Web3 Security Glossary
Your comprehensive guide to understanding Web3 and onchain security terminology.
Address Poisoning
A deceptive tactic malicious actors use to trick users into sending cryptocurrency to an incorrect address.
Blind Signing
Blind Signing refers to the act of approving a transaction on a hardware wallet without full visibility of its details.
Bypass
A term used by malicious actors to describe methods that allow drainers to prompt a malicious transaction without the transaction being flagged by security providers.
Decentralized Application (dApp)
A website that uses the blockchain as its backend infrastructure, allowing users to perform onchain interactions such as reading onchain state or executing smart contract functions.
EIP-7702
EIP-7702 is an Ethereum update that allows EOA to temporarily act as a smart contract.
Hardware Wallet
A hardware wallet is a secure physical device for storing cryptocurrency private keys offline, safeguarding them from online threats such as hacking.
JSON-RPC
A protocol used for making remote procedure calls in a simple, stateless, and lightweight format. Used in blockchain environments for communication between clients and servers, enabling them to request and receive data in a structured way.
Malicious Airdrop
A tactic used by attackers to distribute free tokens or NFTs to users' wallets with the intent of luring them into interacting with malicious dApps.
Man-in-the-Middle Attack
A Man-in-the-Middle (MitM) Attack is a security breach where a threat actor intercepts and manipulates communication between two parties, typically without either party's knowledge.
ODR (Onchain Detection and Response)
An advanced security solution that provides end-to-end detection and response capabilities through onchain event analysis for real-time threat protection.
Onchain
Any activity, data, or transaction that is executed and recorded directly on a blockchain network.
Onchain Asset Managers
Tools or entities responsible for managing digital assets, such as cryptocurrencies or NFTs, directly on the blockchain.
Onchain Detection
The process of continuously monitoring onchain activities—such as transactions, smart contract interactions, and wallet behaviors—to identify potential security threats or irregularities.
Onchain Detection and Response
A dual-layered security approach combining real-time threat detection with rapid, automated response mechanisms, ensuring that threats are not only identified quickly but are also addressed before significant damage can occur.
Onchain Response
Onchain response involves taking immediate actions to mitigate risks or threats that have been identified onchain. These actions may include halting suspicious transactions, freezing compromised assets, or notifying security teams, all aimed at containing potential damage.
Onchain Threat Protection
A feature of ODR systems that refers to their ability to provide continuous monitoring of contracts, tokens, and unmanaged wallets.
Onchain Visibility
The ability to observe and analyze all activities and transactions occurring within a blockchain ecosystem in real-time.
Signing Interface
A Signing Interface is an application on a user's computer or mobile device that facilitates secure interactions between the device and a hardware wallet.
Smart Contract Exploit
A type of onchain threat that refers to the exploitation of a vulnerability within a smart contract, which allows an attacker to manipulate the contract’s logic to steal funds or achieve an unauthorized outcome.
Smart Contract Monitoring
The continuous tracking and analysis of smart contracts to ensure they operate as intended and do not under attack by malicious exploits.
Transaction Simulation
The process of running a blockchain transaction in a virtual environment (before it is actually executed onchain) in order to predict its outcome, allowing users to see if there are any issues or unintended consequences beforehand.
Transaction Validation
The process of verifying that a transaction is safe and legitimate before it is executed onchain. This involves checking the transaction for signs of malicious intent, unauthorized asset movment, or interactions with known compromised entities.
Wallet Drainer
A malicious dApp designed to deceive users into signing malicious transactions that steal all of their assets (native currency, such as ETH, as well as onchain assets, like tokens and NFTs).
