KNOWNSEC 404 blockchain security team warned the smart contract JSON-RPC interface
A smart contract is a computer protocol designed to digitally facilitate, authenticate, or enforce the negotiate an agreement. Smart contracts facilitate credible transactions without third parties. These transactions are trackable and immutable. Smart contracts were first proposed by Nick Szabo, who coined the term, in 1994.
JSON is a lightweight data-interchange format. It can represent numbers, strings, ordered sequences of values, and collections of name/value pairs. JSON-RPC is a stateless, light-weight remote procedure call (RPC) protocol. Primarily this specification defines several data structures and the rules around their processing. It is transport agnostic in that the concepts can be used within the same process, over sockets, over HTTP, or in many various message passing environments. It uses JSON (RFC 4627) as a data format.
The team at Knownsec found some irregularity in the smart contract JSON-RPC. The security team of the Knownsec 404 blockchain warned the smart contract JSON-RPC interface. Today, Knownsec 404 blockchain security team has discovered that in the case of a smart contract, JSONRPC opened TCP port 8545 with intensive scanning, and the JSON-RPC interface has been exposed to multiple teams at home and abroad through the unlock Account of the relevant intelligence contract to unlock the time difference and cause the global theft of tokens.
Also Knownsec 404 blockchain security team noticed some centralized automatic deployment environment of POW(Proof of Work) intelligent contract still uses the old code, which might be a security risk, Knownsec 404 blockchain security team reminded everybody to pay close attention to the smart JSON-RPC interface security problems, such as contract, completes the corresponding port security defense mechanisms, limit the network access, etc.
If you need any technical support, contact with Knownsec 404 blockchain safety research team.
Contact -Tel: 4001610866
Image via Knownsec Facebook Page