What security issues should encryption users be concerned about?

"Security" should be the biggest topic in the industry for at least the next 10 years, because it currently has contradictions on both ends of decentralization and centralization. Taking advantage of the topic of exchange security issues in the past two days, let’s dive in from the following angles:

1. Asset autonomy

2. Smart contract security

3. Anti-censorship

4. Wallet

1/4 Asset autonomy

Decentralization is much higher than centralization in terms of asset autonomy, which means that users have complete control Own assets, this was the mainstream narrative during the DeFi Summer period, and it was also the starting point for the massive currency withdrawal movement that year.

However, as smart contracts are attacked and authorizations are stolen more and more, the higher the autonomy of assets, it does not completely equate to stronger security, because many ordinary users do not have the corresponding identification. The ability to take risks, or to safely manage assets on the chain, requires very high learning time and experience, which leads to an increasingly higher threshold for autonomous asset management.

Therefore, newcomers who enter the market later will still give priority to entrusting assets to exchanges or institutions. The original intention is to leave professional matters to professionals. Of course, you will also lose the autonomy of your assets from now on. , in exchange for custody services provided by centralized institutions.

As the industry has developed to this day, exchanges and the chain basically carry different user groups, and both have corresponding risks, but the risks are presented in different ways. The chain has very strong autonomy in independently managing assets. Right, you can own 100% of your assets, but you need to have sufficient experience and risk management capabilities. Delegating management to an exchange is simple enough, but may face centralization risks. There is no perfect solution, it is important to know and understand where the risks exist and always stay in awe.

2/4 Smart Contract Security

"Risks always occur in the unknown"

In addition to asset management, from the perspective of DeFi projects, non-upgradeable, decentralized intelligence Contracts are considered to be decentralized and cannot be tampered with, but does this mean absolute security? In fact, it is not necessarily the case. Since the code risks of smart contracts cannot be completely predicted and simulated, if a critical smart contract has a fatal vulnerability and the centralization If there is no way to intervene, then it is truly impossible to save the gods. Many cases also occurred in the early days of DeFi.

So how will the security of smart contracts develop in the future? According to the original intention of decentralization, simple smart contracts will be the first to be "solidified" after being tested by time and the market, that is, completely decentralized. And cannot be tampered with, and then the complexity gradually escalates. In this process, some complex projects will inevitably need to set up emergency buttons at key links to prevent reduction and recovery of losses in major incidents (of course, various permissions are usually used to restrict control in this process. , to prevent the risks caused by over-centralization).

Therefore, the security of smart contracts is very certain and must undergo time precipitation and testing. All current FUDs on DeFi security are actually the future of the FUD industry, and the security faced by smart contracts. The problem is that all on-chain projects in the future, whether GameFi or SocialFi, will have to go through it. It’s just that DeFi has to go through the front first. Only when enough foundations are solidified in the front can the road ahead be better.

3/4 Resistance to censorship

Resistance to censorship is an aspect that many people tend to overlook, because most of them think that they are just speculating in currencies and doing simple transactions are far away from being censorship-resistant. In fact, when As long as you experience it once, you will completely realize the importance of anti-censorship, because it is the most direct way for you to feel that without decentralization, in fact, your money cannot be 100% said to be your money. Here However, if we expand further, people who have a basic understanding will realize that it is not an exaggeration to say that resistance to censorship is the most important aspect of the decentralized vision.

At this point, it is complementary to asset autonomy, and decentralized management is indeed better than centralized management.

4/4 Wallet

To save assets on the chain, we often come into contact with cold wallets, hot wallets, and hardware wallets.

Cold wallet: A simple understanding is that the private key does not touch the Internet during the entire process of creation and management. This kind of cold wallet can be made by yourself. For example, you can use an old iPhone to make a cold wallet, which can be found online. Lots of tutorials and information. This method is currently very safe from the perspective of personal management. The only thing you need to pay attention to is not to lose the piece of paper recording the mnemonic phrase.

Hardware wallet: First of all, it is not the same as a cold wallet. Hardware wallets involve a lot of hardware technology. Generally speaking, the generation of private keys does not touch the Internet. However, the controversy is that the manufacturers that provide the hardware are also centralized institutions, which may There is a theoretical risk of centralization. On the other hand, hardware wallets usually have an extra step of verification before you perform a transaction, which is equivalent to protection measures such as U-shield/password security card.

Hot wallet: Hot wallet is the wallet we use most every day. It is more portable and flexible in use. Frequent on-chain interactions will increase the authorization and signature of the wallet, especially if some upgradeable contracts are authorized. There may not be any problems at the moment, but the upgraded contract may bring new risks, laying the groundwork for the future.

The use of wallets is usually configured according to personal circumstances. The security of wallets is actually the security of private keys and permissions.

The above is the detailed content of What security issues should encryption users be concerned about?. For more information, please follow other related articles on the PHP Chinese website!