{%hackmd @B084020005/dark_theme_template %} # 2024_fintech_midterm_2 ## Security ### 1. What is 51% attack? A: 51% attack occurs when a single entity or group gains control of more than 50% of a blockchain network's mining hash rate or computational power. This majority control allows the attacker to manipulate the blockchain, such as double-spending coins and preventing new transactions from being confirmed. It undermines the integrity and security of the decentralized system. ### 2. What is the purpose of smart contract auditing and its procedure? The purpose of smart contract auditing is to ensure the security, functionality, and correctness of smart contracts by identifying vulnerabilities and coding errors. The procedure typically involves a detailed review of the smart contract code by security experts, automated analysis tools to detect common issues, and manual testing to verify the contract's behavior under various conditions. The final step is providing a comprehensive report with findings and recommendations for improvements. ### 3. What is the difference between verified and unverified smart contract? A verified smart contract has its source code publicly available and matches the deployed bytecode on the blockchain, allowing anyone to review and audit its functionality. An unverified smart contract lacks publicly accessible source code or its provided code does not match the deployed bytecode, making it opaque and harder to trust. Verification increases transparency and trust, while unverified contracts pose higher risks due to potential hidden vulnerabilities. ### 4. What is reentrancy attack and examples of such vulnerability? How to mitigate the risk of potential exploit? A reentrancy attack occurs when a malicious contract repeatedly calls back into the vulnerable contract before the initial execution is completed, potentially draining funds. An example is the infamous DAO hack on Ethereum, where the attacker exploited reentrancy to siphon off funds. To mitigate this risk, use the checks-effects-interactions pattern, employ reentrancy guards, and carefully manage external calls and state changes within the smart contract. ### 5. What is poisoning address and related phishing attack? A poisoning address attack involves sending small amounts of cryptocurrency to a target address, often mimicking a legitimate address, to confuse and deceive users into sending funds to the attacker's address in future transactions. Related phishing attacks occur when attackers trick users into revealing their private keys or sensitive information by masquerading as a trustworthy entity. To prevent these attacks, users should always double-check addresses and avoid sharing sensitive information. ## Risk Management / Traditional Finance ### 1. What is risk management and its fundamental principle? Risk management involves identifying, assessing, and prioritizing risks followed by coordinated efforts to minimize, monitor, and control the probability or impact of adverse events. Its fundamental principle is to reduce the potential negative effects of risks while maximizing opportunities, ensuring that the organization can achieve its objectives with minimal disruptions. Effective risk management requires a systematic approach, continuous monitoring, and the implementation of appropriate risk mitigation strategies.  ### 2. What is the formula for Kullback-Leibler divergence? How does it operate, and what is the underlying rationale? The formula for Kullback-Leibler (KL) divergence \\(D_{KL}(P \parallel Q)\\) between two probability distributions \\( P \\) and \\( Q \\) is: \\[ D_{KL}(P \parallel Q) = \sum_{x \in X} P(x) \log \frac{P(x)}{Q(x)} \\] or, in the continuous case, \\[ D_{KL}(P \parallel Q) = \int_{-\infty}^{\infty} p(x) \log \frac{p(x)}{q(x)} \, dx \\] where \\( P(x) \\) and \\( Q(x) \\) (or \\( p(x) \\) and \\( q(x) \\) in the continuous case) are the probability densities of \\( P \\) and \\( Q \\), respectively. KL divergence measures how one probability distribution diverges from a second, reference probability distribution. It operates by calculating the expectation of the logarithmic difference between the probabilities assigned by the two distributions, weighted by the probabilities of the first distribution. The underlying rationale is to quantify the information loss or the inefficiency introduced when approximating one distribution with another. ### 3. What is the Maximum Entropy Principle, and how is it analyzed, including the mechanism behind it? The Maximum Entropy Principle states that, among all possible probability distributions that satisfy given constraints, the one with the highest entropy is preferred. This principle ensures that no additional assumptions are made beyond the given information, leading to the most unbiased and least informative distribution consistent with the known data. To analyze and apply the Maximum Entropy Principle, follow these steps: 1. **Define the constraints:** Specify the known constraints, such as mean values or other moments of the distribution. 2. **Formulate the entropy function:** For a discrete distribution, entropy \( H(P) \) is defined as \( H(P) = -\sum_{x \in X} P(x) \log P(x) \). For a continuous distribution, it is \( H(p) = -\int p(x) \log p(x) \, dx \). 3. **Maximize the entropy function:** Use the method of Lagrange multipliers to maximize the entropy function subject to the given constraints. This involves setting up and solving the Lagrangian, which combines the entropy function and the constraints. The mechanism behind the Maximum Entropy Principle ensures that the chosen distribution incorporates only the specified constraints, avoiding any unwarranted assumptions. This results in the least biased estimate, reflecting the true state of knowledge based on the given information.  ### 4. What is the VIX index, and what defines its nature? The VIX index, also known as the Volatility Index or "Fear Gauge," measures the market's expectation of 30-day forward-looking volatility based on the implied volatilities of S&P 500 index options. The nature of the VIX is defined by its function as an indicator of market sentiment and investor uncertainty. A higher VIX value indicates greater expected volatility and, typically, increased investor fear or uncertainty about the future market direction. Conversely, a lower VIX value suggests lower expected volatility and a calmer market outlook. The VIX is widely used by traders and investors to gauge market risk and to inform decisions on hedging and speculative strategies.  ### 5. What are the effects following a Bitcoin halving event? Especially related to miner on the network? Following a Bitcoin halving event, the reward for mining new blocks is cut in half, reducing the rate at which new bitcoins are created. This has several effects: 1. **Reduced Miner Revenue:** Miners receive fewer bitcoins for their efforts, which can squeeze profit margins, particularly for those with higher operational costs. 2. **Potential Miner Attrition:** Some miners may find it unprofitable to continue mining and may exit the network, leading to a temporary decrease in the network's hash rate and possibly longer block times until difficulty adjusts. 3. **Increased Scarcity and Price Pressure:** Historically, halvings have been associated with increases in the price of Bitcoin due to reduced supply growth, which can offset reduced miner revenue if prices rise sufficiently. Overall, halving events aim to ensure Bitcoin's deflationary nature and are pivotal in the long-term supply dynamics of the cryptocurrency.