This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
PhoneBoy
Admin
Admin
‎2023-09-06 11:30 AM

Securing the Blockchain TechTalk September 2023: Video, Slides, and Q&A

Slides (attached) and Q&A are available below the video.

(view in My Videos)

 

I created my own Smart Contracts in a course at MIT. My question is that it’s a lot of code - how do you scan that for threats ?

You have static analysis tools like Slither, you can run it over the code and find basic bad practice you need to fix. You can also send it to blockchain@chekcpoint.com and we will scan it for you.

Explain why Blockchain needs tokens to operate?

Tokens are standard in the blockchain for value, this way every app can transfer and use this value the same way across all the applications

How are transactions and blocks encrypted in the Bitcoin implementation?

Transactions and blocks in the Bitcoin implementation are not encrypted. Instead, they rely on cryptographic techniques like digital signatures and hashing for security and validation. Transactions are signed with private keys and verified with public keys, while blocks are linked together using cryptographic hashes to form the blockchain. This ensures the integrity and authenticity of transactions and blocks without encryption.

How do verifiers check if a block is valid?

They way the verifiers check the block is valid, each time a transaction is made, it's broadcast to the entire network, and the miners adds those transactions to a block, the block is added to the nodes that will compare it's data to other nodes, and make sure they have the same data, if one of the nodes seems to have different data, it will run over it's data with the lasted data.

How can we use Consensus mechanisms to protect block chain?

Consensus mechanisms are used to protect blockchain by ensuring that all participants in the network agree on the validity of transactions and the order in which they are added to the blockchain. This prevents malicious actors from manipulating the blockchain. Common consensus mechanisms include Proof of Work (PoW) and Proof of Stake (PoS), which rely on complex mathematical calculations or staking of cryptocurrency to validate transactions and create new blocks. By requiring participants to invest resources or assets, these mechanisms make it economically costly for attackers to compromise the blockchain's integrity.
How can we get advantages from immutability of block chain? If you need a transparent & trustless system that can’t be manipulated then this is a great solution.

If I use the Bitcoin mechanism in the existing Bitcoin algorithm, but for smart contract purposes, is it reasonable to think that my security level is equivalent to the protection mechanism of the Bitcoin Blockchain network?

The blockchain layer will give you the security of the network, that means that no one can change the code you uploaded or the balance that you have, but if the code you uploaded has bugs or your private key is stolen than you are not secured.

How can we secure the defi wallet from executing exploited smart contracts?

A couple solutions:

  • Wallets can use an API with a security vendor to protect you from signing a malicious contract (the big wallets are using some solutions like this)
  • You can use a web extension that prevents you from signing (several of those today)

Why are you explaining only Etherium, which has several known issues?

Etherium has dapps and is one of the most used blockchains. It doesn't mean that there aren't more blockchains that have their own issues. 

Does this support Crypto mining as well if any bitcoin vendor needed this feature?

  • Proof of Stake (PoS) Variants: Various PoS-based consensus mechanisms were being developed to address scalability and environmental concerns. Examples include Delegated Proof of Stake (DPoS) and Byzantine Fault Tolerance (BFT)-based PoS.
  • Proof of Authority (PoA): PoA is a consensus mechanism where network validators are known and have a reputation to uphold. This can be suitable for private or consortium blockchains.
  • Proof of Space-Time (PoST): PoST is a consensus mechanism that utilizes storage space and time as a resource for mining. It was being explored as an eco-friendly alternative to PoW.
  • Directed Acyclic Graphs (DAGs): Some projects, like IOTA and Nano, use DAG structures instead of traditional blockchain structures, allowing for scalability and low fees.
  • Hybrid Consensus: Some blockchains were experimenting with hybrid consensus mechanisms that combine multiple methods (e.g., PoW and PoS) to leverage their respective strengths.
  • Sharding: Sharding is a technique that involves splitting the blockchain into smaller parts (shards) to improve scalability. It was being explored by various blockchain platforms.
  • Post-Quantum Cryptography: With the emergence of quantum computing threats, post-quantum cryptography methods were being researched to secure blockchain networks against quantum attacks.

Is there a way to scan or do vulnerability management in regards to NFT Airdrops?

A Mobile Threat Prevention solution such as Harmony Mobile should be helpful here.

How does peer discovery work in a peer to peer network?

The developers create a node that connect to bootnode that provide relevant peers to the node when it’s going up and try to sync.

Where did the attacker find the wallet secret KEY/Passphrase or password of the user?

Client side vulnerability that allows the attacker to have access to the user data.

How can attacker get access to the user money?

The attacker has a 2 basic vectors:

  • Stealing the user’s private key
  • Use an on-chain vulnerabillity to get the money through a transaction

I think it is too easy the way that you explain the NFT hacking process?

You can try and read our full research.

How do you scan your code using block chain and hackers trying to log into my device. How do I retrieve them?

All the smart contract code is on the blockchain, which anyone can access, see it and check your code for vulnerabilities, then use the testnet to simulate an attack on your contract, once it worked, they will do it on the mainnet, i.e. the real chain.

Blockchain network protection depends on the amount of Nodes in the network? Does it matter if I have 10 nodes or 1000 in my network?

Yes, the more nodes you have, makes your network more secure and hard to manipulate.

What is a ScriptPubkey?

A ScriptPubKey is a script in a Bitcoin transaction that defines the conditions for spending the bitcoins, typically in the form of a recipient's address and associated rules.

 

Lastly, Congratulations to our Raffle Winners:

  • Nick DelRe
  • David King
  • Jason Dewitt

The community will contact you with your prizes! 

 

Preview file
997 KB
Preview file
4361 KB
1 Reply
the_rock
Legend
Legend
‎2023-09-06 11:50 AM

awesome presentation!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events