Ethereum Stack Exchange
Ethereum Stack Exchange

Questions tagged [security]

Questions relating to application security, safety, trust, and attacks against the Ethereum software stack and blockchain system.

Questions relating to application security, safety, trust, and attacks against the Ethereum software stack and blockchain system.

853 questions
15
votes
1 answer

What are the risks associated with using Ethereum?

Knowing the risks associated with a system, their probability and their severity is the first step towards good risk management. There is little details and analysis that has been published about the risks associated with Ethereum so far. From the…
Rémy Roy
  • 703
  • 4
  • 9
10
votes
1 answer

What about illegal smart contracts?

Trying to get a friend excited about smart contracts I referred him to an ethereum pyramid scheme as an easy to understand example but he only pointed out that all pyramid schemes are illegal. How should one counter that concern? If this is the…
hcvst
  • 2,018
  • 2
  • 21
  • 24
8
votes
2 answers

Could Malware Be Stored in the Blockchain

So if my computer downloads and maybe reads the whole block chain can there be viruses etc. stored within the blockchain/dapps?
Andi Giga
  • 439
  • 4
  • 15
5
votes
2 answers

How do generalized sandwich attackers defend against Salmonella and Listeria?

Recently a trader extracted significant profits from sandwich attackers with a contract called Salmonella. The contract modifies the standard transfer function to send only a fraction of the requested amount to non-owners of the contract. I assume…
Thomas Johnson
  • 181
  • 4
5
votes
2 answers

Does ethereum clients return false data if someone manipulate local blockchain data?

If someone manipulates the local blockchain data, does ethereum clients like geth return false data? For example, after cracker manipulates local blockchain files or leveldb, does geth return manipulated data?
Satoshi Nakanishi
  • 5,749
  • 7
  • 38
  • 57
3
votes
1 answer

Using Hardware Security Modules to generate and store private keys on private ethereum / quorum

For a private ethereum networks, has anyone used Hardware Security Modules (HSM) to generate and store Ethereum private keys? I am keen to know how public/private keys are managed without a PKI (Public Key Infrastructure)
Nathan Aw
  • 1,954
  • 12
  • 27
3
votes
1 answer

What attacks have been performed against the Ethereum network and contracts?

Every time I fire up a new Ethereum node, I run into that very slow patch of syncing from 2016Q3 due to a DoS attack on the network. What other attacks have been performed against the Ethereum network and, since I'm already asking, contracts? When…
lungj
  • 6,680
  • 2
  • 17
  • 45
2
votes
4 answers

How secure is the seed phrase (12 words, 24 words)

The total number seed phrases are 1,329,227,995,784,920,000,000,000,000,000,000,000 - if I right counted - 12 words. Yes is very much, as seems. But let's regard - there is a thief and he wants to steal money from anybody. I focus accent on the…
Mr. JE
  • 209
  • 3
  • 10
2
votes
0 answers

Protocol for Response to Ethereum Account Hack

Last week a single Ethereum account in my wallet was hacked. When I send ETH to it, within 2 blocks the hacker-bot uses my private key and sends 0.0009 ETH to another account and then maxes out the gas price to send out the rest. See…
Eric Falkenstein
  • 701
  • 1
  • 5
  • 18
2
votes
1 answer

Is signatures from web3.eth/personal.sign deterministic and a safe to be used as seeds for private keys?

The first part of the question: if I give the same inputs (content and signing address) to the web3.eth/personal.sign, am I correct to expect the signature generated to be the same no matter how many times I call it? The second part of the question…
Miao ZhiCheng
  • 232
  • 1
  • 13
2
votes
1 answer

Solidity Security

I'm new in security of ICO and smart contracts. Trying to find bugs in verified contracts. I believe I found some problems in 0x42dB5Bfe8828f12F164586AF8A992B3a7B038164 but I dont know how to withdrawal. Do I need to create a transaction by myself?
Mike N.
  • 23
  • 4
2
votes
2 answers

Feasibility of blacklisting addresses

Probably a very naive question, but when attacks occur such as the etherdelta one yesterday, what's stopping having a system in place to basically freeze assets in a certain address before the attacker moves funds? I.e. Each node submits a vote to…
Strife
  • 23
  • 3
1
vote
1 answer

How to make this eth honeypot?

I am sure everyone must have seen this honeypot 0xb7605ddc0327406a7ac225b9de87865e22ac5927 Where the eth is automatically send to another parent address.. How can i make the same thing? For educational purposes obviously.
3rdVoid Men
  • 11
  • 2
1
vote
1 answer

Is it okay to store your private key on Ubuntu server in .env?

Lets say you have to sign transactions / messages real-time. It seems I must store the private key in the server. What if the address stores millions of dollars of value? Is simple LEMP server enough with storing private key in .env file?
good_evening
  • 157
  • 1
  • 10
1
vote
1 answer

If you're a node, why would you accept other node's solution instead of copying and broadcasting that solution?

Let's say someone broadcasted a solution to the recent block. Why, as a node, would I accept it? I can just copy and broadcast it myself instead. Yes, most of the times the first node would win, but in rare occasions I would get ahead of that node…
good_evening
  • 157
  • 1
  • 10
1
2 3