Smart Contract Security Tips. Ethereum devcon2 Sep Joseph Chow

Similar documents
Lecture 10. A2 - will post tonight - due in two weeks

Securify: Practical Security Analysis of Smart Contracts

ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection *#

Smart!= Secure - Breaking Ethereum Smart Contracts. Elliot Ward & Jake Humphries

a new cryptocurrency STK GLOBAL PAYMENTS USER GUIDE USER GUIDE: PARTICIPATING IN IN STK STK TOKEN TOKEN SALE USING SALE MYETHERWALLET

Table of contents. Abstract. Disclaimer. Scope. Procedure. AS-IS overview. Audit overview. Conclusion. Appendix A. Automated tools reports 12

Gnosis Safe Documentation. Gnosis

A Concurrent Perspective on Smart Contracts. 1st Workshop on Trusted Smart Contracts

FXY TOKEN SMART CONTRACT AUDIT RESULTS FOR FIXY NETWORK LTD

scompile: Critical Path Identification and Analysis for Smart Contracts

Security Audit of FuzeX Smart Contract This report is public. ChainSecurity Ltd. January 11, 2018

A Semantic Framework for the Security Analysis of Ethereum smart contracts

For further information about the GRID token sale, please visit gridplus.io/token-sale.

OW TO PARTICIPAT HOW TO PARTICIPATE

COEN 241 Term Project. A Blockchain-based Cloud Service

Ethereum. Smart Contracts Programming Model

kasko2go Token Contract Audit

Christian Rossow CISPA, Saarland University, Saarland Informatics Campus. Johannes Krupp CISPA, Saarland University, Saarland Informatics Campus

ZILLIQA / ZILIKƏ/ NEXT GEN HIGH-THROUGHPUT BLOCKCHAIN PLATFORM DONG XINSHU, CEO JIA YAOQI, BLOCKCHAIN ZILLIQA.

BLOCKCHAIN CADEC Pär Wenåker & Peter Larsson

SECURITY AUDIT REPORT

Formal Verification of Smart Contracts: Short Paper

Smart Contract Vulnerabilities The most interesting transactions on the Ethereum network

How to buy LIVE Token with Ethereum and Bitcoin step by step

Implementing and Mechanically Verifying Smart Contracts

POA Bridge. Security Assessment. Cris Neckar SECUREWARE.IO

Guide on NAS Token Swap via NAS nano Wallet

FanChain Contract Audit

Defining the Ethereum Virtual Machine for Interactive Theorem Provers

Ethereum: 30 Tips & Tricks

QIIBEE Security Audit

Page Total

CS 251: Bitcoin and Crypto Currencies Fall 2015

GENESIS VISION NETWORK

John Coggeshall Copyright 2006, Zend Technologies Inc.

Blockchains: new home for proven-correct software. Paris, Yoichi Hirai formal verification engineer, the Ethereum Foundation

Introduction to Blockchain

Verifiable Computation in Smart Contracts

Blockchain-enabled peer-to-peer marketplaces

KnownOrigin.io. Be Original. Buy Original. executive summary v0.4. KnownOrigin.io

C and C++ Secure Coding 4-day course. Syllabus

Porosity Decompiling Ethereum Smart-Contracts. Matt Suiche Founder, Comae Technologies

Verification & Validation of Open Source

The promise and peril of smart contracts

Ethereum Computation Market Documentation

CS 251: Bitcoin and Cryptocurrencies Fall 2016

Learn Blockchain Programming. Ali Dorri

Declarative Static Analysis of Smart Contracts

Oyente: Making Smart Contracts Smarter

Specifying the Ethereum Virtual Machine for Theorem Provers

SmartDec icumulate.io Smart Contracts Security Analysis

Wanchain Hackathon Handbook San Jose

OpenbankIT: a banking platform for e- money management based on blockchain technology

Abstraction: Distributed Ledger

Token sale is live now

TOKEN SWAP FAQ. For action before July 23, 2018.

Bob s Repair Contract Audit

TOKENSALE PARTICIPATION GUIDE

Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach

SHERWOOD STATE BANK POPMONEY GUIDE

CS 161 Computer Security

NEW TOKEN SWAP INSTRUCTIONS For action after July 23, 2018.

BLOCKCHAIN Blockchains and Transactions Part II A Deeper Dive

Building Applications on the Ethereum Blockchain

Fortify Security Report. Sep 30, 2010 Aleks

Erays: Reverse Engineering Ethereum s Opaque Smart Contracts

Fighting Phishing I: Get phish or die tryin.

CLN CLN TOKEN SALE. How to Participate Using MyEtherWallter

ISSUSE AND FEATURES TO CONSIDER WHEN SELECTING A BLOCKCHAIN SYSTEM. Find us at

Train employees to avoid inadvertent cyber security breaches

The power of Blockchain: Smart Contracts. Foteini Baldimtsi

A living programming environment for a living blockchain

NET 311 INFORMATION SECURITY

Android Security Research: Crypto Wallet Local Storage Attack

Active Planning Committee John Lindsay, Patent Attorney Tony Schuman, Investment Advisor Todd Russell, Gov t Contract Opportunities

Security Now. Howard Verne. Is My Private Information Safe?

Technical Overview. Version: 1.0 Date:

TABLE OF CONTENTS 1.0 TOKEN SALE SUMMARY INTRODUCTION HOW TO BUY LION HOW TO BUY LION WITH METAMASK

Upgrading Bitcoin: Segregated Witness. Dr. Johnson Lau Bitcoin Core Contributor Co-author of Segregated Witness BIPs March-2016

Guide to a Successful Wanchain Token Contribution

Porosity. Decompiling Ethereum Smart-Contracts. Matt Suiche Founder, Comae Technologies Tel Aviv (BLUEHATIL) 23 January, 2018

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s

Connecting to Mimecast

Unblockable Chains. Is Blockchain the ultimate malicious infrastructure? Omer Zohar

MYETHERWALLET GUIDE 1

Technical Analysis of Established Blockchain Systems

lifeid Foundation FAQ v.1

Sharding. Making blockchains scalable, decentralized and secure.

To schedule a unique to the entire team: Click Communications Click Schedule

An Analysis of Atomic Swaps on and between Ethereum Blockchains Research Project I

Introduction to Security. Computer Networks Term A15

Previous Name: D3. Fourth Estate. A secure, decentralized news data storing and sharing solution for journalists

Security issues. Unit 27 Web Server Scripting Extended Diploma in ICT 2016 Lecture: Phil Smith

Frauds & Scams. Why is the Internet so attractive to scam artists? 2006 Internet Fraud Trends. Fake Checks. Nigerian Scam

Token Sale. Participation guide

Pillar Token Code Review

HowtobuyHUMToken. Table of Contents. Beforeproceedingwiththepurchase Pre-saleguideusingMyEtherWallet Pre-saleguideusingMetamask

A Hijacker's Guide to the LPC bus IAIK/EUROPKI2011/HIJACKER'S GUIDE 1

Porosity Decompiling Ethereum Smart-Contracts. Matt Suiche Founder, Comae Technologies

Transcription:

Smart Contract Security Tips Ethereum devcon2 Sep 20 2016 - Joseph Chow

One line of code spurred a series of momentous events in blockchain history June 12 2016

Community resource: for the community, by the community https://github.com/consensys/smart-contract-best-practices https://github.com/ethereum/wiki/wiki/safety Feel free to edit the wiki or submit a pull request, for anything: Fix a typo, or example Add a link to a community blog post (even your own), or other related security info Write a new section

General Philosophy Prepare for failure This is not defeat, but admitting unknown unknowns Roll out carefully A production system needs baking time in production Testnets, beta on mainnet, then production mainnet Keep contracts simple Stay up to date Bibliography at https://github.com/consensys/smart-contract-best-practices and https://github.com/ethereum/wiki/wiki/safety Includes community bloggers, Twitter, Reddit... Be aware of blockchain properties

Prepare for failure example (from SingularDTV) uint fundbalance; function checkinvariants() constant internal { if (this.balance < fundbalance) throw; function emergencycall() external noether { if (this.balance < fundbalance) { if (this.balance > 0 && workshop.send(this.balance)) { throw;

External Calls Avoid calls to untrusted contracts as much as you can Untrusted basically means a contract you ve not written Assume untrusted contracts are malicious Avoid untrustedcontract.dosomething() Avoid address.call() Avoid address.delegatecall(), address.callcode() After any untrusted call, assume that the state of your contract has been manipulated

External Calls - Example contract Victim { // state int x = 2; uint private y = 1; function foo() { x--; msg.sender.call.value(10)(); // x, y is now unknown function g() { x++; function h() internal { y++; function bar() { if (x%2 == 0) h(); recursive reentrancy reentrancy contract Untrusted { function() { // fallback function v = Victim(msg.sender); v.foo(); v.g(); v.bar();

function Use send(), avoid call.value()() // good if(!someaddress.send(100)) {... // Some failure code // bad if(!someaddress.call.value(100)()) {... // Some failure code send() is safe because attacker only gets 2,300 gas: only enough to log an event call.value()() passes along virtually all gas to the attacker s fallback

Handle errors in raw calls Raw calls do not progagate exceptions address.send(), address.call(), (delegatecall and callcode) return false if they fail Unlike ExternalContract(address).doSomething() which will throw if dosomething() throws // good if(!someaddress.send(100)) {... // Some failure code // bad someaddress.send(100); // an unchecked send

Keep fallback functions simple Receiving Ether from a.send(), fallback function only gets 2,300 gas: can only log an event function() { LogDepositReceived(msg.sender); Use a proper function if more gas is required function deposit() external { balances[msg.sender] += msg.value; // bad, uses more than 2,300 gas. Breaks senders that use send() instead of call.value()() function() { balances[msg.sender] += msg.value;

Call Depth Attack Any call (even a fully trusted and correct one) can be made to fail The EVM CALL (and CREATE) stack has a maximum depth of 1024 Attacker can make recursive calls to depth 1023, then call your function and all of its subcalls will fail // INSECURE mapping(address => uint) refunds; function withdrawrefund(address recipient) { uint refund = refunds[recipient]; refunds[recipient] = 0; recipient.send(refund); // this line is vulnerable to a call depth attack A solution is for msg.sender to pull their refund instead of a contract push to the recipient

More information "Pull" over "push" for external calls (and payments) Denial of Service against contracts Reentrancy and race conditions, and many more https://github.com/consensys/smart-contract-best-practices https://github.com/ethereum/wiki/wiki/safety Feel free to edit the wiki or submit a pull request, for anything: Fix a typo, or example Add a link to a community blog post (even your own), or other related security info Write a new section

Conclusion Prepare for failure Roll out carefully Keep contracts simple Calling untrusted code is always dangerous A security resource of the community, by the community, for the community https://github.com/consensys/smart-contract-best-practices https://github.com/ethereum/wiki/wiki/safety

License: Apache 2.0 http://www.apache.org/licenses/license-2.0

Appendix

Denial of Service Unexpected throw; the block gas limit; unbounded arrays; misunderstanding gas refunds. // INSECURE contract Auction { address currentleader; uint highestbid; function bid() { if (msg.value <= highestbid) { throw; if (!currentleader.send(highestbid)) { throw; // Refund the old leader, and throw if it fails currentleader = msg.sender; highestbid = msg.value; A currentleader that refuses payment will permanently be the leader. Throw can t be removed otherwise Call Depth Attack. Solution: favor pull over push

Favor pull over push for external calls // good contract auction { address highestbidder; uint highestbid; mapping(address => uint) refunds; function bid() external { if (msg.value < highestbid) throw; if (highestbidder!= 0) { refunds[highestbidder] += highestbid; // record the refund that this user can claim function withdrawrefund() external { uint refund = refunds[msg.sender]; refunds[msg.sender] = 0; if (!msg.sender.send(refund)) { refunds[msg.sender] = refund; // reverting state because send failed highestbidder = msg.sender; highestbid = msg.value;

Smart Contract Security before TheDAO

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback