Outsmarting Smart An essential walkthrough a blockchain security
Outsmarting Smart An essential walkthrough a blockchain security Contracts minefields Damian Rusinek (Secu. Ring)
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) Blockchain and smart contracts are secure… Ethereum. org
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) …or is it? https: // breac www. coin desk. c h/ o https: //w theft/ m/30 -millio n-etherio ill -m 60 ser-rep ad le ede-issu co dke ac orted tt -a ao /d m co k. es nd -st oi ww. c olen-p arity-w ed-to- allet- llow inbase-a o c in y ilit erab y m to-econo p y r. c w w https: //w ereum/ h t extract-e -vuln detected / n e / t e. n https: //www. trustnodes. com/2017/1 million-eth-f 1/07/ethere rozen ums-p arity-hacked -half-
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) How come blockchains and smart contracts have such serious security flaws when they are so highly secured? Damian Rusinek Security Researcher & Pentester @drdr_zz damianrusinek @ github Assistant Professor
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) How I could steal tokens (worth thousands of $) from crypto exchange.
EPISODE I Blockchain 101
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) What is blockchain? Distributed D U Unmodifiable D Database E Engine
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) Do I need blockchain? But really? NO Single point of failure? NO Single point of authority? No NO Modifiable data?
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) The analogy Tor Blockchain Private Communication Unmodifiable Storage
EPISODE II SMART CONTRACTS
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) Executable file Smart contract
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) Ethereum platform „Ethereum is literally a computer that Ethereum White Paper spans the entire world. ”
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) Why smart contracts? • No single authority • Trustless • Allows public verification What program could we run as smart contract? • e. Voting • Assets Management (transferring ownership)
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) How to verify the contract? https: //etherscan. io
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) How to execute smart contract? 0 x 2 b 30 ea 3 a 00000000000000000000000000000000
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) How to verify the execution?
EPISODE III SMART CONTRACTS SECURITY Mine no. 1 - All your data is public
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) All your data is public Variables
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) All your data is public Variables No v e l b a i r oters va
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) All your data is public Preview votes in transactions.
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) All your data is public Functions • Public functions can be executed by anyone. • Can anyone execute malicious. Function 2() ? Functions are public by default!
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) Parity Hack worth 30 mln $ Public function which changes the owner. The race! 30 mln $ 80 mln $ worth today https: //www. coindesk. com/30 -million-ether-reported-stolen-parity-wallet-breach/ 90 mln $ 240 mln $
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) Mine no. 1 - Lessons learned • Set visibility type to all functions. • Do not keep secret data as plaintext in smart contract. • Examples: • • Rock Paper Scissors Blind Auctions • Use blind commitments. Hash of Value Real Value Store Verify
EPISODE III SMART CONTRACTS SECURITY Mine no. 2 - Smart contract is a program
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) Integer Overflow • Ethereum Tokens – your own cryptocurrency on Ethereum. • The attack: empty victim’s wallet.
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) Integer Overflow • Balances: • • Victim -> (MAXUINT-9) tokens (e. g. founder of contract). Attacker -> 10 tokens. • Attacker transfers 10 tokens to victim. • Both have zero tokens.
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) Insecure libraries
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) Mine no. 2 - Lessons learned • Use open source libraries to handle typical errors (e. g. Safe. Math for overflows). • Write tests for boundary conditions. • Verify the correctness and test libraries that you plan to use.
EPISODE III SMART CONTRACTS SECURITY Mine no. 3 - Smart contracts have limitations
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) Gas Limit • All transactions are given some gas. • All operations cost some gas. • Transaction is rejected if gas limit is exceeded. • The idea: to prevent infinite loops. • The attack: Do. S the contract.
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) Gas Limit – Do. S on auction contract Further bids are blocked. Auction 2 41 ETH 3 BID H T E 3 BID 0 WINNER! 10 100 2 0 1 3 ETH H T 123 EETURN R 50
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) Mine no. 3 - Lessons learned • Learn the limitations of Ethereum (gas, randomness, etc. ). • Learn the way of handling these limitations. • Write tests for handling limitations.
EPISODE III SMART CONTRACTS SECURITY Mine no. 4 - Smart contracts have specific vulns
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) Re-entrancy • Unintended recurrence in smart contracts. withdraw. Balance send Ether withdraw. Balance Any ideas for mailicious call. value recurrence? withdraw. Balance
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) How to test smart contracts? Online tools • Remix • Securify • Smart. Check Offline tools • Solhint • Oyente • Myhtril Best practices • Consen. Sys • DASP
EPISODE IV SMART CONTRACTS INTEGRATION
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) Popular webapps integrated with smart contracts • Online wallets • Crypto exchanges • Games • ICOs Attack webapp and generate malicious transaction. Let’s steal some tokens from the exchange.
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) Typical withdrawal transaction Receiver address 50 GTN Function Address Parameter Value Parameter
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) Not a bug, it’s a feature Function Address o o t h t do wi Value m u e r e Let’s use too short address. th E s e do t ? a a h t a W d t u ! p s n o i r t e z h t shor Function i w address Value Modified address Pads Short 000
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) A little misunderstanding 00000000000000000 Func Short address Func Padded address Value Shifted (padded) value What user tried to do: What Ethereum understood: Send 2399. 99 GNT to the 0 x 79735 address. Send approx. 2 * 1045 GNT to the 0 x 079735000000000000000 address.
Outsmarting Smart Contracts Author Rusinek name her(Secu. Ring) Damian How to attack exchange? • Deposit 1 Ethereum Token. • Generate Ethereum address with zero-byte suffix (a matter of seconds). • Withdraw 1 Ethereum Token and send address without last byte. How many would I receive? • Receive 256 tokens Ethereum Tokens.
Outsmarting Smart Contracts Author Rusinek name her(Secu. Ring) Damian How I have stolen tokens from exchange? 00 Func Short address Func Padded address Value Shifted (padded) value • Deposited 0. 47 GTN • Withdrew approx. 120 GTN (256 times more)
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) Let’s report the vulnerability • • But to whom? No information about the owner on exchange website! Be like Sherlock and find him. Time is running!
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) That is general problem • How to responsibly disclosure the vulnerability in smart contract? • How to inform the owner of smart contract? • Would you steal crypto and the look for the owner? Send him an encrypted message kept on Ethereum.
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) My idea Responsible Disclosure Ethereum Messenger Online: https: //securing. github. io/eth-rd-messenger Git. Hub: https: //github. com/securing/eth-rd-messenger This tool is used to: • send a secret message to the owner of a personal or contract Ethereum address, encypted with its owner ECC public key, • decrypt the message sent to the personal address or contract's owner.
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring)
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) Vulnerabilities Similar to classic programs Specific for smart contracts • Overflows and underflows • Unauthorized access to functions • Insecure libraries • Business logic vulns • Related to Ethereum limitations (gas limit, randomness, etc. ) • Re-entrancy • and more
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) Top 10 recommendations 1. Remember that all data is public in blockchain. 2. Do not keep secret data as plaintext in smart contract. 3. Use blind commitments. 4. Set visibility type to all functions. 5. Learn the limitations of Ethereum and how to handle them. 6. Write tests for handling limitations and for boundary conditions. 7. Verify the libraries than you plan to use. 8. Use the best security practices. 9. Consider threats from apps integrating with blockchain. 10. Test your contracts and blockchain applications.
Outsmarting Smart Contracts Damian Rusinek (Secu. Ring) Thank Any you! questions? Damian Rusinek damian. rusinek@securing. pl drdr_zz
- Slides: 49