Blockchain Developer Blockchain Security Principles Questions and Answers

Question 1

A smart contract is designed to manage roles for a decentralized application, including 'admin' and 'user'.
The contract owner should be able to grant and revoke these roles.
Following the Principle of Least Privilege, which access control design pattern is most appropriate for this scenario?

Accepted Answer

Role-Based Access Control (RBAC) with distinct roles and permissions.

Answer

A single 'onlyOwner' modifier for all administrative functions.

Answer

Making all role management functions 'public' for transparency.

Answer

A timelock mechanism delaying every function call.

Question 2

Which of the following cryptographic principles is most fundamental to ensuring that once a transaction is recorded on the blockchain, it cannot be altered or deleted, thus providing a tamper-proof ledger?

Accepted Answer

Immutability through Cryptographic Hashing

Answer

Symmetric Encryption

Answer

Zero-Knowledge Proofs

Answer

Digital Signatures

Question 3

A developer is building a DeFi lending protocol. A user discovers they can execute a flash loan from another protocol to artificially inflate their collateral balance, borrow assets, and then repay the flash loan within the same transaction, leaving the lending protocol with a bad debt. This exploit is a form of which type of attack?

Accepted Answer

Cross-Function Reentrancy Attack

Answer

Sybil Attack

Answer

51% Attack

Answer

Oracle Manipulation Attack

Question 4

What is the primary security risk associated with using `block.timestamp` as the sole factor for executing critical logic in a smart contract, such as determining the winner of a game?

Accepted Answer

The timestamp can be slightly manipulated by miners.

Answer

It is computationally expensive to read `block.timestamp`.

Answer

The timestamp is not available on private blockchains.

Answer

It can cause integer overflow errors.

Question 5

A decentralized identity system built on a blockchain allows users to control their own personal data without relying on a central authority. Which principle does this most directly enhance for the user?

Accepted Answer

Data sovereignty and privacy

Answer

Network decentralization

Answer

Absolute immutability

Answer

Consensus mechanism efficiency

Question 6

An attacker repeatedly creates a large number of pseudonymous nodes or identities on a peer-to-peer network to gain a disproportionately large influence and undermine the network's authority or consensus. What is this type of attack called?

Accepted Answer

Sybil Attack

Answer

Eclipse Attack

Answer

Timejacking Attack

Answer

Routing Attack

A smart contract is designed to manage roles for a decentralized application, including 'admin' and 'user'.The contract owner should be able to grant and revoke these roles.Following the Principle of Least Privilege, which access control design pattern is most appropriate for this scenario?

A smart contract is designed to manage roles for a decentralized application, including 'admin' and 'user'.
The contract owner should be able to grant and revoke these roles.
Following the Principle of Least Privilege, which access control design pattern is most appropriate for this scenario?