[OPD 2019] Web Apps vs Blockchain dApps

www.securing.pldrdr_zz
Damian Rusinek
Web Apps vs Blockchain
dApps (Smart Contracts):
tools, vulns and standards
OWASP Poland Day, Wrocław 2019
16th of October 2019

www.securing.pldrdr_zzdrdr_zz
Damian Rusinek
damianrusinek @ github
• Pentester
• Researcher
• Focused on blockchain and smart contracts
Security Researcher & Pentester
Assistant Professor
Introducing Decentralized Applications by analogy to Web Apps
https://bit.ly/2kpfKkm
Last year on AppSec EU London
& OWASP Poland Day Warsaw
drdr_zz

Web 3.0
They are using Decentralized Applications or Platforms

www.securing.pldrdr_zz www.securing.pldrdr_zz
Decentralized Apps
And why are they becoming important?
WHAT IS IT?

What are Decentralized Applications?
• Decentralized Application are like Web Applications with decentralized
storage and governance.
• Web Apps
• Facebook
• Reddit
• Decentralized Apps
• Steemit (a kind of decentralized Reddit)

Why are Decentralized Applications important?
• There exist great projects already:
• Augur (decentralized oracle and prediction market),
• Gnosis (prediction platform),
• MakerDAO (decentralized finance).
• The market is worth billions of $ in cryptocurrencies.
• A chance for new technologies (e.g. financial technology)
• Easy decentralized banking,
• No brokers (direct payments).
• Big players:
• Hyperledger (Linux Foundation, IBM, Intel, SAP),
• Libra (Facebook).

What is so special about Decentralized Apps?
• Trustlessness: Use blockchain to store code and data (state).
• No one can turn it off permanently (anyone can bring it to live).
• Everyone can have it (like keeping the database of FB or Reddit locally).

Where is the main difference?
Architecture
Decentralized ApplicationWeb Application

Where is the main difference?
Architecture
Web Application Hybrid Decentralized Application

Decentralized Apps
ARE THOSE SECURE?

Are Decentralized Apps secure?
• Undestroyable: No one can turn it off
• Cryptographically secure: All transactions are digitally signed
• Publicly verifiable: Anyone can verify the code of smart contracts
• But still….

Are Decentralized Apps secure?
• Undestroyable: No one can turn it off
• Cryptographically secure: All transactions are digitally signed
• Publicly verifiable: Anyone can verify the code of smart contracts
• But still….
Expectations Reality

Web Apps vs Decentralized Apps
WE NEED SECURITY!

Security Projects & Standards
Web Apps
• Most common vulnerabilities?
• OWASP Top 10
• The knowledge base about the
weaknesses?
• Mitre CWE (Common Weakness
Enumeration)
• The end to end security checklist to
perform an audit?
• OWASP ASVS (Application
Security Verification Standard)
Decentralized Apps
• DASP Top 10 (https://dasp.co)
weaknesses?
• SWC Registry
(https://smartcontractsecurity.github.io/SWC-registry/)
perform an audit?

SCSVS
- Smart Contracts Security Verification Standard

• Objectives:
• Provide a checklist for architects, developers and security
reviewers.
• Help to mitigate known vulnerabilities by design.
• Help to develop high quality code of the smart contracts.
• Provide a clear and reliable assessment of how secure the
smart contract is in relation to the percentage of SCSVS
coverage.
• Format similar to ASVS.
SCSVS - Objectives

SCSVS - Categrories
V8: Business Logic
V9: Denial of Service
V10: Token
V11: Code Clarity
V12: Test Coverage
V13: Known Attacks
V1: Architecture, Design
and Threat Modelling
V2: Access Control
V3: Blockchain Data
V4: Communications
V5: Arithmetic
V6: Malicious Input
Handling
V7: Gas Usage & Limitations

Software Development Life Cycle
SCSVS covers all stages
of SDLC process.

• Approaches
• OWASP SAMM
• SDL (Security Development
Lifecycle)
• BSIMM (Builing Secuirty in Maturity
Model)
Software Development Life Cycle
DISCLAIMER
This is not a presentation about how
to introduce security to your SDLC.

- Analysis & Requirements
SDLC

Similiarities
• Threat modelling
SDLC – Analysis & Requirements
1.1 Verify that the every introduced design change is preceded by an earlier threat
modelling.
1.2 Verify that the documentation clearly and precisely defines all trust boundaries
in the contract (trusted relations with other contracts and significant data flows).

Differences – Sensitive data
Web Apps
• Stored in protected database
Decentralized Apps
• Stored on public blockchain
• Forever
• Anyone can read
3.1 Verify that any data saved in the contracts is not considered safe or private
(even private variables).
3.2 Verify that no confidential data is stored in the blockchain (passwords, personal
data, token etc.).

Differences – Public access
Web Apps
• Allowed only to part of application
• Frontend
• API
Decentralized Apps
• Allowed to the whole application
• Code is public
• Functions are public by default

Differences – Public access
• Parity Wallet hack
• 150k ETH stolen (~30kk $)
• https://bit.ly/2kpfKkm
2.7 Verify that visibility of all functions is specified.

Differences – Randomness
Web Apps
• A matter of a function call
Decentralized Apps
• Not trivially achieved in the
decentralized computer
• No local parameters can be used

Differences – Randomness
• EOSPlay hack
• 30k EOS stolen (~100k USD)
• SmartBillions Lottery hack
• 400 ETH stolen (~80k USD)
• https://bit.ly/2jJEKPd
7.5 Verify that the contract does not generate pseudorandom numbers trivially
basing on the information from blockchain (e.g. seeding with the block number).

New threat actors for Decentralized Apps
SDLC – Requirements & Analysis
• Miners/Validators
• Validate transactions and add new blocks

• Augur vulnerability
• DoS on smart contract
• Business logic abuse by miner
• 5k $ bounty
https://hackerone.com/reports/377398

8.1 Verify that the contract logic implementation corresponds to the
documentation.
8.3 Verify that the contract has business limits and correctly enforces it.
9.3 Verify that the contract logic does not disincentivize users to use contracts (e.g.
the cost of transaction is higher than the profit).

- Design
SDLC

Similiarities
• Least privilege rule
• Access control
• Public and known to everyone
• Centralized and simple
SDLC – Design
2.3 Verify that the creator of the contract complies with the rule of least privilege and
his rights strictly follow the documentation.
2.11 Verify that all user and data attributes used by access controls are kept in trusted
contract and cannot be manipulated by other contracts unless specifically authorized.

Differences – Loops
SDLC – Design
Web Apps
• Infinite loops -> DoS
Decentralized Apps
• Unbound loops -> DoS

Differences – Loops
SDLC – Design
• GovernMentals
• A ponzi scheme
• Iteration over a huge array
• 1100 ETH frozen
• https://bit.ly/2kVXwaj
7.3 Verify that the contract does not iterate over unbound loops.
8.8 Verify that the contract does not send funds automatically but it lets
users withdraw funds on their own in separate transaction instead.

Decreasing the risk
SDLC – Design
• Decentralized Applications keep cryptocurrencies
• The higher the amount the bigger the incentive for hackers
1.8 Verify that the amount of cryptocurrencies kept on contract is controlled and at
the minimal acceptable level.

- Implementation
SDLC

• Great tools
• Perform basic security analysis
• But we still make bugs.
• Sounds familiar? ☺
SDLC – Implementation

Similarities – Arithmetic bugs
Web Apps
• Not that common
Decentralized Apps
• Overflows and underflows

• Multiple ERC20 Smart Contracts
• Allow to transfer more than
decillions (10^60) of tokens
• https://bit.ly/2lWa9ma
• https://bit.ly/2ksNEF1

5.1 Verify that the values and math operations are resistant to integer
overflows. Use SafeMath library for arithmetic operations.
5.2 Verify that the extreme values (e.g. maximum and minimum values of the
variable type) are considered and does change the logic flow of the contract.
5.3 Verify that non-strict inequality is used for balance equality.

Differences – Recursive calls
Web Apps
• Must be explicitly included in the
logic
Decentralized Apps
• Executing some logic multiple times
in one call
• The DAO hack
• Recursive withdrawals
• 3.6 mln ETH stolen
• https://bit.ly/2hBQjKq
4.5 Verify that re-entrancy attack is mitigated by blocking recursive calls from
other contracts. Do not use call and send function unless it is a must.
4.6 Verify that the result of low-level function calls (e.g. send, delegatecall,
call) from another contracts is checked.

- Testing
SDLC

Similarities – Great tools for automatic scans
SDLC – Testing
Web Apps Decentralized Apps
1.11 Verify that code analysis tools are in use that
can detect potentially malicious code.
https://securify.ch https://bit.ly/2mpaL3U
https://tool.smartdec.net
https://mythx.io/

Similiarities – Ensuring the testing takes place
• including manual security tests
12.1 Verify that all functions of verified contract are covered with tests in the
development phase.
12.2 Verify that the implementation of verified contract has been checked for
security vulnerabilities using static and dynamic analysis.
12.3 Verify that the specification of smart contract has been formally verified.
12.4 Verify that the specification and the result of formal verification is included in
the documentation.
1.3 Verify that the SCSVS, security requirements or policy is available to all
developers and testers.

Similiarities – Business logic errors
• Hard to find using automated scans
• MakerDAO vulnerability
• Allows to create DAI
cryptocurrency without
coverage
• 25k $ bounty
1.10 Verify that the business logic in contracts is consistent. Important changes in the logic
should be allowed for all or none of the contracts.
8.2 Verify that the business logic flows of smart contracts proceed in a sequential step order
and it is not possible to skip any part of it or to do it in a different order than designed.
https://hackerone.com/reports/672664

- Deployment
SDLC

Differences – Initialization stage
SDLC – Deployment
Web Apps
• Setting up configurations and
integrations
• Performed once during deployment
Decentralized Apps
• Setting up configurations and
integrations
• What if one can (re-)initialize the
contract?

SDLC – Deployment
• Parity Wallet hack (2nd):
• Kill contract shared by hundreds
of other contracts
• 500k ETH frozen (~100kk USD)
• https://bit.ly/2kIBYhA
• https://bit.ly/2kpfKkm

SDLC – Deployment
11.7 Verify that all storage variables are initialised.
2.8 Verify that the initialization functions are marked
internal and cannot be executed twice.
9.1 Verify that the self-destruct functionality is used only
if necessary.

- Maintenance
SDLC

Similarities – Logs
SDLC – Maintenance
Web Apps
• Kept safe on the server
Decentralized Apps
• Public events
3.4 Verify that there is a component that monitors access to sensitive
contract data using events.

Differences – Security Alert and Fix
SDLC – Maintenance
Web Apps
• Application goes down
• The bug is fixed (patch)
• Application redeployed
Decentralized Apps
• Smart contract goes down
• The bug is fixed (patch)
• Smart contract deployed again
1.6 Verify that there exists a mechanism that can temporarily stop the sensitive functionalities of the contract in
case of a new attack. This mechanism should not block access to the assets (e.g. tokens) for the owners.
1.4 Verify that there exists an upgrade process for the contract which allows
to deploy the security fixes.

Security Projects & Standards
Web Apps
• OWASP Top 10
weaknesses?
• Mitre CWE (Common Weakness
Enumeration)
perform an audit?
• OWASP ASVS (Application
Security Verification Standard)
Decentralized Apps
• DASP Top 10 (https://dasp.co)
weaknesses?
• SWC Registry
(https://smartcontractsecurity.github.io/SWC-registry/)
perform an audit?
SCSVS

V13: Known attacks
SCSVS – The special category
• Quick check for well known attacks
13.4 Verify that the contract is not vulnerable to Silent Failing Sends and
Unchecked-Send attacks.
[4.6] Verify that the result of low-level function calls (e.g. send, delegatecall, call)
from another contracts is checked.
[4.7] Verify that the third party contracts do not shadow special functions (e.g.
revert).
13.2 Verify that the contract is not vulnerable to Reentrancy attack.
[4.5] Verify that the re-entrancy attack is mitigated by blocking recursive calls from
the other contracts. Do not use call and send functions unless it is a must.

www.securing.pldrdr_zz
Thank you!
Damian.Rusinek@securing.pl
@drdr_zz
Free 13-part
security checklist
Want a security audit
of smart contract?
Go for SCSVS!

[OPD 2019] Web Apps vs Blockchain dApps

More Related Content

What's hot (20)

Similar to [OPD 2019] Web Apps vs Blockchain dApps (20)

More from OWASP (20)

Recently uploaded (20)

[OPD 2019] Web Apps vs Blockchain dApps