SlideShare a Scribd company logo

CONFidence 2018: Outsmarting smart contracts - an essential walkthrough a blockchain security minefields (Damian Rusinek)

PROIDEA, profile picture
PROIDEA

The document discusses the security flaws in blockchain and smart contracts despite their perceived safety. It highlights critical vulnerabilities, such as public data exposure, re-entrancy issues, and gas limit constraints, alongside providing best practices for securing smart contracts. Additionally, it emphasizes responsible disclosure of vulnerabilities and ways to communicate securely with contract owners.

Technology
Related topics:
IT Security
1 of 69
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
Outsmarting Smart Contracts Damian Rusinek CONFidence, 5th of June 2018 damian.rusinek@securing.pl @drdr_zz
drdr_zz Blockchain and smart contracts are secure… Ethereum.org https://www.coindesk.com/blockchains-personal-data-protection-regulations-explained/
drdr_zz …or is it?
Damian Rusinek @drdr_zz damianrusinek @ github Security Researcher & Pentester Assistant Professor How come blockchains and smart contracts have such serious security flaws when they are so highly secured?
drdr_zz How I could steal tokens (worth thousands of $) from crypto exchange.
drdr_zz BLOCKCHAIN 101
drdr_zz Blockchain 101 D U D E Distributed Unmodifiable Database Engine
drdr_zz Do I need blockchain? Do I need blockchain? No Single point of failure? NO Single point of authority? NO But really? Modifiable data? NO
drdr_zz The analogy Tor Private Communication Blockchain Unmodifiable Storage
drdr_zz The analogy Tor Private Communication Blockchain Unmodifiable Storage
drdr_zz EPISODE I – SMART CONTRACTS
drdr_zz Executable Smart contract
drdr_zz Ethereum „Ethereum is literally a computer that spans the entire world.” Ethereum White Paper
drdr_zz What program could we run as smart contract? • eVoting • Assets Management (transfering ownership) Why smart contracts? • No single authority • Trustless • Allows public verification
drdr_zz How to verify the contract? https://etherscan.io
drdr_zz How to execute smart contract? 0x2b30ea3a000000000000000000000000000 0000000000000000000000000000000000000
drdr_zz How to verify the execution?
drdr_zz - EPISODE II – SMART CONTRACTS SECURITY Fact I - All your data is public
drdr_zz Fact I – All your data is public Variables
drdr_zz Fact I – All your data is public Variables
drdr_zz Fact I – All your data is public Preview votes in transactions.
drdr_zz Fact I – All your data is public Functions • Public functions can be executed by anyone. • Can anyone execute maliciousFunction2() ?
drdr_zz Fact I – All your data is public Functions • Public functions can be executed by anyone. • Can anyone execute maliciousFunction2() ? Functions are public by default!
drdr_zz • Public function which changes the owner. Parity Hack worth 30 mln $ https://www.coindesk.com/30-million-ether-reported-stolen-parity-wallet-breach/
drdr_zz • Public function which changes the owner. Parity Hack worth 30 mln $ https://www.coindesk.com/30-million-ether-reported-stolen-parity-wallet-breach/ The race! 30 mln $ 80 mln $ worth today 90 mln $ 240 mln $
drdr_zz • Set visibility type to all functions. • Do not keep secret data as plaintext in smart contract. • Examples: • Rock Paper Scissors • Blind Auctions • Use blind commitments. Fact I – All your data is public Hash of Value Real Value
drdr_zz - EPISODE II – SMART CONTRACTS SECURITY Fact II - Smart contract is a program
drdr_zz Fact II – Smart contract is a program Integer Overflow • Ethereum Tokens – your own cryptocurrency on Ethereum. The attack: empty victim’s wallet.
drdr_zz Fact II – Smart contract is a program Integer Overflow 1. Balances: • Victim -> (MAXUINT-9) tokens (e.g. founder of contract). • Attacker -> 10 tokens. 2. Attacker transfers 10 tokens to victim. 3. Both have zero tokens.
drdr_zz Fact II – Smart contract is a program Insecure libraries
drdr_zz Fact II – Smart contract is a program Insecure libraries • Delete library used by mln $ worth contracts.
drdr_zz Fact II – Smart contract is a program Insecure libraries • Delete library used by mln $ worth contracts. https://www.trustnodes.com/2017/11/07/ether eums-parity-hacked-half-million-eth-frozen
drdr_zz • Use open source libraries that handle typical errors (e.g. SafeMath for overflows). • Write tests for boundary conditions. • Verify the correctness and test libraries that you plan to use. Fact II - Smart contract is a program
drdr_zz - EPISODE II – SMART CONTRACTS SECURITY Fact III - Smart contracts have limitations
drdr_zz Fact III – Smart contracts have limitations Gas Limit • All transactions are given some gas. • All operations cost some gas. • Transaction is rejected if gas limit is exceded.
drdr_zz Fact III – Smart contracts have limitations Gas Limit • All transactions are given some gas. • All operations cost some gas. • Transaction is rejected if gas limit is exceded.
drdr_zz Fact III – Smart contracts have limitations Gas Limit • All transactions are given some gas. • All operations cost some gas. • Transaction is rejected if gas limit is exceded.
drdr_zz Fact III – Smart contracts have limitations Gas Limit • All transactions are given some gas. • All operations cost some gas. • Transaction is rejected if gas limit is exceded.
drdr_zz Fact III – Smart contracts have limitations Gas Limit • All transactions are given some gas. • All operations cost some gas. • Transaction is rejected if gas limit is exceded. The attack: DoS the contract. The idea: to prevent infinite loops.
drdr_zz Fact III – Smart contracts have limitations Gas Limit – DoS on auction contract BID Auction 0 ETH 1 ETH BIDBID 100
drdr_zz Fact III – Smart contracts have limitations Gas Limit – DoS on auction contract BID Auction 2 ETH BID 2 ETH BIDBID 100
drdr_zz Fact III – Smart contracts have limitations Gas Limit – DoS on auction contract BID Auction 3 ETH 3 ETH BIDBIDBID 100
drdr_zz Fact III – Smart contracts have limitations Gas Limit – DoS on auction contract BID Auction 3 ETH 4 ETH BIDBIDBID 100 Further bids are blocked.
drdr_zz Fact III – Smart contracts have limitations Gas Limit – DoS on auction contract Auction 3 ETH Further bids are blocked. WINNER!
drdr_zz • Learn the limitations of Ethereum (gas, randomness, etc.). • Learn the way of handling these limitations. • Write tests for handling limitations. Fact III - Smart contracts have limitations
drdr_zz - EPISODE II – SMART CONTRACTS SECURITY Fact IV - Smart contracts have specific vulns
drdr_zz Fact IV – Smart contracts have specific vulns Re-entrancy • Unintended recurrence in smart contracts. withdrawBalance
drdr_zz Fact IV – Smart contracts have specific vulns Re-entrancy • Unintended recurrence in smart contracts. withdrawBalance send Ether
drdr_zz Fact IV – Smart contracts have specific vulns Re-entrancy • Unintended recurrence in smart contracts. withdrawBalance send Ether
drdr_zz Fact IV – Smart contracts have specific vulns Re-entrancy • Unintended recurrence in smart contracts. withdrawBalance withdrawBalance withdrawBalance send Ether
drdr_zz Online • Remix • Securify • SmartCheck How to test smart contracts? Offline • Solhint • Oyente • Myhtril Best practices • ConsenSys
drdr_zz EPISODE II – SMART CONTRACTS INTEGRATION
drdr_zz • Online wallets • Crypto exchanges • Games • ICOs Popular webapps integrated with smart contracts Attack webapp and generate malicious transaction. Let’s steal some tokens from the exchange.
drdr_zz Typical withdrawal transaction 50 GTN Receiver address Function Address Parameter Value Parameter
drdr_zz Not a bug, it’s a feature Let’s use to short address. Function Address Value Function Short address ValueValue
drdr_zz Not a bug, it’s a feature Let’s use to short address. Function Address Value Function Short address ValueModified address Value
drdr_zz Not a bug, it’s a feature Let’s use to short address. Function Address Value Function Short address ValueModified address Value
drdr_zz Not a bug, it’s a feature Let’s use to short address. 000 Function Address Value Function Short address ValueModified address Value
drdr_zz A little misunderstanding What user tried to do: Send 2399.99 GNT to the 0x79735 address. What Ethereum understood: Send approx. 2 * 1045 GNT to the 0x079735000000000000000000000000 0000000000 address. 0000000000000000000000000000000000 Func Short address Value Func Padded address Shifted (padded) value
drdr_zz • Deposit 1 Ethereum Token. • Generate Ethereum address with zero-byte suffix (a matter of seconds). • Withdraw 1 Ethereum Token and send address without last byte. • Receive 256 Ethereum Tokens. How to attack exchange?
drdr_zz How I have stolen tokens from exchange? Func Short address Value Func Padded address Shifted (padded) value 00 • Deposited 0.47 GTN • Withdrew approx. 120 GTN (256 times more)
drdr_zz • But to whom? • No information about the owner on exchange website! • Be like Sherlock and find him. • Time is running! Let’s report the vulnerability
drdr_zz • How to responsibly disclosure the vulnerability in smart contract? • How to inform the owner of smart contract? • Would you steal crypto and the look for the owner? That is general problem Send him an encrypted message kept on Ethereum.
drdr_zz Responsible Disclosure Ethereum Messenger My idea Online: https://securing.github.io/eth-rd-messenger/ GitHub: https://github.com/securing/eth-rd-messenger This tool is used to: • send a secret message to the owner of a personal or contract Ethereum address, encypted with its owner ECC public key, • decrypt the message sent to the personal address or contract's owner.
drdr_zz DEMO https://www.youtube.com/watch?v= 8AmpXCJRwzQ&feature=youtu.be
drdr_zz Vulnerabilities Similar to classic programs • Overflows and underflows • Unauthorized access to functions • Insecure libraries • Business logic vulns Specific for smart contracts • Related to Ethereum limitations (gas limit, randomness, etc.) • Re-entrancy • and more
drdr_zz Top10 recommendations 1. Remember that all data is public in blockchain. 2. Do not keep secret data as plaintext in smart contract. 3. Use blind commitments. 4. Set visibility type to all functions. 5. Learn the limitations of Ethereum and how to handle them. 6. Write tests for handling limitations and for boundary conditions. 7. Verify the libraries than you plan to use. 8. Use the best security practices. 9. Consider threats from apps integrating with blockchain. 10. Test your contracts and blockchain applications.
drdr_zz Keep Calm And Hack Smart Contracts! SecuRing Smart Contracts Contest! Follow us on Twitter: @SecuRingPL @drdr_zz
Thank you! Damian Rusinek (@drdr_zz) damian.rusinek@securing.pl Questions?

More Related Content

PDF
OWASP Poland Day 2018 - Damian Rusinek - Outsmarting smart contracts
OWASP
 
DOC
DOCS ON NETWORK SECURITY
Tuhin_Das
 
PDF
Crypto hlug
fangjiafu
 
PDF
[ETHCon Korea 2019] Jung woohyun 정우현
ethconkr
 
PDF
[CONFidence 2016] Marco Ortisi - Recover a RSA private key from a TLS session...
PROIDEA
 
PDF
Ethereum Blockchain and DApps - Workshop at Software University
Open Source University
 
PDF
DEFCON 23 - Eijah - crypto for hackers
Felipe Prado
 
PDF
Cryptography For The Average Developer - Sunshine PHP
Anthony Ferrara
 
OWASP Poland Day 2018 - Damian Rusinek - Outsmarting smart contracts
OWASP
 
DOCS ON NETWORK SECURITY
Tuhin_Das
 
Crypto hlug
fangjiafu
 
[ETHCon Korea 2019] Jung woohyun 정우현
ethconkr
 
[CONFidence 2016] Marco Ortisi - Recover a RSA private key from a TLS session...
PROIDEA
 
Ethereum Blockchain and DApps - Workshop at Software University
Open Source University
 
DEFCON 23 - Eijah - crypto for hackers
Felipe Prado
 
Cryptography For The Average Developer - Sunshine PHP
Anthony Ferrara
 

What's hot (9)

PDF
Applied Cryptography
Marcelo Martins
 
PDF
OpenCard hack (projekt chameleon)
Tech4 Helper
 
PPTX
A research-oriented introduction to the cryptographic currencies (starting wi...
vpnmentor
 
PPSX
Cryptography
Askme.com
 
PPT
Rothke Info Security Canada 2007 Final
Ben Rothke
 
PDF
Cryptography in PHP: use cases
Enrico Zimuel
 
PDF
Cybercrime in the Deep Web (BHEU 2015)
Marco Balduzzi
 
PPTX
Basic concept of pki
Prabhat Goel
 
PDF
A Robust Cryptographic System using Neighborhood-Generated Keys
IJORCS
 
Applied Cryptography
Marcelo Martins
 
OpenCard hack (projekt chameleon)
Tech4 Helper
 
A research-oriented introduction to the cryptographic currencies (starting wi...
vpnmentor
 
Cryptography
Askme.com
 
Rothke Info Security Canada 2007 Final
Ben Rothke
 
Cryptography in PHP: use cases
Enrico Zimuel
 
Cybercrime in the Deep Web (BHEU 2015)
Marco Balduzzi
 
Basic concept of pki
Prabhat Goel
 
A Robust Cryptographic System using Neighborhood-Generated Keys
IJORCS
 
Ad

Similar to CONFidence 2018: Outsmarting smart contracts - an essential walkthrough a blockchain security minefields (Damian Rusinek) (20)

PDF
Outsmarting Smart Contracts - an essential walkthrough a blockchain security ...
SecuRing
 
PDF
Blockchain School 2019 - Security of Smart Contracts.pdf
Davide Carboni
 
PDF
Smart Contarct Vulnerabilities and Attack Prevention
prasannabhalerao22
 
PPTX
Kriptovaluták, hashbányászat és okoscicák
hackersuli
 
PDF
Sarwar sayeed , hector marco gisbert, tom caira ieee
IT Strategy Group
 
PPTX
Zoltán Balázs - Ethereum Smart Contract Hacking Explained like I’m Five
hacktivity
 
PPTX
Explain Ethereum smart contract hacking like i am a five
Zoltan Balazs
 
PDF
Security in the blockchain
Bellaj Badr
 
PDF
Security challenges in Ethereum smart contract programming
Sergei Tikhomirov
 
ODP
Stefano Maestri - Blockchain and smart contracts, what they are and why you s...
Codemotion
 
PPTX
Smart contract honeypots for profit (and fun) - bha
PolySwarm
 
PDF
Daniel Connelly Ethereum Smart Contract Master's Thesis
Daniel Connelly
 
PDF
Blockchain and smart contracts, what they are and why you should really care ...
maeste
 
PPTX
Ethereum
V C
 
PPTX
Best practices to build secure smart contracts
Gautam Anand
 
PPTX
Web3’s red pill: Smashing Web3 transaction simulations for fun and profit
Tal Be'ery
 
PDF
Security challenges in Ethereum smart contract programming (ver. 2)
Sergei Tikhomirov
 
PPTX
Blockchain for Developers
Shimi Bandiel
 
PDF
You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...
Priyanka Aash
 
PDF
“Create your own cryptocurrency in an hour” - Sandip Pandey
EIT Digital Alumni
 
Outsmarting Smart Contracts - an essential walkthrough a blockchain security ...
SecuRing
 
Blockchain School 2019 - Security of Smart Contracts.pdf
Davide Carboni
 
Smart Contarct Vulnerabilities and Attack Prevention
prasannabhalerao22
 
Kriptovaluták, hashbányászat és okoscicák
hackersuli
 
Sarwar sayeed , hector marco gisbert, tom caira ieee
IT Strategy Group
 
Zoltán Balázs - Ethereum Smart Contract Hacking Explained like I’m Five
hacktivity
 
Explain Ethereum smart contract hacking like i am a five
Zoltan Balazs
 
Security in the blockchain
Bellaj Badr
 
Security challenges in Ethereum smart contract programming
Sergei Tikhomirov
 
Stefano Maestri - Blockchain and smart contracts, what they are and why you s...
Codemotion
 
Smart contract honeypots for profit (and fun) - bha
PolySwarm
 
Daniel Connelly Ethereum Smart Contract Master's Thesis
Daniel Connelly
 
Blockchain and smart contracts, what they are and why you should really care ...
maeste
 
Ethereum
V C
 
Best practices to build secure smart contracts
Gautam Anand
 
Web3’s red pill: Smashing Web3 transaction simulations for fun and profit
Tal Be'ery
 
Security challenges in Ethereum smart contract programming (ver. 2)
Sergei Tikhomirov
 
Blockchain for Developers
Shimi Bandiel
 
You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...
Priyanka Aash
 
“Create your own cryptocurrency in an hour” - Sandip Pandey
EIT Digital Alumni
 
Ad

Recently uploaded (20)

PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PPTX
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PDF
August Patch Tuesday
Ivanti
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Encapsulation theory and applications.pdf
gurumoop
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
A Presentation on Artificial Intelligence
memembruh336
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
August Patch Tuesday
Ivanti
 

CONFidence 2018: Outsmarting smart contracts - an essential walkthrough a blockchain security minefields (Damian Rusinek)

  • 1. Outsmarting Smart Contracts Damian Rusinek CONFidence, 5th of June 2018 damian.rusinek@securing.pl @drdr_zz
  • 2. drdr_zz Blockchain and smart contracts are secure… Ethereum.org https://www.coindesk.com/blockchains-personal-data-protection-regulations-explained/
  • 4. Damian Rusinek @drdr_zz damianrusinek @ github Security Researcher & Pentester Assistant Professor How come blockchains and smart contracts have such serious security flaws when they are so highly secured?
  • 5. drdr_zz How I could steal tokens (worth thousands of $) from crypto exchange.
  • 8. drdr_zz Do I need blockchain? Do I need blockchain? No Single point of failure? NO Single point of authority? NO But really? Modifiable data? NO
  • 11. drdr_zz EPISODE I – SMART CONTRACTS
  • 13. drdr_zz Ethereum „Ethereum is literally a computer that spans the entire world.” Ethereum White Paper
  • 14. drdr_zz What program could we run as smart contract? • eVoting • Assets Management (transfering ownership) Why smart contracts? • No single authority • Trustless • Allows public verification
  • 15. drdr_zz How to verify the contract? https://etherscan.io
  • 16. drdr_zz How to execute smart contract? 0x2b30ea3a000000000000000000000000000 0000000000000000000000000000000000000
  • 17. drdr_zz How to verify the execution?
  • 18. drdr_zz - EPISODE II – SMART CONTRACTS SECURITY Fact I - All your data is public
  • 19. drdr_zz Fact I – All your data is public Variables
  • 20. drdr_zz Fact I – All your data is public Variables
  • 21. drdr_zz Fact I – All your data is public Preview votes in transactions.
  • 22. drdr_zz Fact I – All your data is public Functions • Public functions can be executed by anyone. • Can anyone execute maliciousFunction2() ?
  • 23. drdr_zz Fact I – All your data is public Functions • Public functions can be executed by anyone. • Can anyone execute maliciousFunction2() ? Functions are public by default!
  • 24. drdr_zz • Public function which changes the owner. Parity Hack worth 30 mln $ https://www.coindesk.com/30-million-ether-reported-stolen-parity-wallet-breach/
  • 25. drdr_zz • Public function which changes the owner. Parity Hack worth 30 mln $ https://www.coindesk.com/30-million-ether-reported-stolen-parity-wallet-breach/ The race! 30 mln $ 80 mln $ worth today 90 mln $ 240 mln $
  • 26. drdr_zz • Set visibility type to all functions. • Do not keep secret data as plaintext in smart contract. • Examples: • Rock Paper Scissors • Blind Auctions • Use blind commitments. Fact I – All your data is public Hash of Value Real Value
  • 27. drdr_zz - EPISODE II – SMART CONTRACTS SECURITY Fact II - Smart contract is a program
  • 28. drdr_zz Fact II – Smart contract is a program Integer Overflow • Ethereum Tokens – your own cryptocurrency on Ethereum. The attack: empty victim’s wallet.
  • 29. drdr_zz Fact II – Smart contract is a program Integer Overflow 1. Balances: • Victim -> (MAXUINT-9) tokens (e.g. founder of contract). • Attacker -> 10 tokens. 2. Attacker transfers 10 tokens to victim. 3. Both have zero tokens.
  • 30. drdr_zz Fact II – Smart contract is a program Insecure libraries
  • 31. drdr_zz Fact II – Smart contract is a program Insecure libraries • Delete library used by mln $ worth contracts.
  • 32. drdr_zz Fact II – Smart contract is a program Insecure libraries • Delete library used by mln $ worth contracts. https://www.trustnodes.com/2017/11/07/ether eums-parity-hacked-half-million-eth-frozen
  • 33. drdr_zz • Use open source libraries that handle typical errors (e.g. SafeMath for overflows). • Write tests for boundary conditions. • Verify the correctness and test libraries that you plan to use. Fact II - Smart contract is a program
  • 34. drdr_zz - EPISODE II – SMART CONTRACTS SECURITY Fact III - Smart contracts have limitations
  • 35. drdr_zz Fact III – Smart contracts have limitations Gas Limit • All transactions are given some gas. • All operations cost some gas. • Transaction is rejected if gas limit is exceded.
  • 36. drdr_zz Fact III – Smart contracts have limitations Gas Limit • All transactions are given some gas. • All operations cost some gas. • Transaction is rejected if gas limit is exceded.
  • 37. drdr_zz Fact III – Smart contracts have limitations Gas Limit • All transactions are given some gas. • All operations cost some gas. • Transaction is rejected if gas limit is exceded.
  • 38. drdr_zz Fact III – Smart contracts have limitations Gas Limit • All transactions are given some gas. • All operations cost some gas. • Transaction is rejected if gas limit is exceded.
  • 39. drdr_zz Fact III – Smart contracts have limitations Gas Limit • All transactions are given some gas. • All operations cost some gas. • Transaction is rejected if gas limit is exceded. The attack: DoS the contract. The idea: to prevent infinite loops.
  • 40. drdr_zz Fact III – Smart contracts have limitations Gas Limit – DoS on auction contract BID Auction 0 ETH 1 ETH BIDBID 100
  • 41. drdr_zz Fact III – Smart contracts have limitations Gas Limit – DoS on auction contract BID Auction 2 ETH BID 2 ETH BIDBID 100
  • 42. drdr_zz Fact III – Smart contracts have limitations Gas Limit – DoS on auction contract BID Auction 3 ETH 3 ETH BIDBIDBID 100
  • 43. drdr_zz Fact III – Smart contracts have limitations Gas Limit – DoS on auction contract BID Auction 3 ETH 4 ETH BIDBIDBID 100 Further bids are blocked.
  • 44. drdr_zz Fact III – Smart contracts have limitations Gas Limit – DoS on auction contract Auction 3 ETH Further bids are blocked. WINNER!
  • 45. drdr_zz • Learn the limitations of Ethereum (gas, randomness, etc.). • Learn the way of handling these limitations. • Write tests for handling limitations. Fact III - Smart contracts have limitations
  • 46. drdr_zz - EPISODE II – SMART CONTRACTS SECURITY Fact IV - Smart contracts have specific vulns
  • 47. drdr_zz Fact IV – Smart contracts have specific vulns Re-entrancy • Unintended recurrence in smart contracts. withdrawBalance
  • 48. drdr_zz Fact IV – Smart contracts have specific vulns Re-entrancy • Unintended recurrence in smart contracts. withdrawBalance send Ether
  • 49. drdr_zz Fact IV – Smart contracts have specific vulns Re-entrancy • Unintended recurrence in smart contracts. withdrawBalance send Ether
  • 50. drdr_zz Fact IV – Smart contracts have specific vulns Re-entrancy • Unintended recurrence in smart contracts. withdrawBalance withdrawBalance withdrawBalance send Ether
  • 51. drdr_zz Online • Remix • Securify • SmartCheck How to test smart contracts? Offline • Solhint • Oyente • Myhtril Best practices • ConsenSys
  • 52. drdr_zz EPISODE II – SMART CONTRACTS INTEGRATION
  • 53. drdr_zz • Online wallets • Crypto exchanges • Games • ICOs Popular webapps integrated with smart contracts Attack webapp and generate malicious transaction. Let’s steal some tokens from the exchange.
  • 54. drdr_zz Typical withdrawal transaction 50 GTN Receiver address Function Address Parameter Value Parameter
  • 55. drdr_zz Not a bug, it’s a feature Let’s use to short address. Function Address Value Function Short address ValueValue
  • 56. drdr_zz Not a bug, it’s a feature Let’s use to short address. Function Address Value Function Short address ValueModified address Value
  • 57. drdr_zz Not a bug, it’s a feature Let’s use to short address. Function Address Value Function Short address ValueModified address Value
  • 58. drdr_zz Not a bug, it’s a feature Let’s use to short address. 000 Function Address Value Function Short address ValueModified address Value
  • 59. drdr_zz A little misunderstanding What user tried to do: Send 2399.99 GNT to the 0x79735 address. What Ethereum understood: Send approx. 2 * 1045 GNT to the 0x079735000000000000000000000000 0000000000 address. 0000000000000000000000000000000000 Func Short address Value Func Padded address Shifted (padded) value
  • 60. drdr_zz • Deposit 1 Ethereum Token. • Generate Ethereum address with zero-byte suffix (a matter of seconds). • Withdraw 1 Ethereum Token and send address without last byte. • Receive 256 Ethereum Tokens. How to attack exchange?
  • 61. drdr_zz How I have stolen tokens from exchange? Func Short address Value Func Padded address Shifted (padded) value 00 • Deposited 0.47 GTN • Withdrew approx. 120 GTN (256 times more)
  • 62. drdr_zz • But to whom? • No information about the owner on exchange website! • Be like Sherlock and find him. • Time is running! Let’s report the vulnerability
  • 63. drdr_zz • How to responsibly disclosure the vulnerability in smart contract? • How to inform the owner of smart contract? • Would you steal crypto and the look for the owner? That is general problem Send him an encrypted message kept on Ethereum.
  • 64. drdr_zz Responsible Disclosure Ethereum Messenger My idea Online: https://securing.github.io/eth-rd-messenger/ GitHub: https://github.com/securing/eth-rd-messenger This tool is used to: • send a secret message to the owner of a personal or contract Ethereum address, encypted with its owner ECC public key, • decrypt the message sent to the personal address or contract's owner.
  • 66. drdr_zz Vulnerabilities Similar to classic programs • Overflows and underflows • Unauthorized access to functions • Insecure libraries • Business logic vulns Specific for smart contracts • Related to Ethereum limitations (gas limit, randomness, etc.) • Re-entrancy • and more
  • 67. drdr_zz Top10 recommendations 1. Remember that all data is public in blockchain. 2. Do not keep secret data as plaintext in smart contract. 3. Use blind commitments. 4. Set visibility type to all functions. 5. Learn the limitations of Ethereum and how to handle them. 6. Write tests for handling limitations and for boundary conditions. 7. Verify the libraries than you plan to use. 8. Use the best security practices. 9. Consider threats from apps integrating with blockchain. 10. Test your contracts and blockchain applications.
  • 68. drdr_zz Keep Calm And Hack Smart Contracts! SecuRing Smart Contracts Contest! Follow us on Twitter: @SecuRingPL @drdr_zz
  • 69. Thank you! Damian Rusinek (@drdr_zz) damian.rusinek@securing.pl Questions?