跳到主要内容

4 Blockchain Smart Contract

Blockchain Fundamentals

  • Public Blockchain

    • Transactions are publicly visible.
    • User identities are pseudonymous, not fully anonymous.
    • Blocks are linked by cryptographic hashes.
    • Modifying one block breaks the hash chain and violates consensus.

  • Immutability & Consensus

    • Security relies on hash links + distributed consensus.
    • Historical data is computationally impractical to alter.

Smart Contracts

  • Definition

    • Self-executing programs stored and run on the blockchain.
    • Automatically enforce rules once conditions are met.

  • Key Properties

    • Can hold, transfer, and manage crypto assets.
    • Executed by the EVM (Ethereum Virtual Machine).
    • Each execution consumes gas.
    • Cannot be freely modified after deployment.

  • Risks

    • Bugs are permanent once deployed.
    • Vulnerable to logic errors (e.g., reentrancy, oracle misuse).

DeFi (Decentralized Finance)

  • What is DeFi

    • Financial systems built on smart contracts.
    • No centralized intermediaries (banks, brokers).

  • Core Mechanisms

    • AMM (Automated Market Maker)
      • Prices determined by pool ratios (e.g. x · y = k).
    • Flash Loans
      • Large loans with no collateral, must be repaid within one transaction.
      • Enable arbitrage, liquidation, and attacks.
    • Atomicity
      • All steps succeed or entire transaction reverts.

  • Common Vulnerabilities

    • Reentrancy attacks
    • Oracle manipulation
    • Flash loan attacks
    • Price manipulation via liquidity pools

Flash Loan Attacks (Key Idea)

  • Attacker:

    1. Borrows large funds via a flash loan.
    2. Manipulates on-chain prices (e.g. AMM or oracle).
    3. Exploits delayed or naive pricing logic.
    4. Reverts prices.
    5. Repays loan and keeps the profit.

  • Critical Insight

    • Attacks exploit economic logic, not just code bugs.

Stablecoins

  • Definition

    • Cryptocurrencies designed to maintain a stable value (often pegged to USD).

  • Types

    • Fiat-backed (e.g. USDC) — centralized risk.
    • Over-collateralized (e.g. DAI) — relies on liquidations.
    • Algorithmic — high risk of de-pegging.

  • Risks

    • Market volatility
    • Oracle failures
    • Smart contract bugs
    • Centralization (for fiat-backed coins)

Bayesian Networks & Probabilistic Reasoning

  • Bayesian Inference

    • Computes posterior probabilities using:
      • Bayes’ Rule
      • Law of Total Probability

  • Use Case

    • Modeling uncertainty (e.g. disease risk given multiple causes).
    • Helps reason under incomplete information.

Program & Contract Analysis

  • Symbolic Execution

    • Uses symbolic inputs to explore all possible execution paths.
    • Effective for detecting edge-case bugs.

  • Dynamic Variant Inference (DVI)

    • Analyzes runtime behavior, not just code.
    • Useful for:
      • Detecting cloned contracts
      • Identifying malicious variants of DeFi protocols

Reinforcement Learning (RL) — Conceptual Link

  • Why Relevant

    • Many intelligent systems require sequential decision-making.
    • DeFi bots and trading agents often use RL.

  • Core Elements

    • Agent
    • Environment
    • State
    • Action
    • Reward

Big Picture Insight

  • Blockchain + smart contracts enable trustless automation.
  • DeFi shows both:
    • Power of composable protocols.
    • Fragility due to economic and logical exploits.
  • Security requires:
    • Cryptography
    • Formal analysis
    • Economic reasoning
    • Runtime behavior analysis