区块链众筹平台的分析,区块链众筹应用

『一』How is the major of blockchain technology application_Employment direction_What to study mainly

When filling out the application form for the college entrance examination, I was confused. How is the major of blockchain technology application? What are the career directions and what are the main subjects to study are issues of great concern to candidates and parents. The following is a relevant introduction, I hope it will be helpful to everyone.

1. Training objectives

This major cultivates comprehensive development of moral, intellectual, physical, artistic and labor skills, and masters a solid scientific and cultural foundation, programming and algorithms, Linux operating system, Knowledge of network technology, database, container technology, cryptography and related laws and regulations, etc., with capabilities such as blockchain application design and development, smart contract development, blockchain system testing, blockchain deployment and operation and maintenance, software design and development, etc. , high-quality technical and skilled talents with craftsman spirit and information literacy who can engage in blockchain application development, blockchain testing, blockchain operation and maintenance, blockchain operations, etc.

2. Employment direction

For occupations such as blockchain application operators, blockchain engineering and technical personnel, etc.

3. Main professional ability requirements

Have the ability to analyze and design demand for blockchain products;

Have the ability to apply blockchain and intelligence Ability to design and develop contracts;

Ability to test design, execution and analysis of blockchain systems;

Ability to deploy, maintain and monitor blockchain systems;

Have the ability to write and debug computer software front-end and back-end code;

Have the ability to write computer software requirements documents and design documents;

Have digital skills and the ability to adapt to the new requirements of the development of the blockchain industry;

Have the ability to explore learning, lifelong learning and sustainable development.

4. Main professional courses and practical training

Basic professional courses: basics of blockchain, Linux operating system, computer network basics, programming basics, Web development technology, Database technology and applications.

Professional core courses: advanced application of programming, core blockchain technology, virtualization and container technology, blockchain deployment and operation and maintenance, blockchain application design and development, smart contract development, district Comprehensive practice of blockchain projects.

Internship training: Connect with real professional scenarios or work situations, conduct blockchain application design and development, smart contract development, blockchain deployment and operation and maintenance, and comprehensive practice of blockchain projects inside and outside the school Waiting for practical training. Conduct on-the-job internships in blockchain-related companies and other units or places.

5. Examples of professional certificates

Professional qualification certificate: Computer technology and software professional technical qualification

Professional skill level certificate: blockchain system application and design, blockchain application software development and operation and maintenance, blockchain smart contract development< br />
6. Examples of continuing majors

Examples of continuing higher vocational undergraduate majors: blockchain technology, software engineering technology, cloud computing technology, information security and management

Examples from regular undergraduate majors: Blockchain engineering, cryptography science and technology, information security, computer science and technology, cyberspace security

『二』How about AsiaInfo Blockchain Test Engineer

Okay.
1. First of all, the monthly salary of AsiaInfo Blockchain test engineers is between 10,000 and 20,000 yuan.
2. Secondly, AsiaInfo Blockchain test engineers have 7 days of paid off-duty benefits every month.

『三』Has the blockchain technology standard system been perfected?

A few days ago, some experts said that blockchain is like the Internet in 1992, and standardization has not been completely completed. Application and promotion will still be limited, and it is in the early stage of technical reserve. Once standards are in place, various technological research and development can proceed.

One of the current priorities of the China Internet Finance Association in 2018 is to actively promote standardization construction. “Blockchain must have a new technical standard system, especially Establishing an authoritative third-party certification system is a top priority for the development of blockchain finance."

Although from the current point of view, regulatory authorities are paying considerable attention to blockchain, they are mainly concentrated in the financial field, especially in the second half of last year, strict control measures were taken against virtual currencies and ICO (initial coin offerings). , from the perspective of the development of the entire blockchain industry, laws and regulations are still relatively lagging behind. Compared with advanced overseas countries, there is a lack of specialized laws that define blockchain and govern its transactions and trading platforms.

I hope that the standards of blockchain can be improved as soon as possible.

Content source: Bit110 Network

『四』How to judge whether a blockchain project is worth investing

1. Project details

Project details are generally published by the project party on certain ICO platforms, and the platform is responsible for review. Detailed relevant information must be submitted when publishing. Available for user query. The following are what we need to refer to:

◆Whether the project team member information is fake

◆Whether the official website has been recently filed

◆Whether the total project quota is reasonable

◆Whether the additional issuance is excessive

◆Whether the project token allocation is reasonable

◆Whether the project development plan and development plan are clear

II. Product Analysis

Type: application, platform, underlying technology

Conduct corresponding analysis based on different blockchain projects to determine whether the project is suitable for blockchainTechnology development, comparison and analysis of existing products in the industry, for example, a certain project is currently developing a decentralized content distribution platform. We can refer to the better TOUs in the industry. As a unicorn in the field of content distribution, Toutiao has grown since its launch in 2012 and now has 500 million registered users and nearly 100 million DAU.

User composition: advertisers, content producers, content readers,

Content ecology: UGC+PGC content generation model has become complete, content composition is diversified, graphic information + Short video + Live broadcast

Profit model: e-commerce advertising, information flow advertising to monetize traffic,

Product advantages: large number of users, classified push of information based on specific algorithms, user experience Good, user habits are developed

Financing experience: Series C, US$1 billion

Based on the above information and comparing it with the project’s white paper, determine what are the real advantages of this blockchain project? If the project white paper cannot clearly describe the product architecture and just talks about concepts, then it is very likely that the product is unreliable.

3. Market analysis

Competing products: not only Sina, Sohu, Tencent, NetEase, Phoenix, Yidian, Zaker, Online News, Zhihu Daily and other major platforms. There are also a series of vertical content products competing with it.

Competition: A large number of users have developed fixed information acquisition habits, which indicates that the new platform will significantly increase the customer acquisition cost

4. User and usage scenario analysis

p>

◆Content readers: obtaining information, entertainment and relaxation, skill learning, emotional expression, eye stimulation, policy interpretation, consumption decision-making, etc.

◆Advertisers: attract traffic, promote products, and create brand tone.

◆Content producer: Produce high-quality content, receive advertisements, and earn advertising fees.

5. Analysis of industry issues

◆The platform’s definition of effective traffic and recommendation mechanism lead to unstable income for content producers

◆The impact of advertising placement on users The impact of experience

◆The effect of information flow advertising on certain types of products is poor

Attachment: A summary of recent projects on a blockchain crowdfunding project website

◆Internet of Things: Waltonchain

◆Social communication platforms: SNC, Matchpool

◆Asset trading: OmiseGo, OpenANX, Bytom, Gongxinbao

◆Cloud storage technology: STORJ, iex.ec

◆Application distribution, MobileGo

◆Electronic wallet: Status, Monaco

◆Content distribution: YOYOW

◆Smart Investment: CoinFeed

◆Smart Contract: Aeternity

◆Digital Advertising: YouWiFi, BAT

◆Company ：Dcorp

◆ICO crowdfunding, venture capital funds: Onplace

◆Blockchain transactions: ICOcoin, Quantum Chain Qtum=

◆Medical care: Cloud Medical Chain HIS, medical chain

◆Entrepreneurship incubator fund: Starta

◆Blockchain technology application

◆Digital assets: Tenx, Ruizi Chain, ZenGold

◆Game account system: ugChain

◆New media: Cloud Chain

◆Election: Election Chain ELC

◆Asset exchange: SWFT platform

◆Copyright: IPC Intellectual Property Chain, Printing Chain

◆Computing Power: SONM

6. Technical Strength Analysis

◆Core Whether the technology is innovative and industry-forward

◆Technical feasibility and implementation difficulty

◆Whether the product type can give full play to the advantages of blockchain technology

◆ Whether the project releases a test network

◆Whether the project is open source, generally open source projects will be uploaded to github,

◆Which blockchain will be developed based on

◆Which consensus mechanism to use

7. Analysis of team composition

◆Whether there are experts in the team

Whether it is a technology expert: such as stratis CEO Chris Trew, Eyal Hertzog of the Bancor founding team, and investors such as Tenx include Ethereum founder Vitalik Buterin and Fenbushi Capital partner Shen Bo.

The initiator of a certain blockchain product crowdfunding project is Yang Mouke, the former co-founder of Bitcoin China, who launched the ICOcoin project. Or maybe the initiator of the blockchain project is Li Moulai, the "richest man in Bitcoin" in China, launching the Press one project. This can all mean that this project is reliable in a certain sense. Of course, there are exceptions, such as the recent case of Mr. Li, whose project caused outrage in the entire circle.

◆Is the team structure scientific?

Legal consultants, industry consultants, project management committees, third-party organizations

8. Reference blockchain project rating websites< /p>

Relatively reasonable, there are many rating websites, and the rating standards of each platform are also different. There may be a big gap in the ratings given by the same project on different platforms. At this time, we are needed

I have a deep understanding of the basic knowledge related to blockchain and am capable of certain self-judgment. Don’t trust experts. Many so-called experts may have interests tied to the sponsors of blockchain projects.

9. Direct communication

The last point is also the most important. Whether it is a face-to-face road show, or communication in a forum or community, people can intuitively understand whether the initiator of this project relies onSpectrum. Whether it is a blockchain product project or some technical questions, the project side can answer them. Whether it is reliable or not can be known once tested.

『Wu』 Is blockchain project testing reliable?

Answer: Blockchain project testing can be reliable, but the testing process and testing methods must also be considered. Explain the reason: As an emerging technology, blockchain technology is receiving more and more attention and applications. The testing of blockchain projects is also a very important part and is a necessary link to ensure the success of the project. Due to the complexity and security of blockchain projects, testing requires a lot of time and energy, and requires very rigorous testing processes and methods. If testers lack the necessary professional skills, make mistakes in the testing process or use improper testing methods, problems and loopholes may easily occur, which may even lead to project failure or losses. Expanded content: Current blockchain project testing faces various challenges and difficulties, such as the emerging new technologies and new application scenarios, the complexity and security of the project itself, and the instability of the test environment. In response to these problems, scientific and reasonable testing methods and tools need to be used to ensure the accuracy and effectiveness of test results, so as to discover and repair defects and loopholes in the project. In addition, testing also needs to work closely with development and operation and maintenance to form an entire testing system to strengthen the integrity and consistency of the testing process and testing strategy.

『Lu』 [Project Evaluation] ENT: South Korea’s first blockchain project in the entertainment industry

Market: 23/26

Evaluation Standard: Whether Solve the market pain points; whether the blockchain technology is reasonably introduced; market competitive advantage;

Score description: The fan economy is a major component of the entertainment industry. The current problem is that there are a large number of various intermediate links between the interaction between fans and idols, which greatly increases the cost of fan economic operations. At the same time, celebrities often need to participate in some cross-border and cross-industry activities, which involves the cooperation of various participants, and how to quickly establish trust is the key to smooth cooperation. Blockchain technology has natural advantages in solving trust issues, and point-to-point encryption technology can effectively reduce the intermediate costs between fans and idols.

Team: 17/24

Evaluation criteria: Whether the resumes of team members are true; whether the experience is sufficient to support the project; the strength, relevance and authenticity of the consultant;

Score description: The development team is a Chinese and Korean team, composed of AIMHIGH Entertainment Group and Momo Development Team. The advisory team is still a combination of China and South Korea, among which we can see the presence of Martians.

Technology: 15/20

Evaluation criteria: Whether the business logic and technical architecture are clear and reasonable; whether there is underlying innovation in the blockchain; product development progress; Github updates;

Score description: ENT’s business architecture mainly consists of: data layer, logical layer, regulatory layer, business layer and application layer. Its technical architecture follows Ink's design specifications and standards, and has undergone a series of self-made modifications and developments for typical application scenarios in the entertainment industry. Supports multi-protocol features and is compatible with BIP protocol and POS smart contract platform. At the same time, ENT supports scalability, cross-chain protocols and lightning networks.

Token economic model: 12/15

Evaluation criteria: whether the token is deeply coupled with the project; whether it has necessary uses; whether the token appreciation logic is reasonable; whether the crowdfunding method is reasonable , including financing amount, proportion of public fundraising, use of funds, etc.;

Score description: ENT’s economic model is very special. ENT will serve as the base currency of the entire ecosystem, and stars can mortgage ENT to issue their own idol tokens at a certain ratio. The value of these idol tokens will increase as the star grows. ENT's foundation, ENTF, will be responsible for guiding and supervising the development and maintenance of ENT Cash, and promoting the healthy growth of the ENT blockchain ecosystem.

Project implementation and business development: 12/15

Evaluation criteria: whether the business development line is reasonable; market reputation; number and activity of participants;

Score description : Behind this business is South Korea’s AIMHIGH Global and the Korean entertainment industry it represents. In addition to South Korea's AIMHIGH, ENT's major shareholders include Kaiying Network (002517) and Cultural Investment Holdings (600715). The project has just started and the future is promising.

ENT is South Korea's first entertainment industry platform based on blockchain technology. It provides a one-stop solution for the global distributed trial community. Specifically:

ENT is based on the quantum platform and uses smart contracts, lightning network and other technologies to provide platform support for digital payment and idol token distribution in the entertainment industry. It can also provide smart contract configuration and invocation, Automatically classify accounts and other functions.

ENT's token (ENT Cash) will be used as a general equivalent and fuel in Dapp and the ENT system, and will be used for payment, clearing, and fees for payment system functions. In addition, the ENT token also has a very special function. It can be used as collateral to issue idol-specific tokens with a fixed exchange ratio.

The creation of idol tokens requires the definition of a series of parameters, including name, symbol, precision, exchange ratio, etc. The parameter that needs to be focused on is the fixed exchange ratio between idol tokens and ENT tokens, which is related to the number of idol tokens issued and destroyed.

Wang Xue, former commercial director of Momo, is currently the chairman of AIMHIGH Entertainment Group. Responsible for business, marketing, evaluation, project management, etc.Years of operational management experience in gaming, entertainment and business. AIMHIGH Group is a company dedicated to the global entertainment industry. It is currently listed overseas and its business covers games, film and television, animation, etc.

Li Longyi, technical director of Momo, employee No. 7 of Momo, graduated from Tianjin University of Science and Technology. He has many years of experience in program development and system architecture, and is a well-known senior expert in the blockchain industry in China.

Moon In-sik, Vice President of AIMHIGH Entertainment Group. Responsible for games, movies, TV series, virtual currency, and international IP trading business in China, Japan and South Korea. He has held management positions in well-known Korean companies such as the Korea Network Technology Institute.

Xu Chen, a senior practitioner in the Internet industry, has long been engaged in and researched product and technology development in search, big data, artificial intelligence, blockchain and other fields. He once served as Vice President of Commercial Product Technology at Afanti, co-founder of an intelligent hardware start-up company, and senior R&D and management director at BAT.

Koo Taiyan, legal consultant for the ENT project, representative lawyer and representative director of TEK&LAW Law Firm. TEK&LAW Law Firm was born in the ICT field and is one of the most well-known law firms in South Korea.

Xu Zijing, nicknamed Martian. Founder of Australian Branch Bank Capital, a famous investor in the blockchain industry, and the project leader of Hcash (Super Cash).

Tang Ling, Chairman of Ink Labs Foundation, Managing Partner of Jenga Blockchain Capital. Founder of the Blockchain Technology and Legal Innovation Research Laboratory of Xi'an Jiaotong University. A key member of the APEC Future Academy Advisory Committee, a member of the World Economic Forum’s Outstanding Youth Community, and a member of the Silk Road Innovation Design Alliance expert group.

Wang Xiaoyin, graduated from the Department of Mathematics of Nanjing University, co-founder of Yitaiyuan Technology, core developer of BitShares 1.0, representative of EEA China, is currently mainly engaged in Ethereum state channel and cross-chain related research. He once served as the technical director of a blockchain technology company.

IN, Hoh Peter, currently the chief consultant of the ENT project, is a representative figure in the Korean blockchain industry. Blockchain expert at Korea University, professor in the Department of Computer Science and Engineering, and chairman of the Korean Blockchain Association.

We all know how powerful the Korean entertainment industry is, and the application of blockchain technology this time may be a good attempt. It not only improves solutions to the pain points of the entertainment industry, but also promotes regional development. Blockchain has entered the public eye. Once the project is successful, it can be said to be cooperation and win-win in both fields.

The core team of the project has many years of experience in the entertainment industry and blockchain development capabilities. The multinational all-star advisory group behind it provides strong support for the smooth progress of the project.

At the same time, we can learn from the official website that many world-class stars such as Running-Man, G-Dragon, Ozawa Maria, etc. have joined ENT’s platform.

The total issuance of ENT is 1.6 billion, of which 20% is generated by mining. The distribution plan is as follows:

The fundraising of ENT is mainly divided into three stages:

The team will calculate the exchange ratio about 2 weeks after the completion of the token sale crowdfunding. According to the location of the participants The corresponding number of ENT will be allocated according to the stage situation. After the allocation is completed, it is expected that the wallet will be able to withdraw coins to third-party exchanges for transactions in about 2 weeks. The specific time will be disclosed by the ENT team.

Official website: http://entcash.com/

『撒』Bitcoin’s test network

Satoshi Nakamoto created the main Bitcoin blockchain , the main chain network where the genesis block is located is called the main network. There are other Bitcoin chains for testing purposes:
The existing ones are testnet, segnet and regtest.

testnet is a fully functional online P2P network that includes wallets, test Bitcoins (testnet coins), mining, and all other mainnet-like features.
In fact, there are only two differences from the main network: no one recognizes the value of testnet coins, and the mining difficulty is relatively low, so you can happily use testnet coins.

Those development software that want to interact with the Bitcoin main network can now be tested on the testnet. The benefits of this are really obvious.

testnet3 is the current test network version, because it has appeared three times since the genesis block was restarted. This network is also relatively large, with dozens of Gs.

To carry out testnet full node mining, you need to prepare a hard disk. If you are starting the testnet instead of the mainnet, you can use the following command:

Then you can use the bitcoin-cli command line tool, but switch to testnet mode:

testnet3 All features of the mainnet are supported, including Segregated Witness which has not yet been activated on the mainnet, so testnet3 can also be used to test the Segregated Witness feature.

Such an isolated test network is used to help develop and test Segregated Witness (segwit). This test blockchain is called segnet and can be connected by running a special version of Bitcoin Core.

Since segwitAdded to testnet3, so segnet will no longer be used to test the segwit function later.

Regtest stands for regression testing and is a Bitcoin core feature that allows users to create local blockchains for testing.
Unlike testnet3, the regtest blockchain is designed to run as a closed system for local testing. So you can start from the genesis block, start the regtest chain, and create a local genesis block.

Additional nodes can be added to the network, or run with a single node to test the Bitcoin Core software.

To start Bitcoin Core in regtest mode, you can use the regtest flag:

You can develop Bitcoin Core, full-node consensus clients, wallets, exchanges, etc., or even Smart contracts and complex scripts can be developed using the test network.

『8』How to detect the risk level of blockchain smart contracts

With the acceleration of digital transformation in Shanghai, blockchain technology has been widely used in government affairs, finance, logistics, and justice. It has been widely used in many fields. During the application process, not only new business forms and business models have been born, but also many security issues have arisen, so security supervision is particularly important. As one of the important means of supervision, security evaluation has become a focus of many blockchain R&D manufacturers and application companies. This article talks about some of our exploration and practice on the blockchain compliance security assessment that everyone is concerned about.
1. Blockchain technology evaluation
Blockchain technology evaluation is generally divided into functional testing, performance testing and security evaluation.
1. Functional testing
Functional testing is a test of the basic functions supported by the underlying blockchain system, with the purpose of measuring the capabilities of the underlying blockchain system.
Blockchain functional testing is mainly based on GB/T 25000.10-2016 "System and Software Quality Requirements and Evaluation (SQuaRE) Part 10: System and Software Quality Model", GB/T 25000.51-2016 "System and Software Quality" Requirements and Evaluation (SQuaRE) Part 51: Quality Requirements and Testing Details for Ready to Use Software Products (RUSP)" and other standards to verify whether the software under test meets the requirements of relevant test standards.
Blockchain function testing specifically includes networking methods and communication, data storage and transmission, encryption module availability, consensus function and fault tolerance, smart contract function, system management stability, chain stability, privacy protection, and interoperability , account and transaction types, private key management solutions, audit management and other modules.
2. Performance testing
Performance testing is a type of test implemented and executed to describe and evaluate the performance-related characteristics of the test object. Most of them are carried out during project testing.During the evaluation, it is used to verify whether the established technical indicators are completed.
Blockchain performance testing specifically includes high-concurrency stress test scenarios, peak impact test scenarios, long-term stable operation test scenarios, query test scenarios and other modules.
3. Security Assessment
Blockchain security assessment mainly conducts security testing and evaluation of account data, cryptography mechanisms, consensus mechanisms, smart contracts, etc.
The main basis for blockchain security evaluation is "DB31/T 1331-2021 General Requirements for Blockchain Technology Security". You can also refer to standards such as "JR/T 0193-2020 Blockchain Technology Financial Application Assessment Rules" and "JR/T 0184-2020 Financial Distributed Ledger Technology Security Specifications" based on actual testing needs.
Blockchain security assessment specifically includes storage, network, computing, consensus mechanism, cryptography mechanism, timing mechanism, personal information protection, networking mechanism, smart contracts, services and access, etc.
2. Blockchain Compliance Security Assessment
Blockchain compliance security assessment generally includes “Blockchain Information Service Security Assessment”, “Network Security Level Protection Assessment” and “Special Funding Projects” "Acceptance Evaluation" three categories.
1. Blockchain information service security assessment
Blockchain information service security assessment is mainly based on the "Blockchain Information Service Management Regulations" issued by the Cyberspace Administration of China on January 10, 2019 (hereinafter referred to as "Regulations") and refer to the national blockchain standard "Blockchain Information Service Security Specification (Draft for Comments)".
The "Regulations" aim to clarify the information security management responsibilities of blockchain information service providers, standardize and promote the healthy development of blockchain technology and related services, avoid blockchain information service security risks, and provide blockchain Provide effective legal basis for the provision, use and management of information services. Article 9 of the "Regulations" states: Blockchain information service providers that develop and launch new products, new applications, and new functions must report to the national and provincial, autonomous region, and municipality Internet Information Offices for security assessment in accordance with relevant regulations.
The "Blockchain Information Service Security Specification" is a construction and preparation project led by the Institute of Information Engineering of the Chinese Academy of Sciences and jointly participated by Zhejiang University, China Electronics Technology Standardization Institute, Shanghai Information Security Evaluation and Certification Center and other units. National standards for evaluating the security capabilities of blockchain information services. The "Blockchain Information Service Security Specification" stipulates the security requirements that blockchain information service providers of alliance chains and private chains should meet, including security technical requirements and security assurance requirements as well as corresponding test and evaluation methods, and is suitable for guiding blockchain Chain information service security assessment and blockchain information service security construction. The security technical requirements and guarantee requirements framework proposed by the standard are as follows:
Figure 1 Blockchain information service security requirements model
2. Network security level protection evaluation
The main basis for network security level protection evaluation includes "GB/T 22239-2019 Basic Requirements for Network Security Level Protection" and "GB/T 28448-2019 Network Security Level Protection Evaluation Requirements".
As an emerging information technology, the application system built by blockchain is also an object of level protection and needs to be evaluated for level protection in accordance with regulations. The general requirements for level protection security evaluation are applicable to the evaluation of the infrastructure part of the blockchain, but currently there are no specific security requirements for the blockchain. Therefore, the expansion requirements for blockchain security evaluation still need to be further explored and studied.
3. Special fund project acceptance evaluation
According to the relevant regulations of the Municipal Economic and Information Technology Commission, information technology special fund projects are required to issue a safety evaluation report during project acceptance. The acceptance evaluation of blockchain application projects will be carried out in accordance with Shanghai’s latest blockchain local standard "DB31/T 1331-2021 General Requirements for Blockchain Technology Security".
3. Exploration and practice of blockchain security assessment
1. Standard preparation
Shanghai Assessment Center actively participates in the preparation of blockchain standards. Led by the Shanghai Evaluation Center, Suzhou Tongji Blockchain Research Institute Co., Ltd., Shanghai Qiyin Information Technology Co., Ltd., Shanghai Moheng Network Technology Co., Ltd., the First Research Institute of Telecommunications Science and Technology and other units participated in the preparation of the blockchain local standard " DB31/T 1331-2021 "General Requirements for Blockchain Technology Security" was officially released in December 2021 and will be officially implemented on March 1 this year. The blockchain national standard "Blockchain Information Service Security Specification", which the Shanghai Assessment Center participated in the preparation of, is in the stage of soliciting opinions.
At the same time, the assessment center also participated in the compilation of primary and intermediate textbooks for blockchain engineering technicians organized by the Ministry of Human Resources and Social Security and led by Tongji University, and was responsible for compiling the chapter "Testing the Blockchain System".
2. Project Practice
In recent years, the Shanghai Assessment Center has conducted a large number of blockchain security assessment practices based on relevant technical standards, including grade protection assessment, information service security assessment, project security assessment, etc. In the evaluation practice, the main security issues discovered are as follows:
Table 1 Blockchain is mainly a security issue
Serial number
Evaluation items
Problem description
1
Consensus Algorithm
The consensus algorithm uses Kafka or Raft consensus and does not support Byzantine fault tolerance or tolerate malicious node behavior.
2
On-chain data
On-chain sensitive information is not encrypted, and all data on the chain can be accessed through the query interface or blockchain browser.
3
Cryptographic Algorithm
The random numbers used in the cryptographic algorithm do not meet the randomness requirements of GB/T 32915-2016.
4
Node Protection
For the alliance chain, security protection measures failed to be configured for the area where the node server is located.
5
Communication transmission
No secure information transmission channel has been established when communicating between nodes and between the blockchain and upper-layer applications.
6
Consensus Algorithm
The number of nodes deployed in the system is small, and sometimes the number of fault-tolerant nodes required by the consensus algorithm is not even reached.
7
Smart Contract
The operation of the smart contract is not monitored, and problems that arise during the operation of the smart contract cannot be discovered and dealt with in a timely manner.
8
Services and Access
Upper-layer applications have access control flaws such as unauthorized and unauthorized access, leading to business confusion and data leakage.
9
Smart Contract
Smart contract coding is not standardized. When an error occurs in the smart contract, the smart contract freezing function is not provided.
10
Smart Contract
The running environment of smart contracts is not isolated from the outside, and there is a risk of external attacks.
3. Tool Application
When the evaluation center organized and compiled the "DB31/T 1331-2021 General Requirements for Blockchain Technology Security", it has considered the connection needs with the graded protection evaluation. The "infrastructure layer" security in DB31/T 1331 is consistent with the relevant requirements of the secure physical environment, secure communication network, security area boundary, secure computing environment, security management center, etc. of level protection, "protocol layer security", "extension layer" "Security" more reflects the unique security protection requirements of the blockchain.
Based on the relevant security requirements of DB31/T 1331, the assessment center is organizing and compiling extended blockchain assessment requirements. The relevant results will be applied to the network security level protection assessment tool - Assessment Expert. By then, evaluation institutions using the "Evaluation Expert" software will be able to conduct blockchain security evaluations accurately, standardly and efficiently, discover blockchain security risks, and put forward corresponding rectification suggestions