The Tezos blockchain project got off to a great start by raising $232 million in its initial coin offering, placing second among the 20 largest ICOs, receiving the largest amount of funding.
How did Tezos get the hype among the most popular blockchain networks such as Ethereum and Bitcoin? Let’s take a closer look at the distinguishing attributes.
While emerging blockchains of that era functioned on Proof of Work (PoW) consensus, Tezos blockchain is Proof of Stake (PoS) with self-correcting mechanisms and on-chain governance. ) based consensus.
As a result, Tezos has emerged as the perfect alternative for building green DeFi applications that require significantly less energy and lower costs. So how does the Tezos infrastructure match up with the flexibility to implement upgrades much easier?
This will help you learn about setting up an architecture that adds value to Tezos.
Tezos smart contracts
A smart contract is an executable contract programmed to handle the exchange of tokens between two parties without the need for either party to trust the other.
Tezos is uniquely written using the Michelson programming language. Additionally, Tezos employs formal verification to ensure code correctness, making it more secure and reliable.
Enumerate Tezos blockchain details
of Tezos Highlights It is listed here for a better understanding of its composition and uniqueness.
self-correction
Tezos, which verifies blocks that work with consensus algorithms, has built-in self-correcting mechanisms. Modifications to the protocol, such as switching to a different consensus, changing the reward system, adding transactions, etc., will be implemented based on the on-chain voting system.
Minor to major changes in the Tezos economic protocol are triggered by an on-chain voting procedure. This self-correcting protocol is advantageous in avoiding community divergence and fragmentation.
On-chain governance
Tezos contrasts with Bitcoin and Ethereum, which followed the informal governance system that led to the split of the blockchain (Bitcoin Cash and Ethereum Classic).
Tezos’ on-chain governance makes it easy for “bakers,” also known as miners, to propose and vote on protocol upgrades. Tezos’ on-chain approach is designed to automatically implement upgrades to the underlying protocol’s code without going through a central director.
Proof of Stake Consensus: PoS
Tezos PoS consensus is open to anyone. To become a Tezos baker who can validate blocks and build consensus, a baker must hold a minimum of her XTZ (native) tokens.
We also employ a method where users can delegate their XTZ tokens to bakers with large Tez bankrolls if they do not have enough spare time to bake. The reward earned by Baker is then redistributed to the delegators.
Abusing evidence found in Tezos smart contracts
One of the audit reports revealed an error in the message-passing architecture of Tezos smart contracts. Decipher it here.
Message passing architecture
External contracts that are supposed to be called during function execution are instead queued to the list of calls to be executed on the Tezos contract.
Orders in the Tezos contract are
- do a() # call next: [b, d]
- do b() # call next: [d, c]
- Do d() # next call: [c]
- Execute c() # call next: []
Here we can see that the code d() is executed before the code c().
This type of execution can lead to two types of vulnerabilities.
callback authorization bypass
Tezos’ architecture is built so that contracts don’t use callback functions to read the return values of external calls. However, since there are no restrictions here, using callbacks can lead to access control issues.
call injection
By inserting a call between the function and the generated external call, an attacker can compromise the contract.
When the function executes, the generated calls are queued in the list of calls to be executed. An attacker can gain an advantage by queuing his calls and executing code between the end of the executed function and the generated call.
Once the attacker’s call is executed, the contract balance or contract memory will be in an invalid state and the attacker will successfully perform call injection.
Notes on coding Tezos smart contracts with Michelson
The Michelson programming language is the go-to option for creating secure contracts that are resistant to data breaches and theft of funds. Programming languages are very powerful, but there is a list of mistakes that can appear in contracts.
Understand common mistakes and how to rule out errors.
Refund to contract list
This is a state in which collective funds are withdrawn at once. Occurs when a malicious user accepts any agreement that initiates such problems.
Problems that can arise from this error are the contract swallowing all the gas through a series of callbacks, the “FAIL” instruction being called to stop all computation, reentrancy errors, etc.
what is the solution?
Default accounts do not run code. So the above problem can be solved by creating a default account from the user’s key. You can also program users to withdraw funds individually.
Do not set pre-transfer state
Reentrancy is a common hurdle in blockchains. If a contract calls another external contract to make a transfer, any one can gain the upper hand in making further transfers if the state is not updated after each transfer.
This will result in multiple withdrawals of funds from the contract.
what is the solution?
Be careful when calling external contracts and make sure you cannot change their behavior. To prevent re-entry, flag storage to prevent users from re-entering without good reason.
Storage or transfer of personal data
Published data can be viewed explicitly. This means that your personal information will be visible to everyone when the transaction is broadcast. This gives malicious nodes in the system an opportunity to delay or modify and manipulate unsigned transactions.
what is the solution?
Sign transactions containing confidential information. Using a counter to force the transaction order can solve the problem.
Ensure professional protection for your project through Tezos smart contract audits
Built with a self-modifying structure, Tezos offers better scalability and reliability, but security is always an issue for blockchain-based applications. The smallest problems can cause the biggest loss of funds.
And there quill audit Take a step forward to protect your assets from the wrong hands.By thoroughly enforcing, we recognize and fix these issues, so we don’t give them the opportunity to abuse the contract Tezos smart contract audit.
Get a free consultation with one of our experts to learn more about our audit services.
248 view
0 Comments