After web 1.0 and web 2.0, web3 has arrived! After a brief introduction, where we will look at the evolution of the web and what has changed as far as security is concerned, we will dive into blockchain to understand how to attack Smart Contracts on Ethereum, how these intersect with more classic vulnerabilities, and what are the main vulnerabilities we can find in contracts written in Solidity.
3. Agenda
• What are Smart Contracts?
• What are dApps?
• What is an Audit?
• Common Vulnerabilities
4. Agenda
• What are Smart Contracts?
• What are dApps?
• What is an Audit?
• Common Vulnerabilities
5. Are simply programs that runs on the Ethereum blockchain. It’s a
collection of code (its functions) and data (its state) that resides at a
specific address on the Ethereum blockchain.
https://ethereum.org/en/developers/docs/smart-contracts/
7. Turing-complete programming language that can be used to
create “contracts” that can be used to encode arbitrary state
transition functions [...]. The code in Ethereum contracts is
written in a low-level, stack-based bytecode language,
referred to as “Ethereum virtual machine code” or “EVM
code”. The code consists of a series of bytes, where each byte
represents an operation
https://ethereum.org/669c9e2e2027310b6b3cdce6e1c52962/Ethereum_Whitepaper_-_Buterin_2014.pdf
8. systems which automatically move digital assets according to
arbitrary pre-specified rules. For example, one might have a
treasury contract of the form "A can withdraw up to X
currency units per day, B can withdraw up to Y per day, A and
B together can withdraw anything, and A can shut off B's
ability to withdraw".
[…]
https://ethereum.org/669c9e2e2027310b6b3cdce6e1c52962/Ethereum_Whitepaper_-_Buterin_2014.pdf
9.
10.
11. […]
The logical extension of this is decentralized autonomous
organizations (DAOs) - long-term smart contracts that
contain the assets and encode the bylaws of an entire
organization
https://ethereum.org/669c9e2e2027310b6b3cdce6e1c52962/Ethereum_White
paper_-_Buterin_2014.pdf
16. DAO
splitDAO
Attacker
fallback
DAO
withdrawRewardFor
DAO
recipient.call.value
Race to Empty
1. The attacker used the attacking
contract to call the splitDAO
function.
2. The splitDAO function called the
withdrawRewardFor function.
3. The withdrawRewardFor function
called the payOut function.
4. he payOut function called the
recipient.call.value function.
5. recipient.call.value passed the flow
to the fallback function of the
attacking contract.
6. The fallback function of the attacking
contract, after moving the funds,
called the splitDAO function
recursively
24. Agenda
• What are Smart Contracts?
• What are dApps?
• What is an Audit?
• Common Vulnerabilities
25. Often Centralized
“They are the gates of the kingdom.”
Ethereum Nodes
That communicates via API
Better in a Decentralized Storage
Client
and his/her Signer
Front-End
JavaScript, HTML, CSS
API Endpoints
JSON-RPC
External Smart Contracts
Bytecode (Backend)
EVM
Execution of Bytecode
Blocks
States & Transactions (Storage)
Blocks
States & Transactions (Storage)
Blocks
States & Transactions (Storage)
Proprietary Smart Contracts
Bytecode (Backend)
External Smart Contracts
Bytecode (Backend)
Layer 0
Layer 1
Layer 2
Layer 3
Layer 4
Layer 5
Layer 6
26. web3.js
API Endpoint to Ethereum
Blockchain
“Web 2.0” Application
Ethereum Blockchain
User Browser with a
Signer
(e.g., MetaMask)
UNISWAP
27. Agenda
• What are Smart Contracts?
• What are dApps?
• What is an Audit?
• Common Vulnerabilities
28. A smart contract audit is a detailed analysis of
smart contract code to pre-emptively identify
security vulnerabilities and find solutions that
prevent exploits by malicious actors, as well as
remove inefficient coding practices.
https://chain.link/education-hub/how-to-audit-smart-contract
29. What are the two (three) testing
techniques?
(tip: book pages 11 and 12)
30. Static Analysis
We analyze the source code of the application.
The analysis is performed without executing the
code, which remains “static”.
It is necessary to know the language in which the
software is written, the peculiar vulnerabilities,
and how to recognize them by reading.
31. Dynamic Analysis
We analyze an application when code is
executed in its environment, manipulating the
input and observing the application reactions.
We call this practice fuzzing.
32. Hybrid Analysis
We have both the running environment and the
source code.
We can test what we read e.g., looking for some
good entry points from the source code.
33. 1. Pre-Engagement
Interactions
Initial Consultation, Scope Agreement,
Resource Allocation, Timeline
Establishment
3. Automated Analysis
Use automated Tools to scan the code
4. Manual Static
Analysis
In depth-review, code
quality, documentation
6. Initial Report
Initial Report delivered
and Discussions with
Developers
2. Threat
Modeling
Identify Threat Agents,
Asset Identification,
Vulnerability Mapping,
Risk Assessment
5. Manual Dynamic
Analysis
Interactive Testing, Proof of
Concepts and Edge Case
Exploitation
7. Final Report
Final verification after the fixes
39. Agenda
• What are Smart Contracts?
• What are dApps?
• What is an Audit?
• Common Vulnerabilities
40. Agenda
• What are Smart Contracts?
• What are dApps?
• What is an Audit?
• Common Vulnerabilities
• Reentrancy
• Integer Overflow
• Logic Errors
• Insecure Randomness
47. Agenda
• What are Smart Contracts?
• What are dApps?
• What is an Audit?
• Common Vulnerabilities
• Reentrancy
• Integer Overflow
• Logic Errors
• Insecure Randomness
51. Integer Overflow and Underflow
An integer overflow occurs when an integer value is incremented to a
value that is too large to store in the associated representation.
When this occurs,
the value may wrap to become a very small or negative number.
https://cwe.mitre.org/data/definitions/190.html
54. Agenda
• What are Smart Contracts?
• What are dApps?
• What is an Audit?
• Common Vulnerabilities
• Reentrancy
• Integer Overflow
• Logic Errors
• Insecure Randomness
55. Abritrage CTF
Admin has gifted you 5e18
Btokens on your birthday.
Using A,B,C,D,E token pairs
on swap contracts, increase
your BTokens.
Interface to Uniswap v2
https://quillctf.super.site/challenges/quillctf-x-quickswap/arbitrage
56. Vulnerability Description
Arbitrage arises when price discrepancies exist across
different markets, trading pairs or Liquidity Pools for the
same asset.
However, trading fees, gas fees, and slippage must be
considered.
To evaluate arbitrage opportunities it is possible to
evaluate the indirect and circular trade “paths”, starting
from B and ending with B when the exchange rate is
calculated from the quantity of different tokens present
in each pool.
B -> A -> C -> B
B -> A -> D -> B
B -> A -> E -> B
B -> C -> A -> B
B -> C -> D -> B
B -> C -> E -> B
B -> D -> A -> B
B -> D -> C -> B
B -> D -> E -> B
B -> E -> A -> B
B -> E -> C -> B
B -> E -> D -> B
https://docs.uniswap.org/contracts/v2/concepts/core-concepts/pools
58. Agenda
• What are Smart Contracts?
• What are dApps?
• What is an Audit?
• Common Vulnerabilities
• Reentrancy
• Integer Overflow
• Logic Errors
• Insecure Randomness
59. PredictableNFT CTF
You can spend 1 ether to
"mint" an NFT token with 3
possible ranks: Common(1),
Rare(2), and Superior(3).
Your goal is to mint the
Superior ones.
No open source!
https://academy.quillaudits.com/challenges/quillctf-challenges/predictable-nft
0x6080604052600436106100345760003560e01c80631249c58b1461
00395780634f64b2be14610053578063af640d0f14610080575b6000
80fd5b610041610096565b60405190815260200160405180910390f3
5b34801561005f57600080fd5b5061004161006e366004610195565b
60016020526000908152604090205481565b34801561008c57600080
fd5b5061004160005481565b600034670de0b6b3a7640000146100e7
5760405162461bcd60e51b8152602060048201526011602482015270
73686f77206d6520746865206d6f6e657960781b6044820152606401
60405180910390fd5b60016000808282546100f991906101ae565b90
91555060009050610109610123565b60008054815260016020526040
8120919091555492915050565b600080546040805160209290925233
81019082015243606082015281906064906080016040516020818303
038152906040528051906020012060001c61016991906101d5565b90
50605a81111561017c57600391505090565b605081111561018d5760
0291505090565b600191505090565b6000602082840312156101a757
600080fd5b5035919050565b808201808211156101cf57634e487b71
60e01b600052601160045260246000fd5b92915050565b6000826101
f257634e487b7160e01b600052601260045260246000fd5b50069056
fea2646970667358221220096531f348141ff48072e95527df0fbfd1
2e1c9a4cc0fdfc0c383efac289405164736f6c63430008130033
60.
61. Vulnerability Description
Line 17: Check that the function
has received at least `10^18`, 1
ETH
Line 18: Checks the overflow of
the `id` (contained in the storage)
and then increments it by 1
Line 21: Performs `sha3` of the
`id`, calling address (`caller`) and
blocknumber (`block.number`)
and executes the `% 100` (to
return a number maximum to
100). Then if the result is > 90 it
generates an NFT of rank 3 and
returns the `id`.
64. Conclusion
20% is the % of vulnerabilities that can be found
by automatic tools
It is crucial to understand the Threat Model as
most of the vulnerabilities are Business Logic!