Skip to content

Commit

Permalink
Merge pull request #26 from devFallingstar/master
Browse files Browse the repository at this point in the history 
Update security-considerations.rst
  • Loading branch information
@dongsam
dongsam committed Nov 27, 2018
2 parents cde18f3 + 564dcce commit a18f64b
Showing 1 changed file with 9 additions and 26 deletions.
35 changes: 9 additions & 26 deletions security-considerations.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,32 +4,15 @@
Security Considerations
#######################

While it is usually quite easy to build software that works as expected,
it is much harder to check that nobody can use it in a way that was **not** anticipated.

In Solidity, this is even more important because you can use smart contracts
to handle tokens or, possibly, even more valuable things. Furthermore, every
execution of a smart contract happens in public and, in addition to that,
the source code is often available.

Of course you always have to consider how much is at stake:
You can compare a smart contract with a web service that is open to the
public (and thus, also to malicious actors) and perhaps even open source.
If you only store your grocery list on that web service, you might not have
to take too much care, but if you manage your bank account using that web service,
you should be more careful.

This section will list some pitfalls and general security recommendations but
can, of course, never be complete. Also, keep in mind that even if your
smart contract code is bug-free, the compiler or the platform itself might
have a bug. A list of some publicly known security-relevant bugs of the compiler
can be found in the
:ref:`list of known bugs<known_bugs>`, which is also machine-readable. Note
that there is a bug bounty program that covers the code generator of the
Solidity compiler.

As always, with open source documentation, please help us extend this section
(especially, some examples would not hurt)!
μ†Œν”„νŠΈμ›¨μ–΄λ₯Ό μ›ν•˜λŠ” λ°©μ‹μœΌλ‘œ μž‘λ™λ˜λ„λ‘ λ§Œλ“œλŠ” 것은 어렡지 μ•ŠμœΌλ‚˜, λ‹€λ₯Έ μ‚¬λžŒμ΄ μ›ν•˜μ§€ μ•ŠλŠ” λ°©μ‹μœΌλ‘œ μž‘λ™ν•˜μ§€ μ•Šλ„λ‘ ν™•μΈν•˜λŠ” 것은 맀우 μ–΄λ ΅λ‹€.

μ†”λ¦¬λ””ν‹°μ—μ„œλŠ” ν† ν°μ΄λ‚˜ 심지어 더 κ°€μΉ˜μžˆλŠ” 것듀을 닀루기 λ•Œλ¬Έμ— μ΄λŸ¬ν•œ λ¬Έμ œλŠ” 특히 μ€‘μš”ν•˜λ‹€. λ”ν•΄μ„œ λͺ¨λ“  슀마트 μ½˜νŠΈλž™νŠΈλŠ” 곡개적으둜 μ‹€ν–‰λ˜κ³  λŒ€λΆ€λΆ„μ˜ μ†ŒμŠ€μ½”λ“œ λ˜ν•œ λˆ„κ΅¬λ‚˜ 확인 ν•  수 μžˆλŠ” κ²½μš°κ°€ λ§Žλ‹€.

λ¬Όλ‘  λ³΄μ•ˆμ— μ–Όλ§ˆλ‚˜ 신경을 써야 ν•˜λŠ” μ§€λŠ” 상황에 따라 λ‹€λ₯΄λ‹€. μ›Ή μ„œλΉ„μŠ€ λ˜ν•œ λŒ€μ€‘(μ•…μ˜μ μΈ 곡격자λ₯Ό ν¬ν•¨ν•œ) λˆ„κ΅¬λ‚˜ μ ‘κ·Όν•  수 있고 심지어 μ˜€ν”ˆμ†ŒμŠ€μΈ κ²½μš°λ„ μžˆλ‹€. λ§Œμ•½ μ›Ή μ„œλΉ„μŠ€μ— μžμž˜ν•œ μ •λ³΄λ“€λ§Œ μ €μž₯ν•œλ‹€λ©΄ λ³΄μ•ˆ λ¬Έμ œμ— 크게 신경쓰지 μ•Šμ•„λ„ λ˜μ§€λ§Œ, μ›Ή μ„œλΉ„μŠ€λ₯Ό ν†΅ν•΄μ„œ 은행 κ³„μ’Œλ₯Ό κ΄€λ¦¬ν•œλ‹€λ©΄ 쑰금 더 쑰심해야 ν•œλ‹€.

이 μž₯μ—μ„œλŠ” 쑰심할 λ¬Έμ œλ“€κ³Ό 일반적인 λ³΄μ•ˆκ΄€λ ¨ νŒ¨ν„΄λ“€μ„ λ‹€λ£¨μ§€λ§Œ μ™„λ²½ν•œ 것은 μ•„λ‹ˆλ‹€. λͺ…심할 것은 슀마트 μ½˜νŠΈλž™νŠΈμ— μ•„λ¬΄λŸ° 버그가 없더라도, μ»΄νŒŒμΌλŸ¬λ‚˜ ν”Œλž«νΌ μžμ²΄μ—λŠ” 버그가 μžˆμ„ 수 μžˆλ‹€λŠ” 점이닀.

μ–Έμ œλ‚˜ 그렇듯이, 이 λ¬Έμ„œλŠ” μ˜€ν”ˆ μ†ŒμŠ€ 기반의 λ¬Έμ„œμ΄κΈ° λ•Œλ¬Έμ—, λ³΄μ•ˆμ— λŒ€ν•œ λ¬Έμ œκ°€ 생긴닀면 주저없이 λ‚΄μš©μ„ μΆ”κ°€ν•΄μ£Όμ‹œκΈ° λ°”λžλ‹ˆλ‹€.

********
Pitfalls
Expand Down

0 comments on commit a18f64b

Please sign in to comment.