba6f3360aea5ad43b863a53c76787aea0cf4178daab38f20e997e333b212524&scene=178&cur_album_id=1777414787442753546#rd) | ||
|
|
||
| [UniSwap V3协议浅析(下)](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247485880&idx=2&sn=613b00f1dc6e408feb088a3401a7d015&chksm=cf62f2b0f8157ba6c27bc81d3bce8fcce70e22b317681968a781c7a3a3349d02b090b4caef5d&scene=178&cur_album_id=1777414787442753546#rd) | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| #### 合约审计 | ||
|
|
||
| [重入攻击概述](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247483920&idx=1&sn=c8b104ea2cea4dfb9ea23a62226d156e&chksm=cf62f918f815700e0dfeee9fb10029513e3a80f7ce9db4b62abc05121b61cf44a3183b01cee1&scene=178&cur_album_id=1771414760509489160#rd) | ||
|
|
||
| [整形溢出概述](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247483967&idx=1&sn=2aa331b09afbfcd5d9dcd1a4435db940&chksm=cf62f937f8157021b14abbe2d334c5e6fbfb43fc73a1dcae6171a7b3132476a56f1c16b055a4&scene=178&cur_album_id=1771414760509489160#rd) | ||
|
|
||
| [访问控制概述](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247484190&idx=1&sn=a302ebdb902685064c92814adfacbfbb&chksm=cf62f816f8157100e5e18a11f99a1679aa9e9531d4cf8c6c4b5667cd97b7f77d86bb6ada752e&scene=178&cur_album_id=1771414760509489160#rd) | ||
|
|
||
| [条件竞争概述](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247484278&idx=1&sn=2252c4a09af09912ed62cc4a6c799b0a&chksm=cf62f87ef8157168e43cfec34c5b97c425d2741f7f52bc4771083e00081f5089709be459fdd7&scene=178&cur_album_id=1771414760509489160#rd) | ||
|
|
||
| [DDOS攻击概述](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247484327&idx=1&sn=5872e1ec83b95cf840ebe9525862140c&chksm=cf62f8aff81571b97f5257f816b5c8fbd6ab5179ce52b30877ad0e091f8ff6c5d41aafbc280c&scene=178&cur_album_id=1771414760509489160#rd) | ||
|
|
||
| [权限校验错误](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247484662&idx=1&sn=28ded40f83b484f00f75c408641b48e2&chksm=cf62fffef81576e8164afd67cc21fb2712706a7a17652a80b281b0ed6c2bccc9241604e31dec&scene=178&cur_album_id=1771414760509489160#rd) | ||
|
|
||
| [不一致性检测] | ||
|
|
||
| [算术精度问题] | ||
|
|
||
| [签名非唯一性] | ||
|
|
||
| [笔误安全问题] | ||
|
|
||
| [授权额度阻塞] | ||
|
|
||
| [变量覆盖概述](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247484739&idx=1&sn=9226f0387bf3d19746038834e9ae4be4&chksm=cf62fe4bf815775d78a4a367cf5e82ad9921a012faa015b96cd484e92c9467b0338e6d4c0319&scene=178&cur_album_id=1771414760509489160#rd) | ||
|
|
||
| [变量歧义命名](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247485126&idx=1&sn=3999d3e88030a006227289bb4e3ae1aa&chksm=cf62fdcef81574d830710f0f2482e6766d45d61b3be255c443c0da22b134cd213de0b355446d&scene=178&cur_album_id=1771414760509489160#rd) | ||
|
|
||
| [冻结账户绕过](./冻结账户绕过.md) | ||
|
|
||
| [权限校验错误](./权限校验错误.md) | ||
|
|
||
| [返回值未检测](./返回值未检测.md) | ||
|
|
||
| [后门漏洞概述](https://paper.seebug.org/1300/) | ||
|
|
||
| [假充值漏洞概述](./假充值漏洞概述.md) | ||
|
|
||
| [错误使用随机数](./错误使用随机数.md) | ||
|
|
||
| [委托人增删设计错误](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247485201&idx=2&sn=394a7245d9828621d306337d6ee81444&chksm=cf62fc19f815750f0acaf1121c06b63d1855d8b347bc2764a3bb628e73c0f524244d61f46900&scene=178&cur_album_id=1771414760509489160#rd) | ||
|
|
||
| [EvilReflex恶意攻击](https://mp.weixin.qq.com/s?__biz=Mzg4MTU4NTc2Nw==&mid=2247485305&idx=3&sn=034043d821bcd4eed18be46b69951ea6&chksm=cf62fc71f8157567605fa3daca7c01278f20d5a338ea4f4354d09f45ea6c27e0554aa250c66a&scene=178&cur_album_id=1771414760509489160#rd) | ||
|
|
||
| [burnFrom设计缺陷] | ||
|
|
||
| [transferFrom任意转账] | ||
|
|
||
| #### 公开报告 | ||
|
|
||
| [Slowmist](https://github.com/slowmist/Knowledge-Base#%E5%BC%80%E6%94%BE%E6%8A%A5%E5%91%8A) | ||
|
|
||
| [Peckshield](https://github.com/peckshield/publications/tree/master/audit_reports) | ||
|
|
||
| #### 参考链接 | ||
|
|
||
| https://www.dasp.co/ |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Oops, something went wrong.