QuillAudits Web3 Security Glossary
- Automated Market Maker(AMM)
AMM serve acts like a robot waiter serving the trade between users and liquidity pools funded by liquidity providers. AMM determines the asset’s price through an algorithmic formula and executes automated trading leveraging smart contracts.
- Arbitrage trading
- Decentralized arbitrage trading operates with liquidity pools wherein the ratio of the crypto assets in the pool is leveraged to make profits. For example, bulk purchases of DAI from DAI/BTC pool increase BTC coins, and hence its price lowers. Arbitrage traders then sell the DAI coins at a higher price to stabilize the price between BTC-DAI and earn profit out of it.
- Centralized Exchanges
Crypto exchange platforms are relied on for buying and selling cryptos. Centralized exchanges are privately-owned entities that facilitate crypto trading for users but have custody over their funds. Centralized exchanges make profits through the transaction fee the user pays for trading on the platform.
- Cross-chain bridge
- Cross-chain bridge protocol provides the infrastructure to move tokens from one blockchain to another. Cross-chain transfer of tokens is achieved by locking tokens on the source chain smart contract and minting the equivalent tokens on the destination blockchain and vice versa to unlock the tokens on the source chain.
The Million Dollars BSC Token Hub Bridge Hack Analysis
- Crypto mixer
A cryptocurrency mixer works to randomly shuffle the identities of the user performing the crypto transactions. By this, the origin and owner of the funds go untraceable making it look like anonymous transactions. Thereby it helps achieve privacy in a transparently functioning public blockchain.Related Articles:
A Guide to Crypto Mixers and Why they are Making Headlines
- DAO smart contracts
- DAO smart contracts are created to function autonomously and with full transparency in executing critical decisions on the protocol. It lays the foundational rules to oversee the participant votes, and protocol operations are executed robustly.
- Fractional reserve
Fractional reserve is a practice in the banking system where they profit by loaning the customer’s deposits while only holding a fraction of the deposit amount. In other words, exchanges stores only a certain percentage(a fraction) of the deposit, which is available for withdrawal by the customers.
- Frontrunning attacks
- Transactions are added to blocks in the blockchain after validators confirm. These transactions sit in the mempool for it to be validated. Malicious actors front-run a transaction by quoting a higher price than pending transactions to fasten the process of validating and getting hold of the profitable trades.
Gwei is also called a nanoether which implies one-billionth of one ETH. It is the smallest unit of Ether which is used for pricing the gas fees on the Ethereum network to perform transactions. Gas is utilized to allocate resources for the Ethereum network to self-execute the operations by smart contracts.
- Hash Rate
Hash rate is used by blockchain that operates on Proof-of-work(PoW). It is the measure of computational power which is determined by how many guesses the miner makes per second to solve the hash. On solving the hash, the miner will earn rewards and be able to add the next block to the blockchain.
Honeypots are smart contracts that appear to have flaws that the victim finds out but have no idea about the second vulnerability that also exists in the contract. As a result, thinking to exploit the noticed flaw, the user sends Ether into the contract, which is locked in the contract. The contract creator will only be able to access that trapped coin.
- Liquidity Pool
Liquidity pools refer to crypto tokens locked in a smart contract to provide liquidity to decentralized exchanges. The liquidity pool relies on the Automated market maker(AMM) to determine the price of the tokens through a mathematical formula and help perform trades efficiently.
- Merkle tree
Merkle tree is also known as the hash tree, which uses the hash to maintain data integrity in the blockchain. For every input given, there is a unique output which is given as a hash. Using this hash, huge amounts of data can be easily identified.
- Maximal Extractable Value(MEV)
- In proof-of-work(PoW) or proof-of-stake(PoS) consensus, miners choose transactions and add them to the blocks. MEV is more like the excess fees the validator would obtain in addition to the standard gas fees to prioritize transactions and include them in the blockchain network.
- Mempool or memory pool with a memory of a few kilobytes(kb) is the waiting area where unconfirmed transactions sit. The miners/validators pick up the verified transaction from the mempool based on priority and add them to blocks. The transactions in the mempool have an expiry time of two weeks, after which the transaction stands cancelled if they are not validated.
- On-chain governance
On-chain governance is a means by which changes are implemented to blockchain projects. The rules are encoded in the protocols, and developers propose changes through code updates. The proposed change is executed based on the community members’/participants’ votes.
- Penetration testing
Penetration testing(pen test) is a part of a security check to assess the weaknesses of smart contract coding. It is done by inducing a simulated attack on the coding under a controlled environment to understand the impact of the attack and improve the aspects of coding. The capability of the contract to withstand hacks is analysed to strengthen its security.
- Proof of reserves
Many centralized crypto exchanges are disclosing proof of reserve after the FTX crash in the view of staying transparent to the communities. Proof of reserves allows the users to review the balances held by a centralized cryptocurrency exchange. The reserves are audited by third-party auditors or the companies themselves to verify their claims on user balances(liabilities) are genuine.
- Recursive calls
Recursive call is a condition that can refer to itself and re-call them again and again in a loop. The recursive function uses base case (if) and induction case (else). Re-entrancy attacks are performed by exploiting recursive calls in the code.
- Royalty is associated with NFTs, wherein it is a special privilege given to the creators. As we know, NFTs are unique value assets, and more demand for the asset increases its value. And every time the NFT is celebrated and transferred during trading, the creator of the NFT receives a percentage of money as a royalty benefit.
- Semantic Web
Semantic web, also known as web3.0, was coined by Tim Berners-Lee. It is an enhancement to the current web where information is well-defined for better understanding and enabling computers and people to work in cooperation.
Approaching Web3 From A Security Perspective
- Crypto market is extremely volatile, which projects an increased chance for the price difference between the time the buyer places an order and the trade is executed. And that is why exchanges allow traders to enter the accepted slippage tolerance value. In any case, if the transaction value exceeds the slippage tolerance, the trades are not executed.
Spoof tokens are fake tokens which attackers artificially manipulate to create fake orders, thereby influencing the price of tokens. The hackers initiate token transfers to create a false sense of the buying and selling orders that trick users into believing the supply/demand for the token is real.
- Timestamp dependence
- Timestamping is computed with a cryptographic algorithm to prove the existence of a digital record at a certain time. However, the smart contracts that rely on the timestamp for executing critical operations can be manipulated by hackers to derive output that works best for yielding maximum gains.