Bugs in the Blockchain and “Contractual” Vulnerability Stark Riedesel

Image source: https://davidgerard. co

Overview Define Blockchain Define Smart Contract Apply AppSec

What’s a Blockchain? A (write-once) database with state changes Coin moves from owner A to owner B Balance of wallet A changes from X to Y Coin XYZ was created and debited to owner A Coin XYZ was destroyed by owner A Data stored at Z location has been changed to X Event A has been triggered with data X, Y, and Z Similar to git, users maintain a full history History is independently verifiable P2P Message passing (RPC) Image source: https://github.com/ethereum/wiki/wiki/White-Paper

Source: https://github.com/ethereum/wiki/wiki/White-Paper

Why is it “Secure”? Immutability Proof of Work (PoW) aka. Mining SHA/Scrypt/Ethash/Equihash/etc… Hash of previous block + Timestamp Proof of Work (PoW) aka. Mining Computationally intensive Ensures history cannot change Adjustable “Difficulty” Hard to compute <-> Easy to check Decentralization All nodes have same data - “Public Ledger” Each (full) node verifies complete history Uses established public-key algorithms (ex. ECDSA) Image source: https://github.com/ethereum/wiki/wiki/White-Paper

What does the blockchain Look Like? https://blockchain.info/ https://etherscan.io/

Types of Blockchains Public Chains Private Chains Quorum Bitcoin (currency BTC) The “original” and largest ($250b mkt cap) Ethereum (currency ETH) The “original” smart contracting ledger Monero (currency XMR) Private transactions on a public chain Ripple (currency XRP) Bank-to-Bank settlements platform Cardano (currency ADA) Proof-of-Stake (not yet deployed) Quorum JPMC fork of Ethereum for permissioned chains Proof-of-Authority (PoA) Chain code uses EVM (Ethereum virtual machine) Hyper Ledger Fabric Permissioned chain for generic state changes Chain code (usually) written in Go State database usually CouchBase (JSON support)

Attacks on the Chain Double Spend - Sybil attack (51% attack) Longest chain is the most trusted chain Attacker creates longer chain by mining faster than the rest of the network Attacker slows/prevents block relaying Protected by block rewards incentivizing mining Mining “pools” exacerbate issue Small chains especially vulnerable

Extending the Blockchain Embed “code” within a transaction Application state  Blockchain state Database contains: Contracts (addresses mapped to chain code) Contract storage (sparse hash map of memory address to value) Balance sheet (addresses mapped to value) Code is immutable Code defines how state can change Transactions “call” contract functions Fully decentralized web applications (web3.0) Ethereum contracts provide application logic Geth/Parity node runs on client Web3.js communicates with Geth to query state and send transactions https://metamask.io/

Smart Contract Use Cases Tokens (ICO fundraising) Prediction Markets Online gaming Trade settlements (financial services) Legal contracting (ex. insurance) Licensing (ex. copywrites, patents, software licenses) Decentralized Autonomous Organizations (DAO)

What Does a Contract Look like? Solidity http://truffleframework.com/boxes/metacoin

What Does a Contract Look like? EVM Bytecode http://truffleframework.com/boxes/metacoin

Smart Contract Weaknesses Secrecy is hard Everything is public by design Contract code & storage Transaction contents Private modifier does nothing for secrecy

Smart Contract Weaknesses AuthZ is hard Public blockchains means anyone can call your functions Each function must explicitly check for auth Internal functions must be marked “internal”

Smart Contract Weaknesses Integers are hard 0 – 1 = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Very common vuln Can lead to buffer overruns (array length underflow) Use SafeMath

Smart Contract Weaknesses Concurrency is hard Order of operations matter Revert only undoes your own state Sending transactions can have side-effects Sending ETH can invoke a receiving function (reentrancy bugs)

Smart Contract Weaknesses Randomness is hard All nodes in the chain must agree on computation Poor sources of entropy in chain

Tools for the Smart Contracting Truffle: development build framework Ganache: CLI/GUI fake blockchain for testing/development (instant mining, now PoW) Geth: Official Ethereum client written in Go (most common) Parity: Ethereum client written in Rust (second most common) Solc: Solidity compiler Mist: Official Ethereum web browser (built-in Ethereum client and web3 engine) Metamask: Chrome/Firefox extension for connecting to Ethereum networks Porosity: Ethereum decompiler/disassembler Solhint: Solidity linter and static code analysis Mythril: Ethereum contract search tool and static analysis engine DappHub: Collection of useful utilities for developing, testing, and hacking on Ethereum https://github.com/starkriedesel/BlockchainToolbox

Image Source: https://congacomic.tumblr.com/ Questions?