Specification
BSC Security Detail
Basic information, token, address, creator, holding address and other basic information, whether it has been blacklisted maliciously, whether it has been reported to participate in fraudulent money laundering crimes, etc.
Permission Control, contracts can be upgraded and modified logic, contract creators have excessive permissions, core parameters can be adjusted at will, unlimited additional issuance and other permissions issues.
Code Vulnerabilities, refer to swcregistry for various pure code-level code vulnerabilities, such as computational overflow, lack of authentication, and reentrancy attacks.
Business Logic Vulnerabilities, high handling fees, and business-level malicious logic such as restrictions on buying and selling.
| Name | Risk Type | Risk Level | Risk Desc |
|---|
Reference documentation
https://owasp.org/ A non-profit foundation dedicated to improving software security, not only blockchain security, providing various conferences and training, and you need to pay to join.
https://swcregistry.io/ is about contract code security vulnerabilities. Similar to a static compiler, it only focuses on code quality and contract vulnerabilities , and provides various attack cases.
https://docs.gopluslabs.io/reference/token-security-api-response-detail/contract-security Go+ Security Audit Provider
https://www.certik.com/projects/binance certik security vendor
https://ave.ai/check Decentralized exchange detection
https://bscscan.com/tokens bsc has a total of about 2.7 million BEP-20 tokens, more than 40,000 ERC-721 and more than 4,000 ERC-1155 NFTs.
https://tokensniffer.com/ Token sniffer, to detect the basic information of the code and information related to liquidity
https://ethereum.org/en/developers/docs/standards/ ERC Specifications
https://blog.csdn.net/sanqima/article/details/120863024Address type, Externally Owned Accounts, referred to as EOA, it has a private key; Contract Account, referred to as CA, has no private key;
Address classification: The current classification is basically based on the ERC specification. ERC uses mostly tokens and NFTs. Others that do not follow the specification can be classified as custom dApps, and in addition to contracts, there will also be Security check of individual user address EOA. Therefore, the current classifications include Token, NFT, dApp, and EOA.