SlideShare a Scribd company logo

Security challenges in Ethereum smart contract programming

S
Sergei Tikhomirov

Slides for a talk at the CLUSIL Blockchain series #4 event (https://www.clusil.lu/#events) Luxembourg, 7 September 2017 Video: https://youtu.be/xdb2Le8vqq0

Technology
1 of 46
Download to read offline
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 1/32 Security challenges in Ethereum smart contract programming Sergei Tikhomirov CLUSIL Blockchain series – Installment #4 Luxembourg, 7 September 2017
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 2/32 Outline Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 3/32 Who am I: Sergei Tikhomirov PhD researcher (SnT / CryptoLUX) Main topic: Ethereum security Previously in code analysis / bug detection
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 4/32 Blockchain is a hype Total market cap 8X YTD ICO boom, innovative financial apps
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 5/32 Security issues New execution paradigm: trustless network of nodes
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 5/32 Security issues New execution paradigm: trustless network of nodes A whole software stack developed from scratch (consensus layer, compilers, VM)
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 5/32 Security issues New execution paradigm: trustless network of nodes A whole software stack developed from scratch (consensus layer, compilers, VM) Financially motivated anonymous attackers
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 6/32 Massive security breaches The DAO hack (2016) Parity wallet bug (2017)
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 7/32 Ethereum in one slide Account: controlled by key (like in Bitcoin) or by code (smart contract)
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 7/32 Ethereum in one slide Account: controlled by key (like in Bitcoin) or by code (smart contract) Nodes store state (balances, code, data), execute code, extend blockchain (PoW)
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 7/32 Ethereum in one slide Account: controlled by key (like in Bitcoin) or by code (smart contract) Nodes store state (balances, code, data), execute code, extend blockchain (PoW) Developers write contracts in Solidity, compile to bytecode, deploy to blockchain
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 7/32 Ethereum in one slide Account: controlled by key (like in Bitcoin) or by code (smart contract) Nodes store state (balances, code, data), execute code, extend blockchain (PoW) Developers write contracts in Solidity, compile to bytecode, deploy to blockchain Users interact with contracts via transactions (e.g., send ether, perform computation)
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 8/32 Three types of blockchain devs Core protocol developers create basic infrastructure (virtual machine, compilers, consensus)
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 8/32 Three types of blockchain devs Core protocol developers create basic infrastructure (virtual machine, compilers, consensus) Contract developers create contracts on top of basic infrastructure (assuming it works as specified)
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 8/32 Three types of blockchain devs Core protocol developers create basic infrastructure (virtual machine, compilers, consensus) Contract developers create contracts on top of basic infrastructure (assuming it works as specified) Dapp developers create blockchain-interfacing apps
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 9/32 Five security challenges in Solidity
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 10/32 Challenge 1: External calls Ethereum contracts can call other contracts Those can be malicious!
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 11/32 Re-entrancy attack: problem 1 mapping (address => uint) private balances; 2 // msg.sender is a user withdrawing their funds 3 function withdraw () public { 4 uint amount = balances[msg.sender ]; 5 if (!( msg.sender.call.value(amount)())) { 6 revert; 7 } 8 balances[msg.sender] = 0; 9 }
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 11/32 Re-entrancy attack: problem 1 mapping (address => uint) private balances; 2 // msg.sender is a user withdrawing their funds 3 function withdraw () public { 4 uint amount = balances[msg.sender ]; 5 if (!( msg.sender.call.value(amount)())) { 6 revert; 7 } 8 balances[msg.sender] = 0; 9 } External contract at msg.sender calls withdraw again (line 4), while balance[msg.sender] is still non zero.
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 12/32 Re-entrancy attack: solution 1 mapping (address => uint) private balance; 2 function withdraw () public { 3 uint amount = balance[msg.sender ]; 4 balance[msg.sender] = 0; 5 if (!( msg.sender.call.value(amount)())) { 6 revert; 7 } 8 } First update balance[msg.sender] (line 4), then do actual withdraw (line 5) Checks – effects – interactions
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 13/32 Challenge 2: Miners’ influence Miners can: Censor transactions (→ DoS)
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 13/32 Challenge 2: Miners’ influence Miners can: Censor transactions (→ DoS) Re-order transactions (→ front-running)
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 13/32 Challenge 2: Miners’ influence Miners can: Censor transactions (→ DoS) Re-order transactions (→ front-running) Manipulate environment variables (→ insecure randomness)
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 14/32 Insecure randomness: problem 1 function determineWinner (address player1 , address player2) 2 returns (address winner) { 3 if (block.timestamp % 2 == 0) { 4 return player1; 5 } else { 6 return player2; 7 } 8 }
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 15/32 Insecure randomness: solution Implement a commit-reveal scheme Use secure randomness sources RANDAO Bitcoin blocks via BTCRelay trusted oracles
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 16/32 Challenge 3: Immutability Q: Isn’t immutability a good thing?
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 16/32 Challenge 3: Immutability Q: Isn’t immutability a good thing? A: Yes, but there is a caveat...
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 16/32 Challenge 3: Immutability Q: Isn’t immutability a good thing? A: Yes, but there is a caveat... A deployed contract can’t be patched
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 17/32 Example: Black hole contract 1 contract BlackHole { 2 function () payable { } 3 function getBalance () 4 constant 5 returns (uint) { 6 return this.balance; 7 } 8 } The contract can receive ether (line 2), but there is no way to withdraw it (though you can check the balance).
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 18/32 Deal with immutability Test contracts fully before deployment Revert payments you don’t expect Avoid unrecoverable states
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 19/32 Challenge 4: Privacy All transactions are broadcast in plaintext Anyone can download and analyze history Blockchain analysis tools only get better The private modifier does not hide the variable, it only prevents external contracts from changing it
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 20/32 Challenge 5: Execution cost Users pay gas for every execution step Centralized clouds are much cheaper
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 20/32 Challenge 5: Execution cost Users pay gas for every execution step Centralized clouds are much cheaper Ethereum is not a ”world computer”... ...and definitely not a cloud storage
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 21/32 Gas costs defined in Yellow paper
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 22/32 Example: using storage inside loop 1 uint [255] res; 2 function costlyFunction () { 3 for (uint8 i = 0; i < 255; i++) { 4 res[i] = (255 - i) * i; 5 } 6 } Running this costlyFunction is $601 1 5m gas @ 35 gwei, $330 / ETH
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 22/32 Example: using storage inside loop 1 uint [255] res; 2 function costlyFunction () { 3 for (uint8 i = 0; i < 255; i++) { 4 res[i] = (255 - i) * i; 5 } 6 } Running this costlyFunction is $601 More importantly, tx’s calling costlyFunction will likely never be confirmed (block limit is around 6.7m gas) 1 5m gas @ 35 gwei, $330 / ETH
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 23/32 Optimizing contracts for gas costs Avoid iterating over large arrays Avoid using permanent storage Measure and optimize gas consumption Move all except security critical computations off-chain
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 24/32 Five issues: takeaway External = dangerous Miners influence execution Contracts are immutable Blockchain is not private On-chain computation is expensive
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 25/32 Writing secure contracts: practical advice
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 26/32 Step 1. Write specification Describe what you want before implementing it: you can’t fix incorrect code without defining correct Is public blockchain the right tool? Can you use a database? Permissioned blockchain? Private instance of Ethereum?
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 27/32
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 28/32 Step 2. Check source code Adhere to best practices Update software (compiler, framework) Run analysis tools (Oyente, Securify, Solgraph)
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 29/32 Step 3. Check bytecode Compiler may have bugs Bytecode is what is actually executed Run analysis tools (Dr Y’s analyzer) Run verification tools (not yet available)
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 30/32 Step 4. Check dApp as a whole Create tests at early development stages Truffle framework: truffle test Make sure to cover all cases (solidity-coverage)
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 31/32 Conclusion Smart contracts are still a new technology Potential is enormous, but security issues are inevitable Tread carefully!
Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 32/32 Questions? securityandtrust.lu cryptolux.org s-tikhomirov.github.io

Recommended

Security challenges in Ethereum smart contract programming (ver. 2)
Security challenges in Ethereum smart contract programming (ver. 2)Security challenges in Ethereum smart contract programming (ver. 2)
Security challenges in Ethereum smart contract programming (ver. 2)
Sergei Tikhomirov
 
Findel: Secure Derivative Contracts for Ethereum
Findel: Secure Derivative Contracts for EthereumFindel: Secure Derivative Contracts for Ethereum
Findel: Secure Derivative Contracts for Ethereum
Sergei Tikhomirov
 
Architecture ethereum dapp
Architecture ethereum dappArchitecture ethereum dapp
Architecture ethereum dapp
Nicolas Wagner
 
Nt1310 Unit 6 Powerpoint
Nt1310 Unit 6 PowerpointNt1310 Unit 6 Powerpoint
Nt1310 Unit 6 Powerpoint
Janet Robinson
 
Hash
HashHash
Hash
Tazo Al
 
Ekiden
EkidenEkiden
Ekiden
YongraeJo
 
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
Kim Hammar
 
MyTutorialON Cryptography.ppt
MyTutorialON Cryptography.pptMyTutorialON Cryptography.ppt
MyTutorialON Cryptography.ppt
halosidiq1
 

Recommended

Security challenges in Ethereum smart contract programming (ver. 2)
Security challenges in Ethereum smart contract programming (ver. 2)Security challenges in Ethereum smart contract programming (ver. 2)
Security challenges in Ethereum smart contract programming (ver. 2)
Sergei Tikhomirov
 
Findel: Secure Derivative Contracts for Ethereum
Findel: Secure Derivative Contracts for EthereumFindel: Secure Derivative Contracts for Ethereum
Findel: Secure Derivative Contracts for Ethereum
Sergei Tikhomirov
 
Architecture ethereum dapp
Architecture ethereum dappArchitecture ethereum dapp
Architecture ethereum dapp
Nicolas Wagner
 
Nt1310 Unit 6 Powerpoint
Nt1310 Unit 6 PowerpointNt1310 Unit 6 Powerpoint
Nt1310 Unit 6 Powerpoint
Janet Robinson
 
Hash
HashHash
Hash
Tazo Al
 
Ekiden
EkidenEkiden
Ekiden
YongraeJo
 
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
Kim Hammar
 
MyTutorialON Cryptography.ppt
MyTutorialON Cryptography.pptMyTutorialON Cryptography.ppt
MyTutorialON Cryptography.ppt
halosidiq1
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
Amir Neziri
 
Nt1330 Unit 4 Dthm Paper
Nt1330 Unit 4 Dthm PaperNt1330 Unit 4 Dthm Paper
Nt1330 Unit 4 Dthm Paper
Jennifer Reither
 
Intrusion Prevention through Optimal Stopping
Intrusion Prevention through Optimal StoppingIntrusion Prevention through Optimal Stopping
Intrusion Prevention through Optimal Stopping
Kim Hammar
 
Chapter8 27 nov_2010
Chapter8 27 nov_2010Chapter8 27 nov_2010
Chapter8 27 nov_2010
Umang Gupta
 
Daniel Connelly Ethereum Smart Contract Master's Thesis
Daniel Connelly Ethereum Smart Contract Master's ThesisDaniel Connelly Ethereum Smart Contract Master's Thesis
Daniel Connelly Ethereum Smart Contract Master's Thesis
Daniel Connelly
 
Best practices to build secure smart contracts
Best practices to build secure smart contractsBest practices to build secure smart contracts
Best practices to build secure smart contracts
Gautam Anand
 
Komodo Blockchain Security Service Brochure
Komodo Blockchain Security Service BrochureKomodo Blockchain Security Service Brochure
Komodo Blockchain Security Service Brochure
Jean-Phi N✅
 
AN EFFICIENT AND SECURE DIGITAL MULTI-SIGNATURE PROTOCOL BASED ON ECC
AN EFFICIENT AND SECURE DIGITAL MULTI-SIGNATURE PROTOCOL BASED ON ECCAN EFFICIENT AND SECURE DIGITAL MULTI-SIGNATURE PROTOCOL BASED ON ECC
AN EFFICIENT AND SECURE DIGITAL MULTI-SIGNATURE PROTOCOL BASED ON ECC
ijcisjournal
 
You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...
You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...
You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...
Priyanka Aash
 
Hummingbot melonport presentation | Decentralized market making
Hummingbot melonport presentation | Decentralized market makingHummingbot melonport presentation | Decentralized market making
Hummingbot melonport presentation | Decentralized market making
Yingdan (Mora) Liang
 
Blockchain School 2019 - Security of Smart Contracts.pdf
Blockchain School 2019 - Security of Smart Contracts.pdfBlockchain School 2019 - Security of Smart Contracts.pdf
Blockchain School 2019 - Security of Smart Contracts.pdf
Davide Carboni
 
SEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill ChainSEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill Chain
Erik Van Buggenhout
 
Web3’s red pill: Smashing Web3 transaction simulations for fun and profit
Web3’s red pill: Smashing Web3 transaction simulations for fun and profitWeb3’s red pill: Smashing Web3 transaction simulations for fun and profit
Web3’s red pill: Smashing Web3 transaction simulations for fun and profit
Tal Be'ery
 
Web3 Security: The Blockchain is Your SIEM
Web3 Security: The Blockchain is Your SIEMWeb3 Security: The Blockchain is Your SIEM
Web3 Security: The Blockchain is Your SIEM
Tal Be'ery
 
Learning Intrusion Prevention Policies through Optimal Stopping - CNSM2021
Learning Intrusion Prevention Policies through Optimal Stopping - CNSM2021Learning Intrusion Prevention Policies through Optimal Stopping - CNSM2021
Learning Intrusion Prevention Policies through Optimal Stopping - CNSM2021
Kim Hammar
 
Privacy & Security Aspects in Mobile Networks
Privacy & Security Aspects in Mobile NetworksPrivacy & Security Aspects in Mobile Networks
Privacy & Security Aspects in Mobile Networks
DefCamp
 
Shilpa ppt
Shilpa pptShilpa ppt
Shilpa ppt
shilpa kanhurkar
 
How to design, code, deploy and execute a smart contract
How to design, code, deploy and execute a smart contractHow to design, code, deploy and execute a smart contract
How to design, code, deploy and execute a smart contract
Joseph Holbrook, Chief Learning Officer (CLO)
 
Security_evaluation_of_smart_contract_based_Ethereum_wallets___NSS__Camera_re...
Security_evaluation_of_smart_contract_based_Ethereum_wallets___NSS__Camera_re...Security_evaluation_of_smart_contract_based_Ethereum_wallets___NSS__Camera_re...
Security_evaluation_of_smart_contract_based_Ethereum_wallets___NSS__Camera_re...
Muthusankaranarayana1
 
Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS Security
Aaron Zauner
 
Smartcheck: Static Analysis of Ethereum Smart Contracts
Smartcheck: Static Analysis of Ethereum Smart ContractsSmartcheck: Static Analysis of Ethereum Smart Contracts
Smartcheck: Static Analysis of Ethereum Smart Contracts
Sergei Tikhomirov
 
Privacy preserving KYC on Ethereum
Privacy preserving KYC on EthereumPrivacy preserving KYC on Ethereum
Privacy preserving KYC on Ethereum
Sergei Tikhomirov
 

More Related Content

Similar to Security challenges in Ethereum smart contract programming

Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
Amir Neziri
 
Chapter8 27 nov_2010
Chapter8 27 nov_2010Chapter8 27 nov_2010
Chapter8 27 nov_2010
Umang Gupta
 
Daniel Connelly Ethereum Smart Contract Master's Thesis
Daniel Connelly Ethereum Smart Contract Master's ThesisDaniel Connelly Ethereum Smart Contract Master's Thesis
Daniel Connelly Ethereum Smart Contract Master's Thesis
Daniel Connelly
 
AN EFFICIENT AND SECURE DIGITAL MULTI-SIGNATURE PROTOCOL BASED ON ECC
AN EFFICIENT AND SECURE DIGITAL MULTI-SIGNATURE PROTOCOL BASED ON ECCAN EFFICIENT AND SECURE DIGITAL MULTI-SIGNATURE PROTOCOL BASED ON ECC
AN EFFICIENT AND SECURE DIGITAL MULTI-SIGNATURE PROTOCOL BASED ON ECC
ijcisjournal
 
You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...
You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...
You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...
Priyanka Aash
 
Web3’s red pill: Smashing Web3 transaction simulations for fun and profit
Web3’s red pill: Smashing Web3 transaction simulations for fun and profitWeb3’s red pill: Smashing Web3 transaction simulations for fun and profit
Web3’s red pill: Smashing Web3 transaction simulations for fun and profit
Tal Be'ery
 
Web3 Security: The Blockchain is Your SIEM
Web3 Security: The Blockchain is Your SIEMWeb3 Security: The Blockchain is Your SIEM
Web3 Security: The Blockchain is Your SIEM
Tal Be'ery
 
Learning Intrusion Prevention Policies through Optimal Stopping - CNSM2021
Learning Intrusion Prevention Policies through Optimal Stopping - CNSM2021Learning Intrusion Prevention Policies through Optimal Stopping - CNSM2021
Learning Intrusion Prevention Policies through Optimal Stopping - CNSM2021
Kim Hammar
 
Security_evaluation_of_smart_contract_based_Ethereum_wallets___NSS__Camera_re...
Security_evaluation_of_smart_contract_based_Ethereum_wallets___NSS__Camera_re...Security_evaluation_of_smart_contract_based_Ethereum_wallets___NSS__Camera_re...
Security_evaluation_of_smart_contract_based_Ethereum_wallets___NSS__Camera_re...
Muthusankaranarayana1
 

Similar to Security challenges in Ethereum smart contract programming (20)

Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
 
Nt1330 Unit 4 Dthm Paper
Nt1330 Unit 4 Dthm PaperNt1330 Unit 4 Dthm Paper
Nt1330 Unit 4 Dthm Paper
 
Intrusion Prevention through Optimal Stopping
Intrusion Prevention through Optimal StoppingIntrusion Prevention through Optimal Stopping
Intrusion Prevention through Optimal Stopping
 
Chapter8 27 nov_2010
Chapter8 27 nov_2010Chapter8 27 nov_2010
Chapter8 27 nov_2010
 
Daniel Connelly Ethereum Smart Contract Master's Thesis
Daniel Connelly Ethereum Smart Contract Master's ThesisDaniel Connelly Ethereum Smart Contract Master's Thesis
Daniel Connelly Ethereum Smart Contract Master's Thesis
 
Best practices to build secure smart contracts
Best practices to build secure smart contractsBest practices to build secure smart contracts
Best practices to build secure smart contracts
 
Komodo Blockchain Security Service Brochure
Komodo Blockchain Security Service BrochureKomodo Blockchain Security Service Brochure
Komodo Blockchain Security Service Brochure
 
AN EFFICIENT AND SECURE DIGITAL MULTI-SIGNATURE PROTOCOL BASED ON ECC
AN EFFICIENT AND SECURE DIGITAL MULTI-SIGNATURE PROTOCOL BASED ON ECCAN EFFICIENT AND SECURE DIGITAL MULTI-SIGNATURE PROTOCOL BASED ON ECC
AN EFFICIENT AND SECURE DIGITAL MULTI-SIGNATURE PROTOCOL BASED ON ECC
 
You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...
You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...
You May Have Paid more than you imagine: Replay Attacks on Ethereum Smart Con...
 
Hummingbot melonport presentation | Decentralized market making
Hummingbot melonport presentation | Decentralized market makingHummingbot melonport presentation | Decentralized market making
Hummingbot melonport presentation | Decentralized market making
 
Blockchain School 2019 - Security of Smart Contracts.pdf
Blockchain School 2019 - Security of Smart Contracts.pdfBlockchain School 2019 - Security of Smart Contracts.pdf
Blockchain School 2019 - Security of Smart Contracts.pdf
 
SEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill ChainSEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill Chain
 
Web3’s red pill: Smashing Web3 transaction simulations for fun and profit
Web3’s red pill: Smashing Web3 transaction simulations for fun and profitWeb3’s red pill: Smashing Web3 transaction simulations for fun and profit
Web3’s red pill: Smashing Web3 transaction simulations for fun and profit
 
Web3 Security: The Blockchain is Your SIEM
Web3 Security: The Blockchain is Your SIEMWeb3 Security: The Blockchain is Your SIEM
Web3 Security: The Blockchain is Your SIEM
 
Learning Intrusion Prevention Policies through Optimal Stopping - CNSM2021
Learning Intrusion Prevention Policies through Optimal Stopping - CNSM2021Learning Intrusion Prevention Policies through Optimal Stopping - CNSM2021
Learning Intrusion Prevention Policies through Optimal Stopping - CNSM2021
 
Privacy & Security Aspects in Mobile Networks
Privacy & Security Aspects in Mobile NetworksPrivacy & Security Aspects in Mobile Networks
Privacy & Security Aspects in Mobile Networks
 
Shilpa ppt
Shilpa pptShilpa ppt
Shilpa ppt
 
How to design, code, deploy and execute a smart contract
How to design, code, deploy and execute a smart contractHow to design, code, deploy and execute a smart contract
How to design, code, deploy and execute a smart contract
 
Security_evaluation_of_smart_contract_based_Ethereum_wallets___NSS__Camera_re...
Security_evaluation_of_smart_contract_based_Ethereum_wallets___NSS__Camera_re...Security_evaluation_of_smart_contract_based_Ethereum_wallets___NSS__Camera_re...
Security_evaluation_of_smart_contract_based_Ethereum_wallets___NSS__Camera_re...
 
Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS Security
 

More from Sergei Tikhomirov

More from Sergei Tikhomirov (8)

Smartcheck: Static Analysis of Ethereum Smart Contracts
Smartcheck: Static Analysis of Ethereum Smart ContractsSmartcheck: Static Analysis of Ethereum Smart Contracts
Smartcheck: Static Analysis of Ethereum Smart Contracts
 
Privacy preserving KYC on Ethereum
Privacy preserving KYC on EthereumPrivacy preserving KYC on Ethereum
Privacy preserving KYC on Ethereum
 
Bitcoin: money of the future
Bitcoin: money of the futureBitcoin: money of the future
Bitcoin: money of the future
 
Financial Domain-Specific Languages
Financial Domain-Specific LanguagesFinancial Domain-Specific Languages
Financial Domain-Specific Languages
 
Computer Science and Blockchain Research at University of Luxembourg
Computer Science and Blockchain Research at University of LuxembourgComputer Science and Blockchain Research at University of Luxembourg
Computer Science and Blockchain Research at University of Luxembourg
 
Blockchain security research (in 2 minutes)
Blockchain security research (in 2 minutes)Blockchain security research (in 2 minutes)
Blockchain security research (in 2 minutes)
 
Pethreon: recurring payments on Ethereum
Pethreon: recurring payments on EthereumPethreon: recurring payments on Ethereum
Pethreon: recurring payments on Ethereum
 
Bitcoin: деньги будущего
Bitcoin: деньги будущегоBitcoin: деньги будущего
Bitcoin: деньги будущего
 

Recently uploaded

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
Expeed Software
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 

Security challenges in Ethereum smart contract programming

  • 1. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 1/32 Security challenges in Ethereum smart contract programming Sergei Tikhomirov CLUSIL Blockchain series – Installment #4 Luxembourg, 7 September 2017
  • 2. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 2/32 Outline Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion
  • 3. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 3/32 Who am I: Sergei Tikhomirov PhD researcher (SnT / CryptoLUX) Main topic: Ethereum security Previously in code analysis / bug detection
  • 4. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 4/32 Blockchain is a hype Total market cap 8X YTD ICO boom, innovative financial apps
  • 5. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 5/32 Security issues New execution paradigm: trustless network of nodes
  • 6. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 5/32 Security issues New execution paradigm: trustless network of nodes A whole software stack developed from scratch (consensus layer, compilers, VM)
  • 7. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 5/32 Security issues New execution paradigm: trustless network of nodes A whole software stack developed from scratch (consensus layer, compilers, VM) Financially motivated anonymous attackers
  • 8. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 6/32 Massive security breaches The DAO hack (2016) Parity wallet bug (2017)
  • 9. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 7/32 Ethereum in one slide Account: controlled by key (like in Bitcoin) or by code (smart contract)
  • 10. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 7/32 Ethereum in one slide Account: controlled by key (like in Bitcoin) or by code (smart contract) Nodes store state (balances, code, data), execute code, extend blockchain (PoW)
  • 11. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 7/32 Ethereum in one slide Account: controlled by key (like in Bitcoin) or by code (smart contract) Nodes store state (balances, code, data), execute code, extend blockchain (PoW) Developers write contracts in Solidity, compile to bytecode, deploy to blockchain
  • 12. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 7/32 Ethereum in one slide Account: controlled by key (like in Bitcoin) or by code (smart contract) Nodes store state (balances, code, data), execute code, extend blockchain (PoW) Developers write contracts in Solidity, compile to bytecode, deploy to blockchain Users interact with contracts via transactions (e.g., send ether, perform computation)
  • 13. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 8/32 Three types of blockchain devs Core protocol developers create basic infrastructure (virtual machine, compilers, consensus)
  • 14. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 8/32 Three types of blockchain devs Core protocol developers create basic infrastructure (virtual machine, compilers, consensus) Contract developers create contracts on top of basic infrastructure (assuming it works as specified)
  • 15. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 8/32 Three types of blockchain devs Core protocol developers create basic infrastructure (virtual machine, compilers, consensus) Contract developers create contracts on top of basic infrastructure (assuming it works as specified) Dapp developers create blockchain-interfacing apps
  • 16. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 9/32 Five security challenges in Solidity
  • 17. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 10/32 Challenge 1: External calls Ethereum contracts can call other contracts Those can be malicious!
  • 18. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 11/32 Re-entrancy attack: problem 1 mapping (address => uint) private balances; 2 // msg.sender is a user withdrawing their funds 3 function withdraw () public { 4 uint amount = balances[msg.sender ]; 5 if (!( msg.sender.call.value(amount)())) { 6 revert; 7 } 8 balances[msg.sender] = 0; 9 }
  • 19. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 11/32 Re-entrancy attack: problem 1 mapping (address => uint) private balances; 2 // msg.sender is a user withdrawing their funds 3 function withdraw () public { 4 uint amount = balances[msg.sender ]; 5 if (!( msg.sender.call.value(amount)())) { 6 revert; 7 } 8 balances[msg.sender] = 0; 9 } External contract at msg.sender calls withdraw again (line 4), while balance[msg.sender] is still non zero.
  • 20. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 12/32 Re-entrancy attack: solution 1 mapping (address => uint) private balance; 2 function withdraw () public { 3 uint amount = balance[msg.sender ]; 4 balance[msg.sender] = 0; 5 if (!( msg.sender.call.value(amount)())) { 6 revert; 7 } 8 } First update balance[msg.sender] (line 4), then do actual withdraw (line 5) Checks – effects – interactions
  • 21. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 13/32 Challenge 2: Miners’ influence Miners can: Censor transactions (→ DoS)
  • 22. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 13/32 Challenge 2: Miners’ influence Miners can: Censor transactions (→ DoS) Re-order transactions (→ front-running)
  • 23. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 13/32 Challenge 2: Miners’ influence Miners can: Censor transactions (→ DoS) Re-order transactions (→ front-running) Manipulate environment variables (→ insecure randomness)
  • 24. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 14/32 Insecure randomness: problem 1 function determineWinner (address player1 , address player2) 2 returns (address winner) { 3 if (block.timestamp % 2 == 0) { 4 return player1; 5 } else { 6 return player2; 7 } 8 }
  • 25. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 15/32 Insecure randomness: solution Implement a commit-reveal scheme Use secure randomness sources RANDAO Bitcoin blocks via BTCRelay trusted oracles
  • 26. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 16/32 Challenge 3: Immutability Q: Isn’t immutability a good thing?
  • 27. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 16/32 Challenge 3: Immutability Q: Isn’t immutability a good thing? A: Yes, but there is a caveat...
  • 28. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 16/32 Challenge 3: Immutability Q: Isn’t immutability a good thing? A: Yes, but there is a caveat... A deployed contract can’t be patched
  • 29. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 17/32 Example: Black hole contract 1 contract BlackHole { 2 function () payable { } 3 function getBalance () 4 constant 5 returns (uint) { 6 return this.balance; 7 } 8 } The contract can receive ether (line 2), but there is no way to withdraw it (though you can check the balance).
  • 30. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 18/32 Deal with immutability Test contracts fully before deployment Revert payments you don’t expect Avoid unrecoverable states
  • 31. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 19/32 Challenge 4: Privacy All transactions are broadcast in plaintext Anyone can download and analyze history Blockchain analysis tools only get better The private modifier does not hide the variable, it only prevents external contracts from changing it
  • 32. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 20/32 Challenge 5: Execution cost Users pay gas for every execution step Centralized clouds are much cheaper
  • 33. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 20/32 Challenge 5: Execution cost Users pay gas for every execution step Centralized clouds are much cheaper Ethereum is not a ”world computer”... ...and definitely not a cloud storage
  • 34. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 21/32 Gas costs defined in Yellow paper
  • 35. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 22/32 Example: using storage inside loop 1 uint [255] res; 2 function costlyFunction () { 3 for (uint8 i = 0; i < 255; i++) { 4 res[i] = (255 - i) * i; 5 } 6 } Running this costlyFunction is $601 1 5m gas @ 35 gwei, $330 / ETH
  • 36. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 22/32 Example: using storage inside loop 1 uint [255] res; 2 function costlyFunction () { 3 for (uint8 i = 0; i < 255; i++) { 4 res[i] = (255 - i) * i; 5 } 6 } Running this costlyFunction is $601 More importantly, tx’s calling costlyFunction will likely never be confirmed (block limit is around 6.7m gas) 1 5m gas @ 35 gwei, $330 / ETH
  • 37. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 23/32 Optimizing contracts for gas costs Avoid iterating over large arrays Avoid using permanent storage Measure and optimize gas consumption Move all except security critical computations off-chain
  • 38. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 24/32 Five issues: takeaway External = dangerous Miners influence execution Contracts are immutable Blockchain is not private On-chain computation is expensive
  • 39. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 25/32 Writing secure contracts: practical advice
  • 40. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 26/32 Step 1. Write specification Describe what you want before implementing it: you can’t fix incorrect code without defining correct Is public blockchain the right tool? Can you use a database? Permissioned blockchain? Private instance of Ethereum?
  • 41. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 27/32
  • 42. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 28/32 Step 2. Check source code Adhere to best practices Update software (compiler, framework) Run analysis tools (Oyente, Securify, Solgraph)
  • 43. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 29/32 Step 3. Check bytecode Compiler may have bugs Bytecode is what is actually executed Run analysis tools (Dr Y’s analyzer) Run verification tools (not yet available)
  • 44. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 30/32 Step 4. Check dApp as a whole Create tests at early development stages Truffle framework: truffle test Make sure to cover all cases (solidity-coverage)
  • 45. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 31/32 Conclusion Smart contracts are still a new technology Potential is enormous, but security issues are inevitable Tread carefully!
  • 46. Ethereum security challenges Sergei Tikhomirov Introduction Five security challenges in Solidity External calls Miners’ influence Immutability Privacy Execution cost Writing secure contracts: practical advice Conclusion 32/32 Questions? securityandtrust.lu cryptolux.org s-tikhomirov.github.io