|
[1]L. Gudgeon, D. Perez, D. Harz, B. Livshits, and A. Gervais, "The decentralized financial crisis," in Proceedings of 2020 Crypto Valley Conference on Blockchain Technology (CVCBT), pp.1-15: IEEE , 2020 [2]Y. Chen and C. J. J. o. B. V. I. Bellavitis, "Blockchain disruption and decentralized finance: The rise of decentralized business models," Journal of Business Venturing Insights, vol. 13, p. e00151, 2020. [3]Defi Pulse網站. Available: https://defipulse.com/ [4]I. J. S. Salami, I.‘Decentralised Finance: The Case for a Holistic Approach to Regulating the Crypto Industry’Journal of International Banking and F. Law, "Decentralised Finance: The Case for a Holistic Approach to Regulating the Crypto Industry," Journal of International Banking and Financial Law, vol. 35, no. 7, pp. 496-499, 2020. [5]Bitcoin, Ethereum Avg. Transaction Fee historical chart. Available: https://bitinfocharts.com/comparison/transactionfees-btc-eth.html#6m [6]H. Adams, N. Zinsmeister, and D. J. U. h. u. o. w. p. Robinson. (2020). Uniswap v2 core. Available: https://uniswap. org/whitepaper. pdf [7]gas fee. Available: https://blog.makerdao.com/how-ethereum-2-0-will-address-gas-issues-and-enable-dai-and-defi-to-scale/ [8]The DAO. Available: https://en.wikipedia.org/wiki/The_DAO_(organization) [9]DAO遭駭事件打破區塊鏈不可逆神話. Available: https://www.ithome.com.tw/news/107405 [10]How the dForce hacker used reentrancy to steal 25 million. Available: https://quantstamp.com/blog/how-the-dforce-hacker-used-reentrancy-to-steal-25-million [11]S. Sayeed, H. Marco-Gisbert, and T. J. I. A. Caira, "Smart contract: Attacks and protections," IEEE Access, vol. 8, pp. 24416-24427, 2020. [12]OWASP TOP10. Available: https://owasp.org/www-project-top-ten/ [13]OWASP ASVS. Available: https://owasp.org/www-project-application-security-verification-standard/ [14]DASP TOP10. Available: https://dasp.co/ [15]SCSVS. Available: https://github.com/securing/SCSVS [16]Secure Smart Contracts Development using SCSVS. Available: https://owasp.org/www-chapter-tunisia/assets/images/OWASP-Tunis-Chapter-2020.pdf [17]OWASP Tunisia. Available: https://owasp.org/www-chapter-tunisia/ [18]OpenZeppelin math. Available: https://github.com/OpenZeppelin/openzeppelin-contracts/tree/master/contracts/utils/math [19]ICO Smart contract Vulnerability: Short Address Attack. Available: https://medium.com/huzzle/ico-smart-contract-vulnerability-short-address-attack-31ac9177eb6b [20]Solidity v0.6.9 Doc. Available: https://docs.soliditylang.org/en/v0.6.9/ [21]The Parity Wallet Hack Explained. Available: https://blog.openzeppelin.com/on-the-parity-wallet-multisig-hack-405a8c12e8f7/ [22]King of the Ether. Available: https://www.kingoftheether.com/thrones/kingoftheether/index.html [23]Solidity by Example 0.7.6. Available: https://solidity-by-example.org/ [24]OpenZeppelin GitHub. Available: https://github.com/OpenZeppelin [25]tinchoabbate. Available: https://twitter.com/tinchoabbate [26]Wargame. Available: https://en.wikipedia.org/wiki/Wargame_(hacking) [27]Uniswap's getInputPrice function. Available: https://github.com/Uniswap/uniswap-v1/blob/master/contracts/uniswap_exchange.vy#L106 [28]M. Rodler, W. Li, G. O. Karame, and L. J. a. p. a. Davi, "Sereum: Protecting existing smart contracts against re-entrancy attacks," in Proceedings of 26th Annual Network & Distributed System Security Symposium (NDSS), 2019. [29]Responsible_disclosure. Available: https://en.wikipedia.org/wiki/Responsible_disclosure [30]J. Feist, G. Grieco, and A. Groce, "Slither: a static analysis framework for smart contracts," in Proceedings of 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), pp. 8-15: IEEE. ,2019 [31]MythX: Smart Contract Security Tool for Ethereum. Available: https://mythx.io/ [32]Introduction to Manticore, a symbolic analysis tool for smart contract. Available: https://medium.com/haloblock/introduction-to-manticore-a-symbolic-analysis-tool-for-smart-contract-9de08dae4e1e [33]P. Tsankov, A. Dan, D. Drachsler-Cohen, A. Gervais, F. Buenzli, and M. Vechev, "Securify: Practical security analysis of smart contracts," in Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 67-82 , 2018. [34]S. Tikhomirov, E. Voskresenskaya, I. Ivanitskiy, R. Takhaviev, E. Marchenko, and Y. Alexandrov, "Smartcheck: Static analysis of ethereum smart contracts," in Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain, pp. 9-16. , 2018 [35]B. Jiang, Y. Liu, and W. Chan, "Contractfuzzer: Fuzzing smart contracts for vulnerability detection," in Proceedings of 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE, pp. 259-269: IEEE. ), 2018 [36]M. Di Angelo and G. Salzer, "A survey of tools for analyzing Ethereum smart contracts," in Proceedings of 2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON ), pp. 69-78: IEEE., 2019 [37]S. Kalra, S. Goel, M. Dhawan, and S. Sharma, "ZEUS: Analyzing Safety of Smart Contracts," in Proceedings of 2018 Ndss, pp. 1-12. , 2018 [38]M. Wohrer and U. Zdun, "Smart contracts: security patterns in the ethereum ecosystem and solidity," in Proceedings of 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), pp. 2-8: IEEE. , 2018 [39]Aave Protocol V2 Available: https://github.com/aave/protocol-v2 [40]bZx Hack Full Disclosure (With Detailed Profit Analysis). Available: https://peckshield.medium.com/bzx-hack-full-disclosure-with-detailed-profit-analysis-e6b1fa9b18fc [41]EIP-777: ERC777 Token Standard Available: https://github.com/ethereum/EIPs/blob/master/EIPS/eip-777.md [42]Exploiting Uniswap: from reentrancy to actual profit. Available: https://blog.openzeppelin.com/exploiting-uniswap-from-reentrancy-to-actual-profit/ [43]Damn Vulnerable DeFi. Available: https://www.damnvulnerabledefi.xyz/ [44]PercentFinance Important Announcement. Available: https://percent-finance.medium.com/important-announcement-d35f9a0df112 [45]Bancor smart contracts vulnerability: It’s not over. Available: https://medium.com/zengo/bancor-smart-contracts-vulnerability-and-its-lessons-ce762d09bb9a [46]MakerDAO White Paper. Available: https://makerdao.com/en/whitepaper/#keepers [47]Harvest Finance: $24M Attack Triggers $570M ‘Bank Run’ in Latest DeFi Exploit. Available: https://www.coindesk.com/harvest-finance-24m-attack-triggers-570m-bank-run-in-latest-defi-exploit [48]Cheese Bank Incident: Root Cause Analysis. Available: https://peckshield.medium.com/cheese-bank-incident-root-cause-analysis-d076bf87a1e7 [49]WarpFinance Incident: Root Cause Analysis. Available: https://peckshield.medium.com/warpfinance-incident-root-cause-analysis-581a4869ee00 [50]Uniswap V2 Audit Report. Available:https://uniswap.org/audit.html#org87c8b91 [51]Feeds price feed oracles. Available: https://developer.makerdao.com/feeds/ [52]Choosing a Reliable Solution for bZx’s Oracle. Available: https://bzx.network/blog/choosing-oracle
|