Exclusive | Fairyproof Tech's detailed description of risks

This article was originally created by "Fairyproof Tech", authorized by "Jinjin Finance" for exclusive publication, please reprint it from a famous source.

In an audit report, if users want to learn more about the problems and risks in the audited contract, the most important thing to read is the detailed description of these risks. In Fairyproof Tech's audit report, this part is Chapter 11 "Problem Details".

In this chapter, we will list all risk issues that appear in each contract file according to the name of the contract file. For each risk problem, we will give the title-zce of the problem, the risk level of the problem, the source of the problem, a detailed description of the problem, Fairyproof Tech’s modification suggestions for solving the problem, and the feedback from the project party. the

The title-zce of the question is our straightforward and brief summary of a question.

Exclusive | Jinse Finance’s mining revenue data broadcast on February 20: According to Jinse Finance’s report, according to Inbit data, based on the BTC reference price of 67,500 yuan and the electricity price of 0.38 yuan/kWh, the current market price and return rate of mainstream BTC mining machines are currently on sale. This cycle is: Innosilicon T3+-57T (new stock 9,700 yuan, 309 days payback), Avalon 1066-50T (new spot 6,300 yuan, 239 days payback), Whatsminer M20S-68T (new spot 12,600 yuan, 275 days to pay back), Ant S17Pro-56T (new spot 12,500 yuan, 339 days to pay back). [2020/2/20]

After the title, we state whether the question is a fatal risk, a high risk, a moderate risk, or a low risk.

Next, we will point out which line of a certain contract file this problem appears in. If some problem exists in the contract file generally and widely, we will clearly mark the keyword of the problem, without specifying the line where the problem is located, so that users can use keywords to search-zce for all places where this problem exists in the file .

Exclusive | An Xinxin, CEO of Golden Finance: The core indicator of a bull market is whether most people in this industry are making money: At today’s halving market sharing meeting hosted by Kushen and exclusively live broadcast by Golden Finance, CEO of Golden Finance, Golden Academy Founder An Xinxin answered the question "Is it a bull market now? Bitcoin will be halved in a few months, what will happen next?" The rise and fall of bitcoin prices and the rise and fall of mainstream currencies are not the only indicators of a bull market. The core indicator is whether most people in this industry are making money. For example, the trading volume on the exchange increases, and the exchange is making money. When the exchange makes money, it will flow the money to more service providers, and the service providers will start to make money, with more funds to operate and activate the market, and then the market will have a lot of feedback, and users will also have More entry funds participate in this market. Judging from these aspects, the embryonic form is already in place. In the entire industry, this cycle is very common. Every wave of bull market and bear market will leave a lot of excellent companies, brands and people. But it will also wash out a lot of unstable or poorly done brands and teams. Even under the current epidemic situation, we can feel that many new projects and new teams have begun to plan and participate in this industry in the past two weeks. Sufficient funds and teams have been reserved to start joining this market, and the user side has also experienced very large growth. [2020/2/14]

After listing the source of the problem, we will describe the problem in detail, including what causes the problem, what risks it will bring, and what consequences will be caused if these hidden risks are not resolved.

Exclusive | Master sharing: Mr. AKG Cangzi, a man with a profit of over 100 million on Bitmex, has suggestions on Bitcoin investment: 1. The original force driven by each market round is different from expectations, the fundamentals of support are different, and the degree of coupling between the pattern of moves and the evolution of trends Determined the follow-up market. On the surface, the output results are long and short, but when you disassemble it to see what is behind it, there is a world of difference. Whether it is solid or not, time and net worth will give you the answer.

2. Don't talk about other things, the rise is the only demand for bitcoins for all retail players who are kept in the dark. What blinds them is not the complexity of the facts, but the dream of getting rich that only exists in plausible fantasies, and if they are afraid to dig deep with their own hands, they will no longer exist.

3. No one can always predict the market. What needs to be done is to build your own decision tree, get rid of illusions, always make trades under self-discipline, and retain the precious courage to place bets. [2019/8/8]

Our detailed description of the problem is to let the project party understand the seriousness of the problem, attract the attention of the project party, and promote the project party to improve; What risks or even losses will be encountered. This is the same as the purpose of financial institutions showing us risk warnings before we make a final decision when we usually invest.

Zheng Hu, CEO of Golden Exclusive Floating Point Capital: The opportunity of the secondary market is greater than that of the primary market: Golden Finance Exclusive Interview, this time Golden Finance interviewed Zheng Hu, CEO of Floating Point Capital. Regarding blockchain industry projects, Zheng Hu pointed out: "Actually, the price of some good projects in the secondary market is not high. Many good targets have appeared in the secondary market, and it is very likely that a dark horse in the public chain field will be born. On the other hand, in the primary market, in fact There are still many pitfalls. Before many projects enter the secondary market, some relatively poor projects have been washed out after a long period of scrolling and attention during the process of landing on the exchange. From this perspective, the secondary market Opportunities are far greater than the primary market. In addition, no matter which market you choose to invest in, you must eventually choose projects with specific value directions, such as identity authentication, data storage and other specific levels.” [2018/6/13]

We give the details of the problem to point out the problem, but more importantly, it is to solve the problem, so next we will give Fairyproof Tech's suggestions for modification of this problem. Our modification suggestions will be specific to how to modify the code, which line to modify and other details. We hope that with such details, the project party can quickly and accurately locate and solve problems in the first place.

As we said before, we hope that through a detailed description of the problem, we can clarify the cause and effect, and attract the project party's attention. The ultimate goal is to hope that the project party can solve these problems as much as possible. So we set aside a special column at the end of each problem description, called "Project Party Feedback". This column is to record the attitude and actions of the project party on this issue. We will record in this column whether the project party has paid attention to the problems we found, whether they have modified them immediately, or whether they have plans to modify them even if they cannot be modified temporarily.

So far, our detailed description of a problem is over.

Among these details, we will highlight three details in bold, they are: the title-zce of the issue, the risk level of the issue, and the feedback from the project party. In more colloquial terms: what is the problem? Is the problem serious? Has the problem been solved?

We believe that these three points are the most important points that readers need to pay attention to when reading the description of a certain risk hidden danger.

Readers should note that in Fairyproof Tech's report, in addition to Chapter 11 "Problem Details", there is also Chapter 12 "Enhancement Suggestions".

The suggestions given in Chapter 12 are our comprehensive suggestions after examining code maintainability, readability, risk resistance and many other aspects. If the project party adopts these suggestions, it will improve the quality of the code as a whole, but if it cannot be adopted temporarily due to conditional restrictions, it will not expose the project to immediate possible risks.

It should be pointed out that Fairyproof Tech's classification and description of risk levels are based on our previous experience. Each audit firm will have its own standards and definitions, which are likely to be different. But we believe that the most important thing is whether the identified problems cause risks, whether the risks are serious, and whether the risks are finally handled properly. This is the core and foundation of problem solving.

Author:

Tan Yuefei, CEO of Fairyproof Tech

Master of Industrial Engineering from Virginia Tech, Blacksburg, VA, USA. He used to be a software engineer of AIBT Inc (San Jose, CA, USA), a Silicon Valley semiconductor company in the United States, responsible for the development of the underlying control system, the program implementation of the equipment manufacturing process, and the design of the algorithm, and was responsible for the overall technical docking and communication with TSMC. Since 2011, he has been engaged in the research of embedded, Internet and blockchain technology. He is a teacher of the "Introduction to Blockchain" course at the Entrepreneurship College of Shenzhen University, a visiting researcher at the Blockchain and Intelligence Center of Sun Yat-sen University, and an executive director of the Guangdong Financial Innovation Research Association. Personally owns 4 blockchain-related patents and 3 published works.

About Fairyproof Tech:

Fairyproof Tech Technology Co., Ltd. is a company focusing on blockchain ecological security. Fairyproof Tech has served many emerging and well-known projects mainly through the integrated comprehensive solution of "code risk detection + logic risk detection". The company was established in January 2021, and the team was created by a team with rich experience in smart contract programming and network security.

Team members participated in initiating and submitting a number of standard drafts in the Ethereum field, including ERC-1646, ERC-2569, and ERC-2794, among which ERC-2569 was officially accepted by the Ethereum team.

The team participated in the initiation and construction of a number of Ethereum projects, including blockchain platforms, DAO organizations, on-chain data storage, decentralized exchanges, and other projects, and participated in the security audits of multiple projects. On this basis Based on the rich experience of the team, a complete vulnerability tracking and security prevention system has been built.

Tags：

Binance Exchange App