Security Contract Architecture Based on Ethereum ICO
Overview
With the rise of Bitcoin and Ethereum, more and more projects are raising early funds through ICO. Among them, most projects use Ethereum-based ERC20 tokens to issue tokens. Tokens based on ERC20 tokens occupy half of the digital currency market, thus supporting the rise in the price of Ethereum.
The Turing completeness of Ethereum contracts brings great freedom and convenience to ICOs, and at the same time, ICO security has attracted much attention. To sum up, several issues that need to be solved when controlling the ICO process through contracts are as follows:
* How are tokens created, and by whom?
* How to create tokens during crowdfunding?
* How to control the ETH transferred by the user?
With the above questions, if you want to know the technical details of ICO based on Ethereum, let's look down.
ERC20 Token
ERC20 token is a digital currency standard on the Ethereum platform, which is essentially a smart contract. The advantages of using ERC20 tokens are:
* The crowdfunding process is open and transparent
* The crowdfunding rules are controllable
* The trading time is controllable
The above features are all based on the Turing completeness of Ethereum and are controlled by contracts.
Crowdfunding Contract Framework
Considering the controllability, security, and regulatory requirements of the entire ICO process, the ICO process will involve three contracts: crowdfunding contract , ERC20 Token standard contract , wallet contract , and the master account used to create these three contracts .
* Main account
The main account is an ordinary ether account, responsible for creating
three contracts
In addition to the basic transfer and balance functions of tokens, the ERC20 Token standard contract
also has the function of creating tokens in order to initialize tokens during crowdfunding (only crowdfunding contracts can create tokens).The wallet contract
is used to receive crowdfunded ETH. In addition, the lock time of the wallet, daily withdrawal limit, multi-signature, etc. can also be set according to specific needs.
In order to facilitate the description of the relationship between the four, here we use C to represent the crowdfunding contract , T to represent the ERC20 Token standard contract , W to represent the wallet contract , and M to represent the main account . Their relationship is shown in the figure below:
Process description:
1. Create a contract: Create three contracts C, T, and W respectively through the main account M. At this time, the owners of the three contracts are the main account M. (For some sensitive operations, only the owner has the right to operate.)
2. Switch the owner of T: In order to allow the crowdfunding contract to distribute tokens, the owner of the token contract T needs to be replaced by the crowdfunding contract C. (Only after this step is completed, subsequent operations can be triggered)
3. Token distribution: When users participate in crowdfunding, they transfer ETH to crowdfunding contract C, and C will calculate the number of tokens to be issued according to the rules. By calling the token generation interface of the token contract T, tokens are distributed to the user
4. ETH transfer: at the same time as the tokens are distributed, the ether transferred by the user will be transferred to the pre-set wallet contract W ( The wallet contract has its own withdrawal rules)
safety
The entire ICO process looks complicated, but there are security considerations behind the complexity. Its design process is mainly to solve the following problems:
* How to create tokens and who will create them?
* If tokens can only be created by the owner of the contract, how can the crowdsale contract create tokens smoothly?
* How to control the ETH transferred by the user?
1. How are tokens created and by whom?
Obviously, not everyone can create tokens! A common practice is to let the creator of the token contract, the owner, create the token.
2. How to make the crowdfunding contract create tokens smoothly?
Because the user must participate in the ICO through the crowdfunding contract C, after the user transfers to the ICO, the crowdfunding contract C needs to help the user create tokens (deposit the number of tokens for the user in the token contract T).
Due to the restriction of Article 1, we need to find ways to make the crowdfunding contract C the owner of the token contract T. The method is as follows:
1. Call the changeOwner method in the token contract T, and change its owner to the crowdfunding contract C;
2. Call the acceptTokenOwner method of the crowdfunding contract C, and accept to be the owner of the token contract T;
In this way, the crowdfunding contract C becomes the owner of the token contract T and has the right to create tokens.
If I want to conduct a second round of crowdfunding in the future and change the crowdfunding contract, what should I do if I still want to use the previous token contract? Very simple, just like the above method, the crowdsale contract can also transfer its owner rights to the token contract to the next crowdsale contract. In principle, the transfer of owner can go on forever.
How to control the ETH transferred by users?
Generally, the team needs to control the crowdfunded ETH, such as locking for a certain period, limiting the withdrawal amount, double signature verification, etc., which can be controlled by the wallet contract.
Summarize
Based on the security considerations of Ethereum ICO, it mainly focuses on the security review of three contracts (crowdfunding contract, Token contract, wallet contract). The funds involved in ICO are huge, and a loophole in any one of the contracts will bring huge losses.
AE was stolen more than 100,000 ETHs because of the use of a flawed official wallet from Parity. This is enough to remind us not to trust the so-called "official" too much. Before the ICO, the project team must review the contract code several times to ensure that there are no loopholes before releasing it.