| Nota di contenuto |
Intro -- Foreword 1 -- Foreword 2 -- Foreword 3 -- Foreword 4 -- Preface -- Short Recommendations -- Recommendations 1 -- Recommendations 2 -- Recommendations 3 -- Recommendations 4 -- Recommendations 5 -- Recommendations 6 -- Recommendations 7 -- Recommendation 8 -- Acknowledgment -- Contents -- About the Editors and Contributors -- About the Editors -- About the Contributors -- Part I: Foundational Components of Web3 Security -- Chapter 1: The C.I.A Properties of Web3 System -- 1.1 The Confidentiality Property of Blockchain -- 1.1.1 Cryptographic Primitives in Blockchain -- 1.1.1.1 What Are the ECDSA (GeeksforGeeks, 2022) and Schnorr Signature Algorithm (Boneh, 2020) -- 1.1.1.2 What Is a Hash Algorithm and What Is SHA256 (Mycryptopedia, 2022), How SHA256 Is Used in Bitcoin -- 1.1.1.3 What Is Base58 (BitcoinWiki, 2022) and How It Is Used in Bitcoin? -- 1.1.1.4 How Bitcoin Address Is Generated -- 1.1.2 Bitcoin's Lack of Confidential Property -- 1.1.3 Privacy-Preserving Computation for Web3 -- 1.2 The Integrity Property of Blockchain -- 1.2.1 The Integrity of the Base Layer of Blockchain -- 1.2.2 The Integrity of Layer2 Blockchain -- 1.2.2.1 Bitcoin Layer 2 Lightning Network Attack -- 1.2.2.2 Attacks on Ethereum Layer 2 Rollups -- 1.2.2.3 Attacks on Layer 2 Bridges -- 1.2.2.4 Wormhole Attack -- 1.2.3 Integrity of Smart Contract -- 1.3 The Availability Property of Blockchain -- 1.3.1 Availability via Data Replication -- 1.3.2 Availability via Scalability -- 1.3.2.1 Sidechain VS Layer-2 -- Sidechain -- Layer-2 -- 1.3.2.2 Data Availability and Layer 2 Solutions -- 1.3.2.3 Bitcoin Lightning Network for Better Availability -- References -- Chapter 2: Chain Security: Nodes, Algorithm, and Network -- 2.1 What Is Consensus Node? -- 2.2 Consensus Node Configuration Security -- 2.2.1 Bitcoin Node Security Configuration Recommendations.
2.2.2 Ethereum POS Validator Node Security Recommendations -- 2.2.3 Attacks on Consensus Node -- 2.3 Node Centralization and Security Concerns -- 2.4 Bitcoin Security After Mining Rewards Depletion -- 2.5 Attacks on Consensus Algorithm and Countermeasures -- 2.5.1 Attacks on Proof-of-Work (PoW) and Countermeasures -- 2.5.2 Attacks on Proof-of-Stake (PoS) and Countermeasures -- 2.5.3 Attacks on Delegated Proof-of-Stake (DPoS) and Countermeasures -- 2.5.4 Attacks on Proof of Activity (PoA) and Countermeasures -- 2.5.5 Attacks on Proof of Elapsed Time (PoET) and Countermeasures -- 2.5.6 Attacks on Byzantine Fault Tolerance (BFT) and Countermeasures -- 2.6 Attacks on Blockchain Network Layer and Countermeasures -- 2.6.1 Time Jacking Attack and Countermeasures -- 2.6.2 Tampering with Message Body and Countermeasures -- 2.6.3 MEV Attack and Countermeasures -- 2.6.4 Routing Attacks and Countermeasures -- 2.6.5 Fake Bootstrapping Attack and Countermeasures -- 2.6.6 Eclipse Network Attack and Countermeasures -- 2.6.7 Attack on Libp2p and Countermeasures -- References -- Chapter 3: Wallet Security -- 3.1 Introduction -- 3.1.1 Overview of Different Types of Blockchain Wallets -- 3.1.2 Explanation of the Different Kinds of Wallets -- 3.1.3 Comparison of Blockchain Wallets to Traditional Banking and Financial Systems -- 3.1.4 Difference between Custodial and Non-custodial Wallets -- 3.2 How Blockchain Wallets Work -- 3.2.1 Technical Explanation of How Blockchain Wallet Works -- 3.2.2 Overview of the Use of Public and Private Key -- 3.2.3 Overview of the Role of the Wallet in Public and Private Key -- 3.2.4 Smart Contract Wallets -- 3.2.5 Account Abstraction -- 3.2.6 Multisignature Wallets -- 3.2.7 Social Recovery -- 3.2.8 MPC Wallet -- 3.2.9 Most Common Attack Vectors -- 3.2.10 Wallet Security Features -- 3.3 Past Blockchain Wallet Hacks.
3.3.1 Overview of Past Relevant Wallet Hacks -- 3.3.1.1 "NFT God" Hacked, January 2023 -- 3.3.1.2 BitKeep, December 26 2022, 8M Lost -- 3.3.1.3 Deribit, November 2022, 28M Lost -- 3.3.1.4 Solana Wallet Hacks, August 2022, 5M Lost -- 3.3.1.5 Profanity Wallets Hack, 3.3M Lost -- 3.3.1.6 Binance Hot Wallet Hack, May 2019, 40M Lost -- 3.3.1.7 MetaMask iCloud Hack, July 2021 -- 3.3.1.8 Parity Multisig Hack, November 2017, 30M Lost -- 3.3.2 The Impact of Cyberattacks on Blockchain Wallets -- 3.4 The Importance of Auditing a Wallet -- 3.4.1 Explanation of the Importance of Auditing a Wallet -- 3.4.2 Overview of Different Types of Audit that Can Be Performed -- 3.4.3 Different Tools to Audit Wallets -- References -- Chapter 4: Smart Contract Security -- 4.1 Introduction -- 4.1.1 Definition of Smart Contracts in the Context of Web3 Applications -- 4.2 Smart Contract Security Checklist -- 4.2.1 Gas Optimization -- 4.2.2 Compiler Version -- 4.2.3 Access Control -- 4.2.4 Check Effect Interaction -- 4.2.5 SELFDESTRUCT Instruction -- 4.2.6 Denial of Service -- 4.2.7 Deprecated Functions -- 4.2.8 Race Conditions -- 4.2.9 Signature Unique ID -- 4.2.10 Weak Source of Randomness -- 4.2.11 Assets Integrity and User Balance Manipulation -- 4.2.12 Secure Oracle Usage -- 4.2.13 Flash Loans -- 4.2.14 Style Guide and Readability -- 4.2.15 Requirements Compliance -- 4.2.16 Importance of Following the Checklist to Ensure Smart Contract Security -- 4.3 Top Security Vulnerabilities in Smart Contracts -- 4.3.1 Flash Loans -- 4.3.2 Front Running -- 4.3.3 DoS -- 4.3.4 Invalid Calculations -- 4.3.5 Token Supply Manipulation -- 4.3.6 Deprecated Functions -- 4.3.7 Reentrancy Attack -- 4.3.8 Access Control Violation -- 4.3.9 Replay Attacks -- 4.3.10 Weak Source of Randomness -- 4.3.11 Incorrect Oracle Usage -- 4.4 Importance of Smart Contract Audits in Web3 Applications.
4.5 Final Thoughts -- References -- Chapter 5: Token Economics Model Creation and Security -- 5.1 Tokens vs Economy -- 5.2 Economy Design of Tokens Is Not New -- 5.3 Why Is this Important -- 5.3.1 Risks -- 5.4 What Is Token Economics -- 5.5 Web3 Security and Token Economics -- 5.5.1 Ponzinomics -- 5.6 How Web3 Compares with Existing Economic Structures? -- 5.7 What Does Token Economics Entail -- 5.7.1 Economics Design Framework -- 5.7.2 Value Creation -- 5.7.3 Value Creation Cycle -- 5.8 Token Economics Stress Test vs Economics Risk Monitoring -- 5.9 Cyber Security Risks Come In -- 5.10 Summary and Ongoing Work on Tokenomics -- References -- Chapter 6: Economic Exploits and Risk Mitigation Strategies -- 6.1 Case Study 1: Economic Exploit Through Financial Engineering -- 6.1.1 Case Study -- 6.1.2 The Exploit -- 6.1.3 Solution: Risk Adjustment -- 6.2 Case Study 2: Incentive Mechanism Design Risk -- 6.2.1 Case Study -- 6.2.2 The Exploit -- 6.2.3 Solution: Economy Parameter Adjustment -- 6.3 Case Study 3: Bancor's Insurance Mechanism and Celsius' Exploitation -- 6.3.1 Case Study -- 6.3.2 The Exploit -- 6.3.3 Solution: Bancor's Response to the Exploit -- 6.4 Opportunities and Threats with AI -- 6.4.1 Opportunities -- 6.4.2 Threats -- 6.5 10 Economic Risk Metrics Considerations -- 6.6 Why Should We Care -- References -- Part II: Security Concerns for Enterprise Web3 Application Development -- Chapter 7: DevSecOps for Web3 -- 7.1 What Is DevSecOps? -- 7.2 How to Integrate DevSecOps into Web3 -- 7.2.1 DevSecOps during Requirement and Design Phase -- 7.2.1.1 Web3 Product Description and Requirement Document -- 7.2.1.2 Web3 Architecture Document -- Authentication -- Authorization -- Auditing, Logging, Monitoring, and Alerting -- Web3 API Security -- 7.2.1.3 Security Requirement Gathering -- 7.2.1.4 Technical Threat Modeling.
7.2.1.5 Data or Capital Flow Diagram -- 7.2.1.6 Token Economic Model -- 7.2.1.7 Financial Security Model -- 7.2.2 Implementation Phase -- 7.2.2.1 CI/CD Pipeline Security Tools Integration -- 7.2.2.2 IDE Tool Extension -- 7.2.2.3 Security Code Review -- 7.2.3 Testing and External Validation Phase (Testnet Phase) -- 7.2.3.1 Formal Verification -- 7.2.3.2 Third-Party Security Auditing (Not Just Solidity Code, Must Include all Code) -- 7.2.4 Bug Bounty -- 7.2.5 Production (Mainnet) Phase -- 7.2.5.1 Continuous Bug Bounty -- 7.2.5.2 Monitoring/Alerting -- 7.3 Sample Security Tools for Web3 DevSecOps -- 7.3.1 Sample Security Tools Used in during the Requirement and Design Phase -- 7.3.2 Sample Security Tools Used in Implementation and Testing Phase -- 7.3.3 Sample Security Tools Used during Mainnet or Production Phase -- References -- Chapter 8: Web3 Security Analytics -- 8.1 Introduction -- 8.1.1 What Is on-Chain Analytics -- 8.1.2 Preventive Vs Reactive Web3 on-Chain Analytics and Monitoring -- 8.1.2.1 Preventive on-Chain Analysis -- 8.1.2.2 Reactive on-Chain Analysis -- 8.2 Preventive on-Chain Analysis -- 8.2.1 Past and Present of Preventive on-Chain Analysis -- 8.2.1.1 The Past and Present of Preventive on-Chain Analysis: Evolution and Challenges -- 8.2.1.2 The Past: The Evolution of Web2 Monitoring -- 8.2.1.3 The Present: An Overview of Web3 Monitoring -- 8.2.1.4 The Present: Protecting End Users in Web3 -- 8.2.1.5 Challenges in Web3 on-Chain Monitoring -- 8.2.2 Technology Stack Used for Preventive on-Chain Analysis -- 8.2.3 Future of Preventive on-Chain Analysis -- 8.3 Reactive on-Chain Analysis -- 8.3.1 The Problem that Reactive on-Chain Analysis Solves -- 8.3.1.1 Incident Response and Forensic Analysis -- 8.3.1.2 Post-Mortem Analysis and Lessons Learned -- 8.3.1.3 Enhancing Preventive Measures and Proactive Security.
8.3.1.4 Regulatory Compliance and Legal Support.
|
Info
Chad [[electronic resource] ] : communications / / World Trade Press
