how to hack
play

How to Hack Blockchain Systems Parinya Ekparinya Vincent Gramoli - PowerPoint PPT Presentation

Aug 16, 2022 •213 likes •630 views

How to Hack Blockchain Systems Parinya Ekparinya Vincent Gramoli Guillaume Jourjon The University of Sydney Page 1 Blockchain Block #41 Block #42 Block #43 Block #44 Proof: Proof: Proof: Proof: 0xd00d1e 0xc0ffee 0xf00baa

  1. How to Hack Blockchain Systems Parinya Ekparinya Vincent Gramoli Guillaume Jourjon The University of Sydney Page 1

  2. Blockchain Block #41 Block #42 Block #43 Block #44 Proof: Proof: Proof: Proof: 0xd00d1e… 0xc0ffee… 0xf00baa… 0xfabfab… Parent Proof: Parent Proof: Parent Proof: Parent Proof: 0xf00baa… 0xd00d1e… 0xc0ffee… 0xf00baa… TX: Alice -> Bob TX: Mallory -> Bob TX: Ted -> Alice TX: Mallory -> Alice The University of Sydney Page 2

  3. Blockchain Block #41 Block #42 Block #43 Block #44 Proof: Proof: Proof: Proof: 0xd00d1e… 0xc0ffee… 0xf00baa… 0xfabfab… Parent Proof: Parent Proof: Parent Proof: Parent Proof: 0xf00baa… 0xd00d1e… 0xc0ffee… 0xf00baa… TX: Alice -> Bob TX: Mallory -> Bob TX: Ted -> Alice TX: Mallory -> Alice The University of Sydney Page 3

  4. The University of Sydney Page 4

  5. The University of Sydney Page 5

  6. $ 10 The University of Sydney Page 6

  7. $ 10 The University of Sydney Page 7

  8. $ 10 $ 10 The University of Sydney Page 8

  9. $ 10 $ 10 The University of Sydney Page 9

  10. $ 10 $ 10 The University of Sydney Page 10

  11. $ 10 $ 10 The University of Sydney Page 11

  12. $ 10 $ 10 The University of Sydney Page 12

  13. What da h… $ 10 The University of Sydney Page 13

  14. The University of Sydney Page 14

  15. Q: is it possible to double spend on Ethereum with network attacks? The University of Sydney Page 15

  16. Approaches to study … – Goals: 1. How the blockchain system decide a block? 2. How the blockchain system resolve fork? The University of Sydney Page 16

  17. Approaches to study … – Goals: 1. How the blockchain system decide a block? 2. How the blockchain system resolve fork? – Reading the documentation – Scattered and un-organised information: website, wiki, github, issue tracker, yellow paper , etc. – Lack of necessary information – Intention ≠ Actual implementation – Reading the code !! – Running it for real because the devil is in the detail … The University of Sydney Page 17

  18. Decided Blocks and Committed Transactions in PoW/Ethereum – Given a blockchain with parameter k, a block at index i is decided when the chain depth reaches i+k – A transaction is committed if it belongs to a decided block i i+1 0 1 i+k-1 i+k Decided Undecided Transaction block block The University of Sydney Page 18 Ekparinya et al, "Impact of Man-in-the-middle Attacks on Ethereum"

  19. Expected Branch Selection in PoW/Ethereum: GHOST The University of Sydney Page 19

  20. Expected Branch Selection in PoW/Ethereum: GHOST The University of Sydney Page 20

  21. Actual Branch Selection in PoW/Ethereum: Highest total difficulty The University of Sydney Page 21

  22. Actual Branch Selection in PoW/Ethereum: Highest total difficulty The University of Sydney Page 22

  23. Example 1: Man-in-the-middle Attack against PoW The University of Sydney Page 23

  24. Example 1: Man-in-the-middle Attack against PoW The University of Sydney Page 24

  25. Example 1: Man-in-the-middle Attack against PoW The University of Sydney Page 25

  26. Example 1: Man-in-the-middle Attack against PoW The University of Sydney Page 26

  27. Example 1: Man-in-the-middle Attack against PoW The University of Sydney Page 27

  28. Decided Blocks and Committed Transactions in AuRa PoA/Ethereum – A decision requires strictly more than half, only one partition may decide blocks Can decide a block The University of Sydney Page 31

  29. Branch Selection in AuRa PoA/Ethereum : Longest branch The University of Sydney Page 32

  30. Branch Selection in AuRa PoA/Ethereum : Longest branch The University of Sydney Page 33

  31. Example 2: The Cloning Attack against PoA The University of Sydney Page 34

  32. Example 2: The Cloning Attack against PoA The University of Sydney Page 35

  33. Example 2: The Cloning Attack against PoA The University of Sydney Page 36

  34. Example 2: The Cloning Attack against PoA The University of Sydney Page 37

  35. Example 2: The Cloning Attack against PoA The University of Sydney Page 38

  36. The requirements for the experiments – Control over computing resources ➢ OpenStack Private Cloud – Network control and isolation ➢ Virtual switches, Virtual routers (Quagga) and VLAN – Highly automated ➢ OpenStack API and Ethereum API – Robust data collection ➢ Elasticsearch The University of Sydney Page 39

  37. Testbed Provisioning The University of Sydney Page 40

  38. Testbed Provisioning The University of Sydney Page 41

  39. Testbed Provisioning The University of Sydney Page 42

  40. Testbed Provisioning The University of Sydney Page 43

  41. Time for Discussions !! The University of Sydney Page 44

Recommend

SLIPPERY SLIDES HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads Hard-Boiled Egg Hack Goes

SLIPPERY SLIDES HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads Hard-Boiled Egg Hack Goes

SLIPPERY SLIDES HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads Hard-Boiled Egg Hack Goes Viral on Twitter By using our site, you acknowledge that you have read and understand our Cookie PolicyPrivacy Policyand our Terms of Service.

1.1k views • 3 slides
Hack The CPython Batuhan Taskaya @isidentical What is hacking? Why do we hack? Yes, we want

Hack The CPython Batuhan Taskaya @isidentical What is hacking? Why do we hack? Yes, we want

Hack The CPython Batuhan Taskaya @isidentical What is hacking? Why do we hack? Yes, we want FREEDOM! We want to use PEP313! Before we hack, Learn the internals Lexing - Tokenization - Read #define NEWLINE 4 #define INDENT

670 views • 36 slides
Geoffrey Vaughan Lets Hack NFC How does NFC work? How could we hack it? Where

Geoffrey Vaughan Lets Hack NFC How does NFC work? How could we hack it? Where

Geoffrey Vaughan Lets Hack NFC How does NFC work? How could we hack it? Where are the weaknesses? What are the security implications? Security Compass and NFC Currently we are devoting a lot of energy towards NFC

704 views • 35 slides
ART SLIDES: VAN GOGH EDITION HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free Buy 30 coins Nearly

ART SLIDES: VAN GOGH EDITION HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free Buy 30 coins Nearly

ART SLIDES: VAN GOGH EDITION HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free Buy 30 coins Nearly 1, Paintings and Drawings by Vincent van Gogh Digitized and Put Online | Hacker News For people who don't live close to huge cities with big

269 views • 3 slides
SSA Introduction Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2013 saarland

SSA Introduction Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2013 saarland

SSA Introduction Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2013 saarland university computer science 1 Another kind of CFGs p D ( ) x e x e D ( ) q Effects on edges. Nodes called Nodes are

310 views • 19 slides
FC2015 RSDYK Dyke quality assessment by remote sensing Robert Hack Robert Hack 14-Apr-09 1

FC2015 RSDYK Dyke quality assessment by remote sensing Robert Hack Robert Hack 14-Apr-09 1

FC2015 RSDYK Dyke quality assessment by remote sensing Robert Hack Robert Hack 14-Apr-09 1 FC2015-RSDYK - Hack Pilot project: RSDYK2008 Trial to establish whether remote sensing in combination with geological knowledge can be used for

826 views • 10 slides
Code Generation: Intro Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2017

Code Generation: Intro Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2017

Code Generation: Intro Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2017 Saarland University, Computer Science 1 Code Generation Consists (roughly) of three parts: 1. Instruction Selection Select processor instructions for

282 views • 9 slides
SLIPPERY SLIDES HACK and CHEATS.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads 7 Hacks To Make

SLIPPERY SLIDES HACK and CHEATS.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads 7 Hacks To Make

SLIPPERY SLIDES HACK and CHEATS.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads 7 Hacks To Make Your Boots Slip-Proof May 18, Attach your Water hose. Wet your slide, this just helps for the first few slides. Once the kids get going, their

308 views • 3 slides
Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 17. Dezember 2013 saarland

Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 17. Dezember 2013 saarland

Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 17. Dezember 2013 saarland university computer science 1 Value Numbering a := 2 a := 3 x := a + 1 x := a + 1 y := a + 1 Replace second computation of a + 1 with a copy from x 2

223 views • 20 slides
Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 5. Dezember 2017 Saarland

Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 5. Dezember 2017 Saarland

Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 5. Dezember 2017 Saarland University, Computer Science 1 Value Numbering a := 2 a := 3 x := a + 1 x := a + 1 y := a + 1 Replace second computation of a + 1 with a copy

394 views • 22 slides
The Premise: Hack in Paris, 2015 I may be right on some stuff. Probably wrong on other bits.

The Premise: Hack in Paris, 2015 I may be right on some stuff. Probably wrong on other bits.

The Premise: Hack in Paris, 2015 I may be right on some stuff. Probably wrong on other bits. Analogue is meant to help people think differently. This is the Hack in Paris 2015 version, and is subject to all sorts of changes as the

963 views • 80 slides
Sebastian Hack, Christian Hammer, Jan Reineke Saarland University Static Program Analysis

Sebastian Hack, Christian Hammer, Jan Reineke Saarland University Static Program Analysis

Sebastian Hack, Christian Hammer, Jan Reineke Saarland University Static Program Analysis Introduction Winter Semester 2014 Slides based on: H. Seidl, R. Wilhelm, S. Hack: Compiler Design, Volume 3, Analysis and Transformation, Springer

616 views • 27 slides
Report from DAQ Simulations Hack Days Georgia Karagiorgi & Michael Baird Nov. 9, 2016

Report from DAQ Simulations Hack Days Georgia Karagiorgi & Michael Baird Nov. 9, 2016

Report from DAQ Simulations Hack Days Georgia Karagiorgi & Michael Baird Nov. 9, 2016 Organized by the DUNE DAQ Simulations Task Force [https://cdcvs.fnal.gov/redmine/projects/dune/wiki/DAQ_Simulations] Hack Days indico page, with links to

520 views • 12 slides
New Ways Im Going to Hack Your Web App Rich Lundeen,

New Ways Im Going to Hack Your Web App Rich Lundeen,

New Ways Im Going to Hack Your Web App Rich Lundeen, Jesse Ou, Travis Rhodes MicrosoE Boss Engineering Security Team & Office 365 Pen Test

1.28k views • 103 slides
Hack the Derivative! Erik Taubeneck Software Engineer October 20th, 2015 American University

Hack the Derivative! Erik Taubeneck Software Engineer October 20th, 2015 American University

The Derivative Finite Difference Floating Point Arithmetic Complex Analysis Crash Course Hack the Derivative Hack the Derivative! Erik Taubeneck Software Engineer October 20th, 2015 American University Math/Stat Dept Colloquium The

1.39k views • 106 slides
Hack the Derivative! Erik Taubeneck GameChanger Media - Software Engineer and Data Maven Were

Hack the Derivative! Erik Taubeneck GameChanger Media - Software Engineer and Data Maven Were

Calculus Crash Course Finite Difference Floating Point Arithmetic Complex Analysis Crash Course Hack the Derivative Hack the Derivative! Erik Taubeneck GameChanger Media - Software Engineer and Data Maven Were hiring!

1.21k views • 89 slides
Quickstart: RouterOS jailbreaking and security research 19 & 20 JUNE Hack in Paris Author

Quickstart: RouterOS jailbreaking and security research 19 & 20 JUNE Hack in Paris Author

Quickstart: RouterOS jailbreaking and security research 19 & 20 JUNE Hack in Paris Author Lead researcher at Possible Security, Latvia Author of RouterOS jailbreaks CCC, Hack in the Box, Nullcon, BalCCon, CONFidence,

1.38k views • 64 slides
Lattices Slides follow Davey and Priestley: Introduction to Lattices and Order Sebastian Hack

Lattices Slides follow Davey and Priestley: Introduction to Lattices and Order Sebastian Hack

Lattices Slides follow Davey and Priestley: Introduction to Lattices and Order Sebastian Hack hack@cs.uni-saarland.de 12. Januar 2012 1 Partial Orders Let P be a set. A binary relation on P is a partial order iff it is: 1 reflexive: ( x

598 views • 16 slides
Lattices Slides follow Davey and Priestley: Introduction to Lattices and Order Sebastian Hack

Lattices Slides follow Davey and Priestley: Introduction to Lattices and Order Sebastian Hack

Lattices Slides follow Davey and Priestley: Introduction to Lattices and Order Sebastian Hack hack@cs.uni-saarland.de 28. Oktober 2014 1 Partial Orders Let P be a set. A binary relation on P is a partial order iff it is: 1 reflexive: (

1.29k views • 19 slides
Large-scale statistical computing Hack-a-thon 17-18th March Atlanta Agenda Introduction

Large-scale statistical computing Hack-a-thon 17-18th March Atlanta Agenda Introduction

Large-scale statistical computing Hack-a-thon 17-18th March Atlanta Agenda Introduction Hack-a-thon PatientLevelPrediction R-package Track 1: Unit testing and continuous integration Track 2: Code base improvements Track 3: Learning

440 views • 28 slides
Hack the SIEM and Win the War Many Thanks to the Following... All the people that taught me this

Hack the SIEM and Win the War Many Thanks to the Following... All the people that taught me this

Hack the SIEM and Win the War Many Thanks to the Following... All the people that taught me this stuff Who the hell is this guy? In The Beginning... And Now And The Hits Keep On Coming What is a SIEM? I dont know either but Ill sell

511 views • 29 slides
How To Buy And Hack an ATM Leigh-Anne Galloway & Timur Yunusov About us

How To Buy And Hack an ATM Leigh-Anne Galloway & Timur Yunusov About us

How To Buy And Hack an ATM Leigh-Anne Galloway & Timur Yunusov About us Appsec/websec/banksec/infosec Incident response (payment investigation) No experience with ATM acquisition L_AGalloway a66at THE BIRTH OF AN IDEA HISTORY OF

770 views • 57 slides
Social Networks and Security Checkpoint Sep 7, 2009 Joseph Bonneau, Computer Laboratory Hack

Social Networks and Security Checkpoint Sep 7, 2009 Joseph Bonneau, Computer Laboratory Hack

Social Networks and Security Checkpoint Sep 7, 2009 Joseph Bonneau, Computer Laboratory Hack #1: Photo URL Forging Photo Exploits: PHP parameter fiddling (Ng, 2008) Hack #1: Photo URL Forging Photo Exploits: Content Delivery Network URL

1.53k views • 123 slides
Hack Your Brain: Emotional Intelligence at Work and Beyond Tuesday, October 16 1-1:50 p.m. Dr.

Hack Your Brain: Emotional Intelligence at Work and Beyond Tuesday, October 16 1-1:50 p.m. Dr.

Hack Your Brain: Emotional Intelligence at Work and Beyond Tuesday, October 16 1-1:50 p.m. Dr. Lindsay Bira, LLC, Clinical Health Psychologist 73 rd Annual Texas Association Dr. Biras keynote presentation will help of County Auditors

924 views • 32 slides

More recommend