Ethereum is an open-source, public, blockchain-based distributed computing platform featuring smart contract (scripting) functionality. It provides a decentralized Turing-complete virtual machine, the Ethereum Virtual Machine (EVM), which can execute scripts using an international network of public nodes. Ethereum also provides a cryptocurrency token called “ether”, which can be transferred between participants and is used to compensate participant nodes for computations performed. It is a part of the vision of a fully decentralized web.
First of all, it is a non sense to call Ethereum the Bitcoin rival. If both are crypto currencies built on blockchains, Ether will be used more as a mean of exchange as it is at the heart of the smart contract system. Bitcoin can thus be viewed more as a store of value.
Bitcoin is a digital currency which was originally created as an alternative monetary system. On the other hand, Ethereum is created as a blockchain 2.0 platform that can be used to create and execute smart contract applications over blockchain. Bitcoin platform’s crypto token is called bitcoin (which can get confusing) and Ether is the crypto token used on Ethereum platform. Ethereum is essentially Bitcoin with a Turing-complete scripting language. A Turing complete code means that given enough computing power and enough time. Ethereum has its own Turing complete internal code, when Bitcoin has not this form of flexibility.
Smart contracts are applications with a state stored in the blockchain. They can facilitate, verify, or enforce the negotiation or performance of a contract. Ethereum contracts can be implemented in various Turing complete scripting languages. The Ethereum system has been described by the New York Times as “a single shared computer that is run by the network of users and on which resources are parceled out and paid for by Ether.”
Both Swarm and Whisper are complementary technologies contributing to the vision of Ethereum as a “world computer”. When imagining Ethereum as a metaphor for a shared computer, it should be noted that computation alone is not enough. For a computer to be fully useful, it also needs storage to “remember” things and bandwidth to “communicate” them. This could be summarised as such:
Contracts: decentralized logic
Swarm: decentralized storage
Whisper: decentralized messaging
Cause of security vulnerabilities, the possibility of being exploited, the degree of harm and the difficulty to solve.
1. Input Validation and Representation
Input validation and representation problems are usually caused by special characters, encodings, and numerical representations. Such problems occur as a result of input trust. These problems include: buffer overflow, cross-site scripting, SQL injection, command injection and so on.
2. API Abuse
The API is a convention between the caller and the callee, and most API abuses are caused by the caller not understanding the purpose of the convention. Security problems can also arise when the API is not used properly.
3. Security Features
This category contains vulnerabilities in authentication, access control, confidentiality, password usage, and privilege management.
4. Memory Management
Memory management is a common type of vulnerability associated with memory operations, including memory leaks, post-release use, double-release and so on. This type of vulnerability usually leads to system performance degradation, program crashes and a common type of flaws in C / C + + language.
5. Time and State
Distributed computing is time and state dependent. The interaction between threads and processes and the order in which tasks are executed are often determined by shared state, such as semaphores, variables, file systems and so on. The vulnerabilities associated with distributed computing include race conditions, blocking misuse and so on.
6. Error and Exception Handling Errors
This type of vulnerability is related to error and exception handling, and the most common type of vulnerability is that there is no proper processing mechanism (or errors are not processed), resulting in unexpected termination of program. Another vulnerability is that the error generated provides potential attacker with too much information.
7. Code Quality
Poor code quality can lead to unpredictable behavior. For the attacker, the poor code enables them to threaten the system in unexpected ways. Common types of vulnerabilities include dead code, null pointer dereferences and resource leak.
8. Encapsulation and hidden defects
Reasonable encapsulation means that the distinction between verified and unverified data, distinction between data of different users, or distinguish data that is visible or invisible to users. Common vulnerabilities include hidden fields, information leakage, cross-site request forgery and so on.
9. Flaws in Code Runtime Environment
These types of vulnerability is external to the source code, such as runtime configuration issues, sensitive information management issues and so on, which are critical to the product security.
The first eight types of vulnerabilities are related to security flaws in the source code. They can be the target of malicious attacks. Once exploited, they can cause serious consequences such as information leak, authorization lift and command execution. The last type of vulnerability describes security concerns that are external to the actual code. They are likely to cause abnormal operation of the software, data loss and other serious problems.
Part of the Industry 4.0 the software developing tools are advancing in online, containerization, collaboration environments and providing for the Cloud.
OpenShift.io, combined with OpenShift Online, provides an integrated approach to DevOps, including all the tools a team needs to analyze, plan, create and deploy services. Optimized for creating cloud-native, container-based applications. OpenShift.io also has new features that provide a one-click Linux container environment for developers and a machine learning system that helps developers make better decisions. OpenShift.io is Open Source. It incorporates many projects including fabric8, Eclipse Che, OpenJDK, Performance Code Pilot, WildFly Swarm, Eclipse Vert.x, Spring Boot and OpenShift.
Remix is an IDE for the smart contract programming language Solidity and has an integrated debugger and testing environment. An up to date online version is accessible at remix.ethereum.org