Skip to content

6-attacks.md

Latest commit

 

History

History
31 lines (19 loc) · 2.35 KB

6-attacks.md

File metadata and controls

31 lines (19 loc) · 2.35 KB
title Top kinds of Attacks in Web3 Today

Follow along with this video:

As I've mentioned a few times, we need to have this attackers and defenders mindset. We need to always be expanding our knowledge, we need to always be leveling up.

As we progress I'll be giving you a tonne of tools to learn and grow your skill set. In addition to this, there will be exercises throughout for you to continue to seek that knowledge and really commit it.

Unraveling the Top Attack Vectors

Lets consider the weakest parts of Web3 and remind everyone with the “Top Attack Vectors.”

  1. Private Keys - Stolen Private Keys are responsible for the largest loss of funds so far in 2023 at $243,000,000
  2. Reward Manipulation – This vector involves the manipulation of decentralized incentive systems that could disrupt the balance and fairness within a network. $200,000,000 has been rugged so far this year.
  3. Price Oracle Manipulation – This threat arises when a price oracle in centralized, or if a single oracle is relied upon, particularly with respect to price data. These vulnerabilities are responsible for ~$146,000,000 in losses in 2023.
  4. Insufficient Access Controls – onlyOwner modifiers, multi-sig wallets - just a couple things that could have preventing $17,000,000 in stolen funds this year.
  5. Re-entrancy(and Read-Only Re-entrancy) - by not adhering to proper Checks, Effects, Interactions patterns - protocols are still being rekt to the tune of $20,500,000 combined in 2023.

Millions more have been lost across various, well-documented, and preventable attack vectors. The situation clearly illustrates how education is half the battle.

Collectively, we will tackle these bugbears and issues in our forthcoming security reviews.

Always remember, my friends - Cybersecurity isn't about the systems or the codes; it's about maintaining a mindset. A mindset akin to an endless game of chess, predicting the opponent’s moves and always staying a step ahead.

Engaging in Persistent Learning and Improvement

In the forthcoming series of security audits, you'll get hands-on practice with data analysis, encryption methods, tackling suspicious scripts, and combating various cybersecurity threats. The exercises will stimulate your intellectual growth and help ingrain essential concepts into your tech-strategist mind.