简体中文
繁體中文
English
Tiếng Việt
Scan to Download the APP
Science Learning
Zero-Knowledge Proofs Zk-rollup zk-SNARKs zk-STARKs Whitelist Wick Win Rate Wrapped Ether (WETH) Weak Subjectivity Web 1.0 Wei Whale Whiskers Vladimir Club Volatility Volume WAGMI Wallet Weak Hands Unit of Account Unspent Transaction Output (UTXO) User Interface (UI) Verification Code Virtual Machine TrueUSD (TUSD) Trustless Turing Complete Understanding CZ’s Number 4 Total Supply Total Value Locked (TVL) TradFi Transaction ID (TXID) Transactions Per Second (TPS) Token Lockup Token Sale Token Standards Tokenomics Supply Chain Support Taker Tank Ticker Token Staking Pool State Channel Store of Value Supercomputer Social Trading Source Code SPL Stablecoin Sidechains Smart Contract Snapshot Social Recovery Wallet Selfish Mining Sell Wall Sentiment Sharding Sharpe Ratio Security Audit Seed Phrase Seed Tag Segregated Witness (SegWit) Rug pull Sandwich Trading Satoshi Satoshi Nakamoto Secure Asset Fund for Users (SAFU) Securities and Exchange Commission (SEC) Relative Strength Index (RSI) Resistance Return on Investment (ROI) Roadmap Routing Attack Quantum Computing Race attack Ransomware Real World Assets (RWAs) Rekt Proposer-Builder Separation (PBS) Proto-Danksharding Pseudorandom Progressive Web application (PWA) Proof of Attendance Protocol (POAP) Proof of Reserves (PoR) Proof of Stake (PoS) Proof of Staked Authority (PoSA) Proof of Work (PoW) Price Action Prisoner's Dilemma Private Key Private Keys Private Sale Permissionless Blockchain Phishing Plasma Polkadot Crowdloan Ponzi Scheme Orphan Block Paper Wallet Passive Management Peer-to-Peer (P2P) Pegged Currency Offshore account Open-Source Software (OSS) Oracle ORC-20 Tokens Order Book Ordinals Node Non-fungible Token (NFT) Nonce OCO Order Off-chain Monitoring Tag Moon Multisignature NFT Floor Prices NFT Mystery Boxes NGMI Metaverse Mining Mining Farm Minting Monetary Policy Mempool Merged Mining Merkle Tree Metadata Market Momentum Market Order Masternode Maximum Supply Mainnet Swap Maker Malware Margin Trading Market Capitalization Liquidity Crisis Liquidity Provider Liquidity Ratios Listing Mainnet Library Lightning Network Linux Liquidity Know Your Customer (KYC) Latency Law of Demand Layer 2 Ledger Leveraged Tokens InterPlanetary File System (IPFS) IOU Isolated Margin Issuance Keccak Initial Coin Offering (ICO) Initial Exchange Offering (IEO) Initial Public Offering (IPO) Integrated Circuit (IC) Interoperability HODL Honeypot Iceberg Order Immutability Index Hash Hash Rate Hashed TimeLock Contract (HTLC) High-Frequency Trading (HFT) Hackathon Hacker Haha Money Printer Go Brrrrr Halving Hard Cap Genesis Block GitHub GM (Good Morning) Golden Cross Gossip Protocol Gwei Fungibility Futures Contract Gas Gas Limit General Public License Formal Verification Fraud Proof Fren Full Node Fundamental Analysis (FA) Flashbots Flippening Forced Liquidation Forex (FX) Fork Fiat Fill Or Kill Order (FOK) Finality First-Mover Advantage (FMA) Fiscal Policy Flappening Fakeout Falling Knife Fan Tokens Fear Of Missing Out (FOMO) Fear, Uncertainty and Doubt (FUD) ERC-721 ETF Ethereum Classic Ethereum Virtual Machine (EVM) Exchange Efficient Market Hypothesis (EMH) Encryption Enterprise Ethereum Alliance (EEA) ERC-1155 ERC-20 Divergence Diversification Do Your Own Research (DYOR) Dollar Cost Averaging (DCA) Double Spending Eclipse Attack Design Flaw Attack Diamond Hands Difficulty Difficulty Bomb Decentralized Indexes Decryption Deep Web Delisting Depeg Decentralized Application (DApp) Decentralized Autonomous Cooperative (DAC) Decentralized Autonomous Organization (DAO) Decentralized Exchange (DEX) Decentralized Finance (DeFi) Custody Daemon Danksharding Dead Cat Bounce Crypto ETFs Crypto Protocol Crypto Winter Cryptocurrency Cryptography Consumer Price Index (CPI) Contango and Backwardation Copy Trading Counterparty Risk Credentials Cross-Chain Bridges Colocation Commodity Futures Trading Commission (CFTC) Compound Interest Confirmation Time Confluence Cipher Circulating Supply Cloud Coin Collateral Central Bank Central Bank Digital Currency (CBDC) Central Processing Unit (CPU) Centralized Centralized Exchange Buy Wall Candidate Block Candlestick Capitulation Censorship-resistance Breakeven Multiple Breakout BUIDL Bull Market BNB Bollinger Bands Bounty BRC-20 Tokens Break-Even Point (BEP) Block Reward Blockchain Blockchain Charity Foundation Bloom Filter Blue-Chip Token Black Swan Event Block Block Explorer Block header Block Height Bitcoin Dominance Bitcoin Maximalists Bitcoin Pizza Binance Ecosystem Fund (BEF) Binance Labs Binancian Bitcoin Bitcoin Core Beta (Coefficient) Beta (Release) Bid Price Bid-Ask Spread Binance Community Vote Benchmark BEP-2 BEP-20 BEP-721 BEP-95 B-Tokens Bags Beacon Chain Bear Market Asynchronous Atomic Swap Attack surface Auction Automated Market Maker (AMM) Arbitrage ASIC-resistant Ask Price Asset Management Altcoin Angel Investor Anti Money Laundering (AML) Application Programming Interface (API) Application-Specific Integrated Circuit (ASIC) All-Time High (ATH) Allocation Alpha Address Airdrop Algorithm All or None Order (AON) Absolute Advantage Active Management Ad Hoc 51% Attack What is ransomware? Proof of entrusted rights and interests Detailed explanation of market placers and market takers What is a 51% attack? What is inflation? What is a dust attack? What is BNB? What is phishing? What is keylogging universal security principles Pyramids and Ponzi Schemes Explained A Beginner’s Guide to the Bitcoin Lightning Network Delayed proof of work What is a node? Moving averages explained Hard fork and soft fork The difference between blockchain and Bitcoin An explanation of liquidity The history of blockchain Byzantine Fault Tolerance What is a cryptocurrency? Burn proof explained Sybil Attack What is Proof of Stake (PoS)? What is Proof of Work (PoW)? What is token burning? What is the RSI indicator? Bollinger Bands Indicator Explanation Authoritative proof explanation What is Trust Wallet(TWT)? Binance Two-Factor Authentication (2FA) Guide What is a market order? What is a limit order? Withdrawal whitelist address What is a limit, take profit, and stop loss order? How blockchain works How to deposit money on Binance Anti-phishing code setting guide How to Withdraw Cash on Binance Convert Dust in Binance What is the blockchain consensus algorithm? Proof of Work (PoW) vs Proof of Stake (PoS) Advantages and Disadvantages of Blockchain On Game Theory and Cryptocurrency What is fiat currency? 2008 financial crisis What is Ripple? What is tulip fever? What is a multi-signature wallet? What is Ethereum Plasma? Why public Wifi is unsafe The history of cryptography What is a DoS attack? Blockchain use case: supply chain What is a replay attack? What is public key cryptography? What is an Initial Coin Offering (ICO)? What is a fractional reserve system? What is quantitative easing (QE)? Blockchain use case: charity Blockchain application case: medical insurance What is Stochastic RSI? What is hyperinflation? What ensures the security of blockchain? What is social engineering? Blockchain application cases zk-SNARKs and zk-STARKs explained Binance Chain Explorer User Guide Binance Chain: Things to avoid on the test network Detailed explanation of hybrid PoW/PoS consensus mechanism What are forward and futures contracts? MACD indicator explanation What is technical analysis? Symmetric encryption vs asymmetric encryption Blockchain application case: Internet of Things (IOT) What is symmetric encryption? Detailed explanation of Ichimoku Cloud What is an options contract? What is leveraged trading? Common scams on mobile devices What is PGP? Lease Proof of Stake (LPOS) Consensus Algorithm Blockchain use case: electronic identity Binance Margin Trading Account Setup Guide Detailed explanation of atomic swap Application cases of blockchain: government governance What is a cryptocurrency wallet? Detailed explanation of Ethereum Casper What is hashing? What is a perpetual futures contract? Device fingerprinting: How were you exposed? What is a 2-for-1 order? What is a digital signature? Blockchain application case: transfer and remittance What is Mimblewimble? Detailed explanation of financial risks Detailed explanation of Wyckoff analysis method market cycle psychology What are leading and lagging indicators? Detailed explanation of peer-to-peer network What is equity pledge? What is a smart contract? Detailed explanation of trend lines A Beginner’s Guide to Segregated Witness (SegWit) An introduction to cryptoeconomics A Brief Guide to the Parabolic Indicator The Ultimate Guide to Binance Futures Trading A risk management guide for beginners The Complete Beginner’s Guide to Decentralized Finance (DeFi) Blockchain use case: Gaming How blockchain technology will impact the banking industry The Ultimate Guide to Key Proof Day What is the difference between private chain, public chain and consortium chain? A Beginner’s Guide to Earning Passive Income Using Digital Currencies Insights from a Professional Cryptocurrency Trader - Nik Patel Quantum computers and cryptocurrencies Asset allocation and diversification explained What is an Eclipse Attack? Introduction to Dow Theory Introduction to Dark Pools Introduction to Web 3.0 and its importance Detailed explanation of double spending problem Blockchain and artificial intelligence-detailed explanation of future technologies Beginner's Guide to K-Line Charts Introduction to Confidential Transactions Introduction to Elliott Wave Theory Analyzing Bitcoin 12 types of K-line charts commonly used in technical analysis Blockchain Scalability - Sidechain Technology and Payment Channels A guide to digital currency collectibles and non-fungible tokens (NFTs) SafePal S1 – Hardware Wallet Review 2022 Trezor Model T – 2022 Hardware Wallet Review Trezor On – Hard Wallet Review 2022 Cobo Vault – Hardware Wallet Review 2022 Why you should use a hardware wallet 5 basic indicators used in technical analysis Blockchain use case: prediction markets What is Ethereum? Ledger Nano S – Hardware Wallet Review 2022 Ledger Nano X – Hardware Wallet Review 2022 KeepKey – Hardware Wallet Review 2022 CoolWallet S – Hardware Wallet Review 2022 Detailed explanation of Decentralized Autonomous Organization (DAO) What is selfish mining Token Mixing and CoinJoin Interpretation "Fibonacci Retracement Study Guide" Bitcoin and Stock-to-Flow Ratio Model Beginner’s Guide to Classic Chart Patterns How to calculate position size in trading A brief discussion on "Black Monday" and the stock market crash Detailed explanation of mining pools A Beginner’s Guide to Security Tokens Is Bitcoin a store of value? 7 simple steps to protect your Binance account Detailed explanation of dollar cost averaging (DCA) 5 Common Cryptocurrency Scams and Prevention Strategies Detailed explanation of the basic principles of support and resistance A Beginner’s Guide to Binance Leveraged Token (BLVT) Detailed explanation of volume weighted average price (VWAP) A Beginner’s Guide to Cryptocurrency Trading Strategies How to Safely Store Digital Currency 7 common mistakes in technical analysis (TA) What is fundamental analysis (FA)? How to trade delivery futures on Binance A must-read for newbies: A complete guide to cryptocurrency trading What is currency? What is the Golden Cha and the Dead Cha? Binance API Series Part I – Spot Trading with Postman Introduction to Bitcoin Script What do Schnorr signatures mean for Bitcoin? Detailed explanation of Merkel tree and Merkel root What is end-to-end encryption (E2EE)? A Beginner’s Guide to Cryptocurrency Day Trading What is a short squeeze? Introduction to ERC-20 Tokens What does short selling mean in financial markets? What is a bull market? What is a Directed Acyclic Graph (DAG) in cryptocurrency? How does the economy work? A Beginner’s Guide to Swing Trading Cryptocurrency What is a bear market? Tokenizing Bitcoin in Ethereum Explained What exactly is liquidity mining in decentralized finance (DeFi)? 12 Terms Cryptocurrency Traders Must Know What is cryptocurrency short-term trading? How to use MetaMask What are flash loans in DeFi? What is Compound Finance in Decentralized Finance (DeFi)? What is SushiSwap and how does it work? How to create technical analysis indicators on TradingView What is Uniswap? How does it work? What is risk-reward ratio and how to use it PancakeSwap Guide A Guide to Cryptocurrency Fundamental Analysis Binance Dual Currency Investing Quick Start Guide Seven indicators that decentralized finance (DeFi) investors must know What is Dogecoin? What is an automated market maker (AMM)? What is Binance Smart Chain? What are cookies? What is a decentralized exchange (DEX)? What is impermanent loss How to Calculate Return on Investment (ROI) Learn about the different order types Connect MetaMask wallet in Binance Smart Chain How to use a Bitcoin ATM How to use the Bitcoin Blockchain Explorer What is Alpha Homora in DeFi? Six Binance Smart Chain (BSC) Metrics You Must Know Introduction to Binance Bridge What is arbitrage trading? An introduction to Ethereum 2.0 and its importance Getting Started with BakerySwap What is Yearn.finance (YFI)? What is a trading journal and how to use it What is Curve Finance in Decentralized Finance (DeFi)? BurgerSwap(BURGER) Guide How to spot a scam in decentralized finance (DeFi) What is Chainlink (LINK)? 8 common Bitcoin scams and strategies to prevent them What is backtesting? What is an elastic supply token? What is MakerDAO (DAI)? What is Taproot and how does it benefit Bitcoin? Who is Satoshi Nakamoto? What is Polkadot (DOT)? What are the liquidity pools in the DeFi field? How do they work? Detailed explanation of cryptocurrency market capitalization What is Swipe Token (SXP)? What are Spark (FLR) and Flare Network? what is interest rate What is Facebook Libra (Diem)? What is an Initial Exchange Offering (IEO)? What is Tether (USDT)? What is Aave (AAVE)? How to backtest a trading strategy What is Cardano (ADA)? What is Basic Attention Token (BAT)? What are network effects? Review of Binance Academy’s major events in 2020 What is Filecoin (FIL)? Detailed explanation of Central Bank Digital Currency (CBDC) Beginner’s Guide to Binance Finance What is a wrapped token? What is VeChain (VET)? What is Tezos (XTZ)? What is OmiseGO (OMG)? Detailed explanation of Tendermint What is spoofing in financial markets? What is a Bitcoin ETF? What are blockchain transaction fees? Getting Started Guide to BNB Smart Chain (BSC) What is Axie Infinity (AXS)? Binance Beginner’s Guide How to recover digital currency transferred to the wrong network on Binance A quick guide to staking Binance Coin on Binance Smart Chain (BSC) How to make your own NFT How to withdraw BEP-20 tokens on Binance Smart Chain The top three NFT projects on Binance Smart Chain What is BETH and how to use it How to use Binance Chain wallet How to cancel or replace a pending Ethereum transaction Bitcoin Mining Guide How to invest in Bitcoin and altcoins What are Cryptopunks? Connect Trust Wallet wallet in BNB Smart Chain (BSC) What is "Decentraland" (MANA)? 7 things you need to know about NFTs What is cryptocurrency market sentiment? What is the Ethereum London Hard Fork? "Seven Major NFT Use Cases" What is Solana (SOL)? Detailed explanation of bid-ask spread and sliding spread TradingView Beginner’s Guide Getting Started with Binance NFT Market Why is Bitcoin valuable? What is Synthetix (SNX)? What is Bitcoin Cash (BCH)? What is the Cryptocurrency Fear and Greed Index? What is Forex trading? How to use WalletConnect How is Binance Smart Chain different from Ethereum? What is Polygon (MATIC)? Comparison of custodial and non-custodial NFTs: What is the difference between the two? Best Cryptocurrency Wallets for BNB Smart Chain (BSC) How are cryptocurrencies taxed? What is the spot market and how is spot trading conducted? How to trade Bitcoin futures contracts How to Build a Balanced Cryptocurrency Portfolio How to trade cryptocurrencies responsibly Bitcoin price history overview An introduction to QuickSwap concepts and how it works What is Avalanche (AVAX)? An introduction to the concept of NFT games and their operating principles What is KYC (Know Your Customer)? What is Anti-Money Laundering (AML)? What are Binance Fan Tokens? What is Etherscan and how to use it? Why has Loot become a popular project in the NFT gaming community? What is a cryptocurrency card and how it works What is the Metaverse? How to connect Ledger Nano to Binance Smart Chain (BSC)? Introduction to NFT blind box and its operating principle How to create your own cryptocurrency? How to use Ronin wallet? Beginner’s Guide to Binance Lite What is "Play and Earn" and how to cash out? What is Illuvium (ILV)? What is Shiba Inu Coin (SHIB)? What is Cosmos (ATOM)? What is Smooth Love Potion (SLP)? What is the Ethereum Name Service (ENS)? What is Sandbox (SAND)? BscScan concept and usage analysis What is the Boring Ape Yacht Club (BAYC)? What is a memecoin? What is NFT staking and how does it work? 6 international giants who are creating the Metaverse What is Litecoin (LTC)? What is a nested trading platform? Why must we avoid it? 4 Blockchain and Cryptocurrency Projects in the Metaverse What is Audius (AUDIO)? 7 major technologies that promote the development of the Metaverse Binance Academy 2021 Year in Review An introduction to DeFi 2.0 and its importance What is a non-fungible token (NFT) virtual land in the Metaverse? What is an initial game release (IGO)? What is the Ethereum Arrow Glacier Upgrade? How to use Polygon Bridge? What is an IDO (Initial Decentralized Exchange Offering)? How to add the Avalanche consensus protocol to MetaMask? How to add Polygon to MetaMask? What is Wrapped XRP (wXRP) and how does it work? How to buy land in the Metaverse? What is BNB automatic destruction? What is a cryptocurrency airdrop? Cryptocurrency Payments Explained Cryptocurrency Lending and How It Works How to use Avalanche wallet? What is Algorand (ALGO)? What is Layer 1 in blockchain? Analysis of the concept and usage of SolScan How to create a DAO? Wrapped Ethereum (WETH): Concept and Packaging What is Porto Fan Token (PORTO)? What are Yield Guild Games (YGG)? What is the NEAR Protocol (NEAR)? What is leverage in cryptocurrency trading? What is Harmony (ONE)? What is smart contract security audit? How to trade the hammer candlestick pattern What is the difference between custodial and non-custodial wallets? What is WOO Network(WOO)? What is COTI? What is Ankr (ANKR)? What is THORChain(RUNE)? What is Immutable X(IMX)? What is ApeCoin (APE)? What is Qtum (QTUM)? The concept of GameFi and how it works The 10 most expensive NFTs sold to date How to add Arbitrum to MetaMask? Six Top Dual Currency Investment and Trading Strategies How to add Fantom to MetaMask? What is NEXO (NEXO)? What is a decentralized application (DApp)? What is a cryptocurrency faucet? What are Liquidity Pool (LP) tokens? What are governance tokens? Blockchain Layer 1 and Layer 2 expansion solutions What is the difference between cryptocurrencies and stocks? What is XRP Ledger (XRPL)? What is PAX Gold (PAXG)? What is SKALE (SKL)? What is STP (STPT)? What is an investment DAO? What is the Bitcoin (BTC) Leading Index? What is a blockchain bridge? What is Kyber Network (KNC)? What is tokenomics? Why is it important? What is Band Protocol (BAND)? What is UMA? What is Lisk (LSK)? A comprehensive introduction to the Ethereum merge and upgrade What is MANTRA (OM)? What is BitTorrent (BTTC)? What is Livepeer (LPT)? What is Soul-Bound Token (SBT)? Take-profit and stop-loss points and their calculation methods What is Lido (LDO)? What are BurgerCities (BURGER)? Can there be multiple metaverses? How to Become an NFT Artist: Getting Started with the Binance NFT Market Ethereum moves to proof-of-stake: What Ethereum holders need to know What is High Street (HIGH)? What is Metaverse Real Estate? What is BENQI (QI)? Who is NFT artist Beeple? Why the fame? What is the average amplitude indicator? Web2 vs. Web3: Which one is better? What is a cryptocurrency white paper? What is Binance Oracle? What is the relationship between blockchain and Web3? Which companies have invested in the Metaverse? A brief history of the Bitcoin Leading Index What is the blockchain ternary paradox? What is WOOFi? Cryptocurrency Mining Guide What is GMX? What is Venus Protocol? What is TrueFi (TRU)? "Five Risk Management Strategies" What is Polymesh (POLYX)? What is a behavioral bias? How to avoid behavioral biases? What is a cryptocurrency index fund? A brief history of the Metaverse and the role of cryptocurrencies What is Proof of Reserves and how does it work on Binance? Binance Academy 2022 Year in Review What is DeFi’s real rate of return? What are dynamic NFTs and how do they change? The concept of zero-knowledge proof and its impact on blockchain What is Hashflow (HFT)? What is Hooked Protocol (HOOK)? Ethereum Shanghai upgrade concept and its impact What are token standards? What is Layer 0 in blockchain? What is an API key and a guide to using it securely What is EOS? What is peer-to-peer trading and how is it used? What is the time value of money? What is Maximum Extractable Value (MEV)? How AI Impacts DeFi: Promises and Delusions What is formal verification of smart contracts? How to set and achieve personal financial goals What are permissioned and permissionless blockchains? Trading Psychology: How to Avoid Emotional Trading How do DeFi protocols bring revenue and why is it important? Four self-research methods on DeFi liquidity mining The difference between optimistic aggregation and zero-knowledge aggregation What is BNB Greenfield? How will AI affect the NFT art ecosystem? What is triangular arbitrage and how to exploit it? What are the common cross-chain bridging security vulnerabilities? What are Ordinals? Bitcoin NFT Overview What is ERC-4337, the Ethereum Account Abstraction? What is decentralized storage? What is cross-chain interoperability? What is a cryptocurrency? What are some common security issues with GameFi? How Web3 will change the worlds of sports, music and fashion How to Conduct Peer-to-Peer (C2C) Transactions Safely What is cryptocurrency mining and how does it work? What are non-fungible tokens (NFTs)? What are crypto whales and how can you spot them? What is an air gap wallet? What is a cryptocurrency gaming currency? What to consider when building your investment portfolio What is data tokenization and why is it important? What is a stablecoin? How to protect crypto assets after death and transfer them to heirs How to create an NFT What is ZkEVM and how does it enhance the Ethereum ecosystem? The difference between Bitcoin spot ETF and Bitcoin futures ETF Introduction to Isolated Margin and Cross Margin in Cryptocurrency Trading A detailed guide on how to grow your savings An introduction to NFT lending and how it works How hedging works in the cryptocurrency field and what you need to know about seven hedging strategies An introduction to cryptocurrency trading bots and how they work Comprehensive Guide to NFT Categories What is Uniswap V4? What is two-factor authentication (2FA)? What is BASE – Coinbase’s Layer 2 Network? What is EIP-7514 The thunder is loud but the rain is small, is the FTX liquidation really that scary? What is Tip Coin? Can I earn a bowl of pig's trotter rice through it? What is OpenSea What is a vampire attack What is the Cosmos v12 upgrade What is Rebase Token? What are the U.S. government Bitcoin addresses? What is Shiba Inu (SHIB): The Memecoin that strives to shed the Meme tag What is a banana gun? Can you charge? What is Restaking What is EigenLayer What is ERC-6551: The most important innovation in the NFT space after ERC-721 What is Rollbit? Why is it so popular recently? Bitcoin spot ETF application review - when will it be approved? What is order book liquidity? How to compare liquidity data of major exchanges in real time through TokenInsight? What is EIP-4844? How Cancun Upgrade Reduces Ethereum Transaction Fees? What is Sei Network What is ERC-4337 What is Account Abstraction? What is Polygon 2.0 What is PYUSD? Learn about PayPal’s new moves in Web 3.0 Can Bitcoin Spot ETF Successfully Get Approval? Bitcoin Spot ETF 2023 Application Status Bitcoin spot ETF failure case Why Bitcoin Spot ETFs Matter What are the Bitcoin spot funds? What is a Bitcoin ETF? How to become a better memecoin player How to Assess the Value of Meme Coins What is Memecoin? How to understand meme coin project risks How to discover meme coins What is the Responsible Financial Innovation Act What is the 21st Century Financial Innovation and Technology Act? Who is Arthur Hayes: Pioneer of Crypto Madness What is Bitcoin Market Capitalization Bitcoin Dominance Is Gary Gensler still worth the crypto market’s expectations? What is Pi Cycle Indicator What is NVT Ratio What is CDD and Liveliness What is Puell Multiple What is SOPR What are MVRV and NUPL What is WorldCoin What is UniswapX What are the benefits of hiNFT transactions? What is a Divisible NFT? How Fracton is revolutionizing divisible NFTs Where to trade hiNFT What is Bitcoin Cash Bitcoin Cash ($BCH) How to use Tokenlon Limit Orders Limit Orders How to use Tokenlon Instant Swap What are the characteristics of Tokenlon DEX? What is Tokenlon DEX How to value Bitcoin What is Take Profit/Stop Loss Order TP/SL Order What is a limit order? Limit Order What is a Market Order? What is Open Interest? What are U-margined and coin-margined contracts? What is Cross Margin and Isolated Margin? What is Funding Rate? What is Mark Price and Index Price? Who is SBF – From mansions and yachts to silver bracelets and iron fences How to use TokenInsight batch transfer assistant What is an FOMC meeting? Why is it important? What is Osmosis What is Appchain Appchain What is the history of Cosmos What is Cosmos Hub What is Tendermint What is Cosmos SDK What is the IBC protocol What is Cosmos What are some interesting Starknet projects? How to use StarkNet What is the relationship between StarkNet and StarkEx What is the difference between Starknet and zkSync What is Starknet What is the difference between SNARK and STARK What is Optimism Bedrock Upgrade How to use iZiSwap What is iZiSwap iPoint What is Discrete Liquidity Automated Market Maker DLAMM What is iZiSwap What is Safu What is Shill What is GM/GN What is Degen What is IYKYK What is To the Moon What is NFA What is Paper Hand? what is diamond hand What is NGMI What is WAGMI What is FUD What is DYOR What is LFG What is FOMO What are the functions of OKX wallet? How to install OKX wallet What is OKX Wallet What is BRC-20 The difference between Bitcoin NFT and Ethereum NFT What are Bitcoin NFTs? What is SyncSwap What is Mute What is Velocore How to use zkSync What is zkSync What is Rollup How to get airdrops Receive Airdrops What is TVL What is Account Model? Account Model Who is Brian Armstrong Who is Hayden Adams Who is Joseph Lubin What is Stargate What is Wormhole What is Cross-Chain Bridge? DeFi History Review Who is CZ Who is Vitalik Buterin Who is Satoshi Nakamoto? How to use cryptocurrencies Use Cryptocurrencies What is DeFi Aggregator My Risks When Buying/Holding Crypto How to Get Cryptocurrencies Get Cryptocurrencies What is Rekt What is a mnemonic phrase? Secret Recovery Phrase What is sharding? What is GMX What is dYdX What is Impermanent Loss? What is Curve What is Uniswap What is a centralized exchange CEX What is an Automated Market Maker (AMM)? What is a decentralized exchange DEX What is Flash Loan? Flash Loan What is a decentralized stablecoin? Decentralized Stablecoin What is Liquidity and LP (Pool) What is Slippage? What is Three Arrows Capital? What is DeFi What is yearn.finance What is Yield Farming/Liquidity Mining? What is Launchpad Launchpad What is a smart contract Smart Contract What is Euler Finance Where can I check Token information? What is Liquid Staking? What is Aave What is decentralized lending? Decentralized Lending & Borrowing What is Block Block What is Oracle What is Perpetual Contract Perp What is an exchange? What is Blockchain Blockchain What is a synthetic asset? Synthetic Asset What is Chainlink What are the four basic functions of a blockchain? Primary Functions of a Blockchain What is 51% Attack 51% Attack What is Soulbound Token? What are public keys and private keys? Public Keys and Private Keys What is Nonce What is EIP What is Shanghai Upgrade? What is Node/Validator Node/Validator What is the Difference between Cryptocurrency and Stock Difference between Cryptocurrency and Stock What is Arweave What is ICO / IEO / IDO What is Bitcoin Halving Bitcoin Halving What is Ultrasound Money What is APR / APY What is a Rug Pull scam? What is Utilization Rate? What is Pump & Dump Scam? What is Phishing Scam Phishing What is Ponzi Scheme Ponzi Scheme What is Mining What is Zero-Knowledge Proof? What is Liquidation? What is the Byzantine Generals Problem? What is Lending? What is Sybil Attack Sybil Attack What is exchange platform currency Exchange Token What is Blockchain Impossible Triangle Blockchain Trilemma What is Faucet What is UTXO What is Consensus Mechanism? What is Proof of Stake? What is Proof of Work PoW What is RPC What is plasma What is Nakamoto Coefficient What is IPFS What is a state channel? State Channel What is gas fee What is Layer 2 Network Layer 2 What is Validium What is HODL What is a fork? What is Wrapped Token? What is Fungible Token? What is ERC-20 What are Coins and Tokens What is Ethereum Virtual Machine Compatible EVM-compatible What is Ethereum Virtual Machine EVM What is Airdrop What is MEV What is DApp What is a distributed ledger? Distributed Ledger What is Wallet? What is DAO What is Stablecoin? What is Tokenomics? What is MetaMask What is whitelist Whitelist What is Metaverse What is Bitcoin Bitcoin What is Ethereum Ethereum what is (3,3) meme What is YGG What is CultDAO What is NFT
What are the common cross-chain bridging security vulnerabilities?
2023-11-18 22:40 Update

This article is a community contribution. The author is Minzhi He, auditor of CertiK.

The views expressed in this article are those of the contributor/author and do not necessarily reflect the views of Binance Academy.

Summary

Blockchain bridge is fundamental to achieving interoperability in the blockchain field. Therefore, the security of cross-chain bridging technology is crucial. Some common blockchain bridge security vulnerabilities include insufficient on-chain and off-chain verification, improper handling of native tokens, and misconfiguration. To ensure that the verification logic is sound, it is recommended to test the cross-chain bridge against all possible attack vectors.

Introduction

Blockchain bridge connects two blockchains , a protocol that allows the two to interact. Through the blockchain bridge, if users want to participate in DeFi activities on the Ethereum network, they only need to hold Bitcoin and do not need to sell it to achieve their goals.

Blockchain bridge is the foundation for interoperability in the blockchain field. They use various on-chain and off-chain verifications to function, so there may be different security vulnerabilities as well.

Why is the security of blockchain bridges crucial?

Blockchain bridges typically hold tokens that users want to transfer from one chain to another. Blockchain bridges are usually deployed in the form of smart contracts. As cross-chain transfers continue to accumulate, a large number of tokens will be held on the bridge. This huge wealth will make them a coveted target for hackers.

Additionally, the attack surface of blockchain bridges tends to be large due to the many components involved. Therefore, criminals have strong incentives to target cross-chain applications in order to obtain large amounts of funds.

According to CertiK estimates, blockchain bridge attacks caused more than $1.3 billion in losses in 2022, accounting for 36% of the total losses that year. .

Common cross-chain bridging security vulnerabilities

In order to enhance the blockchain Bridge security, it is important to understand common cross-chain bridge security vulnerabilities and test the blockchain bridge before launching it. These vulnerabilities mainly come from the following four aspects:

Insufficient on-chain verification

For simple blockchain bridges, especially those designed for a specific dApp, there is usually only a minimal degree of on-chain verification. These bridges rely on a centralized backend to perform basic operations such as minting, burning, and token transfers, with all verification occurring off-chain.

While other types of bridges use smart contracts to verify messages and verify them on-chain. In this case, when a user deposits funds into the chain, the smart contract generates a signed message and returns the signature in the transaction. This signature will be used as proof of deposit and used to verify the user's withdrawal request on another chain. This process should prevent various security attacks, including replay attacks and falsified top-up records.

However, if there is a vulnerability in the on-chain verification process, the attack could cause serious damage. For example, if the blockchain uses Merkle trees to verify transaction records, an attacker can generate forged proofs. This means that if the verification process is vulnerable, an attacker can bypass proof verification and mint new tokens in their account.

Some blockchain bridges will implement the concept of "wrapped tokens". For example, when a user transfers DAI from Ethereum to BNB Chain, their DAI is taken out of the Ethereum contract and an equal amount of wrapped DAI is issued on BNB Chain.

However, if this transaction is not properly verified, an attacker can deploy a malicious contract and manipulate the function to convert the wrapped code Coins are routed from the bridge to the wrong address.

The attacker also needs the victim to approve the cross-chain bridge contract before using the "TransferFrom" function to transfer tokens from the cross-chain bridge contract Take away assets.

But the tricky thing is that many cross-chain bridges require dApp users to approve tokens indefinitely. This practice is very common and it Gas fees can be reduced, but allowing smart contracts to access an unlimited amount of tokens from the user’s wallet introduces additional risks. Attackers would exploit these under-verifications and over-approvals to transfer tokens from other users to themselves.

Insufficient off-chain verification

In some cross-chain bridge systems, off-chain backend servers play a crucial role in verifying the legitimacy of messages sent from the blockchain. In this case, we need to focus on the verification of the recharge transaction.

The working principle of the blockchain bridge with off-chain verification is as follows:

  1. Users interact with the dApp and deposit tokens into smart contracts on the source chain.

  2. Then, the dApp sends the deposit transaction hash to the backend server through the API.

  3. The transaction hash needs to be verified multiple times by the server. If deemed legitimate, the signer signs a message and sends the signature back to the user interface via the API.

  4. After receiving the signature, the dApp verifies it and allows the user to withdraw tokens from the target chain.

The backend server must ensure that the recharge transactions it handles are real and not forged. This backend server determines whether a user can withdraw tokens on the target chain, making it the first target of attacks.

The backend server needs to verify the structure of the transaction initiation event and the contract address that initiated the event. If the latter is ignored, attackers may deploy malicious contracts to forge recharge events with the same structure as legitimate recharge events.

If the backend server does not verify which address initiated the event, it will consider it a valid transaction and sign the message. An attacker can then send the transaction hash to the backend server, bypassing verification and allowing it to withdraw tokens from the target chain.

Improper native token handling

Cross-chain bridges take a different approach to native tokens and utility tokens. For example, on the Ethereum network, the native token is ETH, and most utility tokens comply with the ERC-20 standard.

If users plan to transfer their ETH to another chain, they must first deposit it into the cross-chain bridge contract. To do this, the user simply attaches ETH to the transaction and can retrieve the amount of ETH by reading the "msg.value" transaction field.

Depositing ERC-20 tokens is very different from depositing ETH. To deposit ERC-20 tokens, users must first allow the cross-chain bridge contract to use their tokens. After they approve and deposit the tokens into the cross-chain bridge contract, the contract will use the "burnFrom()" function to destroy the user's tokens, or the "transferFrom()" function to transfer the user's tokens to the contract.

To distinguish which operation it is, you can use an if-else statement in the same function. Or create two separate functions to handle each scenario. Due to different processing methods, if a user attempts to deposit ETH using the ERC-20 deposit function, the ETH may be lost.

When processing ERC-20 deposit requests, users usually provide the token address as an input parameter and pass it to the deposit function. This poses a significant risk, as untrusted external calls may occur during transactions. Using a whitelist to only include tokens supported by a cross-chain bridge is a common practice to minimize risk. Only whitelisted addresses are passed as parameters. This prevents external calls because the project team has filtered the token addresses.

However, when the cross-chain bridge handles the cross-chain transfer of native tokens, there is also a trouble because the native tokens have no addresses. Native tokens can be represented by a special address, the "zero address" (0x000... 0). But there is a problem with this, if the whitelist verification logic is not implemented correctly, passing a zero address to the function may bypass the whitelist verification.

When the cross-chain bridge contract calls "TransferFrom" to transfer user assets to the contract, the external call to the zero address will return false , because the "transferFrom" function is not implemented in the zero address. However, if the contract does not handle the return value correctly, the transaction may still continue to occur. This creates an opportunity for an attacker to execute a transaction without transferring any tokens to the contract.

Configuration error

In most blockchain bridges, there is a privileged role responsible for whitelisting or blacklisting tokens and addresses, assigning or changing signers, and other key configurations. It is critical to ensure that all configurations are accurate, as seemingly trivial oversights can lead to significant damage.

In fact, there have been incidents where attackers successfully bypassed transmission record verification due to configuration errors. The project team implemented a protocol upgrade days before the hack in which a certain variable was changed. This variable is the default value used to represent trusted messages. This change causes all messages to be automatically considered authenticated, thus allowing an attacker to submit a random message and pass the validation.

How to improve the security of cross-chain bridges

As mentioned above Four common cross-chain bridge vulnerabilities demonstrate that security challenges in connected blockchain ecosystems cannot be underestimated. To deal with these vulnerabilities, we need to consider "according to local conditions". No method can be a panacea to deal with all vulnerabilities.

For example, since each cross-chain bridge has unique verification requirements, simply providing general guidelines would ensure that the verification process does not Wrong, this is hard to do. The most effective way to prevent verification bypass is to thoroughly test the cross-chain bridge against all possible attack vectors and ensure that the verification logic is reasonable.

All in all, rigorous testing must be conducted against potential attacks, with special attention paid to the most common security vulnerabilities in cross-chain bridges.

Conclusion

Cross-chain bridges have long been targeted by attackers due to the huge amount of funds. Builders can strengthen the security of cross-chain bridges by conducting comprehensive pre-deployment testing and incorporating third-party audits, thereby reducing the risk of catastrophic hacks that have loomed over cross-chain bridges over the past few years. Cross-chain bridges are crucial in a multi-chain world, but security must be a primary consideration when designing and building effective Web3 infrastructure.

Extended reading

What is a blockchain bridge?

What is cross-chain interoperability?

Three popular cryptocurrency bridges and their working principles

What is a wrapped token?

Disclaimer and Risk Warning: The contents of this article are facts and are for general information and educational purposes only and do not constitute any representation or warranty. This article should not be construed as financial, legal, or other professional advice and is not a recommendation that you purchase any specific product or service. You should seek your own advice from appropriate professional advisers. If this article was provided by a third-party contributor, please note that the views expressed in this article belong to the third-party contributor and do not necessarily reflect the views of Binance Academy. For more information, please clickhereto read our full disclaimer. Digital asset prices may fluctuate. The value of your investment may fall as well as rise and you may not get back the principal invested. You are solely responsible for your own investment decisions and Binance Academy is not responsible for any losses you may suffer. This article does not constitute financial, legal or other professional advice. For more information, please see ourTerms of UseandRisk Warning.













API Subscription Group Discussion Group
About Us
Risk Warning
Contact Us:contact@theblockbeats.org
© 鲁ICP备18051933号