Presentation is loading. Please wait.

Presentation is loading. Please wait.

DAO for penetration testers

Published byJulie Palmer Modified over 6 years ago

Similar presentations

Presentation on theme: "DAO for penetration testers"— Presentation transcript:

1 DAO for penetration testers
A talk by Pertsev Alexey But mom calls

2 #whoami Security researcher (for live)
Penetration tester (by profession) Smart Contract developer/auditor (for you)

3 Agenda DAO? How does it work? Solidity in depth Tools
Client-side vulnerabilities Usual attack vectors at ICO address changing Most expensive attacks Along all – Digital Security ICO writeup!

4 DApp and DAO Call results, events… address = “0xdeadbeef…”
HTTP Requests ABI = [{“name”: “crowdsale”…}] Transaction Transaction web3 object Geth Parity cpp-Ethereum Requests Call results, events…

5 Smart Contract’s Vulns/Attacks/Features
Blockchain features: Front-running attack Timestamp dependency Generating randomness Unpredictable state Solidity features: Reentrancy Call of unknown Gasless send Exception disorders DOS Type confusion Uninitialized variable Keeping secrets EVM features: Short Address Attack Blockhash dependency Integer overflow Logical (contract features): Do it yourself :)

6 Front-running attack How do miners order transactions at block before mining? Answer: gasPrice and then nonce What can we do? Front-running attack! Case: Dsec ICO lottery In while case: Bancor exchange Mitigations: tx.gasprice Pending Block Lottery robot TX: {gasPrice: N, input: X} Player TX: {gasPrice: N+1, input: X} Be aware! Miners can order transactions as they wish! (infura?)

7 Timestamp dependency What is timestamp of block (for Solidity block.timestamp)? According to a yellow paper: Hs is timestamp of block H and must fulfil the relation: Hs > P(H)Hs Along with Geth source code “says”: Take into account: time to next block is about sec… Miner can manipulate block.timestamp in several seconds at least! Don’t use it for: entropy source determining of “winner”

8 Short Address Attack function transfer(address _to, uint256 _value) { … } Attacker address: 0xc24c2841b87694e546a093ac0da6565c8fdd1800; value: 1 TX.input: 0xa9059cbb0000…000c24c2841b87694e546a093ac0da6565c8fdd …001 After attack: value *= 2(zero_bytes_count * 8) Attacker address: 0xc24c2841b87694e546a093ac0da6565c8fdd1800; value: 1 TX.input: 0xa9059cbb0000…000c24c2841b87694e546a093ac0da6565c8fdd18000…001 00 func signature (4 bytes) address _to (32 bytes) amount _value(32bytes) Protection? Check msg.data.length = * args.count Swap args? The client side software is fully responsible for preventing this attack! just live with that :)

9 Blockhash dependency block.blockhash(uint blockNumber) returns (bytes32): hash of the given block - only works for 256 most recent blocks! smartbillions lottery just got hacked Don’t use blockhash of current block also! Malicious miner can cheat here. martin.swende.se/blog

10 Reentrancy, Call of unknown, Gasless send, Exception disorders
Is there another way to transfer money? Send() Transfer() Sure?

11 Type confusion bytes4(sha3(“obtainDamage(uint256)") != bytes4(sha3(“obtainDamage(uint8)") Don’t trust an ABI contract! Compile smartcontract and diff bytecode with bytecode at blockchain.

12 Uninitialized variable
Solidity memory types: Storage – storage keyword Memory – memory keyword Calldata – … (args in external) // rewrited! // rewrited too! To fix: Use memory keyword and/or constant modifier (or modern view and pure)

13 And others tricks… Not relevant anymore:
// 10 and float yet not implemented Not relevant anymore: Stack overflow exception - EIP-150 ERC20 double spending – Zeppelin fix // 0 // 2** // access control only! Use encryption for secrets keeping. // 20

14 Logical Forgotten access modifiers
Misspelled identifications (variables, functions) Huge number of various race conditions etc…

15 Logical – DSec ICO

16 Logical – Parity multySig
Fix initWallet function:

17 Logical – Parity multiSig
V2 Logical – Parity multiSig $300М HACK

18 Tools Symbolic (concolic) execution:
Oyente (has remix built-in version) Manticore (EVM opcodes support) Dry-analyzer (has online version) Static analysis: remix.ethereum.org (best IDE) securify.ch (online!) Solc compiler Linters (Solint, Solcheck, etc) Debug: remix.ethereum.org Radare2 in progress) Testing: Truffle develop framework web3.(py|js|hs|j) - geth JSON RPC Other smart contract as tester Multitool: Mythril Porosity (Quorum DLC)

19 Client side vulnerabilities and Vectors
Blockchain aside, can I hack DAO without smart contract knowledge? XSS Fishing Site defacement + clipboard manipulation etc… And other vectors: Weak passwords for Social Network accounts (twitter, slack, FB, etc.) Hack related infrastructure and do pivoting Attack on an unlocked wallet (JSON RPC) – origin: *

20 Blockchain stored XSS Protect: Don’t trust user data! Always cast, validate, sanitize and escape (order is vital!)

21 Fishing Three steps to fishing:
Register a domain name similar to that of a victim: icokoi.co -> icokoi.com Copy a victim website and replace ICO smart contact address Spam spam spam! Mitigations: Be offensive! Monitor similar domains and inform users (URLCrazy) Metamask EtherAddressLookup blacklist Register fishing sites at local DNS and resolve them to alert page (for a team only). 

22 Site defacement and Clipboard manipulation
Easy to understand: Hack website -> full control information on it Change ICO address to your own Or more tricky… Clipboard manipulation:

23 Weak passwords $500k HACK There is nothing new… But again and again.
Protection? You already know: 2FA Password managers Mnemonics etc. $500k HACK

24 Attack to unlocked wallet
Default behaive: Try send TX to RCP -> “authentication needed: password or unlock” What developer do: personal.account(eth.coinbase, 'notReallyStrongPass', 0) --unlock “0” --password “path/pass” But not work for browser IDE yet: --rpccorsdomain “*” Сonsequences: Any website or program can silently send transaction as developer

25 Pivoting Attack surface: Smart Contract Interfaces (web)
Social network and accounts Third-party Lib/Apps/Chats/API Oracles (Shapeshift and similar) Mail/VPN/WEB/Mobile/… server ALL hosts you control (including laptops) Numerous attack vectors!

26 Recommendations Smart Contract security: Best practices Code audit
Bug Bounty (it almost free for you!) Infrastructure: Best practices Audit / Security assessment / Penetration testing Close/hide all unimportant

27 Pertsev Alexey @p4lex (telegram) a.pertsev@dsec.ru
Let’s talk DAO for penetration testers Pertsev (telegram)

Download ppt "DAO for penetration testers"

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Chapter 4 Application Security Knowledge and Test Prep

Chapter 4 Application Security Knowledge and Test Prep
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
Evaluating Web Server Log Analysis Tools David Strom SD’98 2/13/98.

Evaluating Web Server Log Analysis Tools David Strom SD’98 2/13/98.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Federal Student Aid Identification username and password – this is how students and parents will sign the FAFSA application. The FSA ID process replaced.

Federal Student Aid Identification username and password – this is how students and parents will sign the FAFSA application. The FSA ID process replaced.
CSCI 6962: Server-side Design and Programming Secure Web Programming.

CSCI 6962: Server-side Design and Programming Secure Web Programming.
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.

Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.
Bitcoin (what, why and how?)

Bitcoin (what, why and how?)
© All rights reserved. Zend Technologies, Inc. PHP Security Kevin Schroeder Zend Technologies.

© All rights reserved. Zend Technologies, Inc. PHP Security Kevin Schroeder Zend Technologies.
Buffer Overflows Lesson 14. Example of poor programming/errors Buffer Overflows result of poor programming practice use of functions such as gets and.

Buffer Overflows Lesson 14. Example of poor programming/errors Buffer Overflows result of poor programming practice use of functions such as gets and.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Feedback #2 (under assignments) Lecture Code:

Feedback #2 (under assignments) Lecture Code:
Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim 09.11.2004.

Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim
OWASP Top Ten #1 Unvalidated Input. Agenda What is the OWASP Top 10? Where can I find it? What is Unvalidated Input? What environments are effected? How.

OWASP Top Ten #1 Unvalidated Input. Agenda What is the OWASP Top 10? Where can I find it? What is Unvalidated Input? What environments are effected? How.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Intro to Block Chain Bitcoin. Blocks ●Ethereum - block chain ●Dogecoin - block chain ●Ripple - not a block chain ●Stellar - not a block chain ●Bitcoin.

Intro to Block Chain Bitcoin. Blocks ●Ethereum - block chain ●Dogecoin - block chain ●Ripple - not a block chain ●Stellar - not a block chain ●Bitcoin.
Web2.0 Secure Development Practice Bruce Xia

Web2.0 Secure Development Practice Bruce Xia

Similar presentations

Ads by Google