While part 1 discussed some or obvious vulnerabilities, this post is about vulnerabilities that HAV E not been exploited widely yet.
Let's skip the introduction and jump straight to them: 4 forcing Ether to a contract
Solidity ' s selfdestruct does two things. It renders the contract useless, effectively deleting the bytecode at this address. It sends all the contract's funds to a target address.
The special case has here, which is this if the receiving address are a contract, its fallback function does not get executed.
This means the if a contract ' s function has a conditional statement that depends on that contract ' s balance being below a Certain amount, that statement can be potentially bypassed:
Due to the throwing fallback function, normally the contract cannot receive ether. However, if a contract selfdestructs with this contract as a target, the fallback function does not get called. As a result this.balance becomes greater than 0, and thus the attacker can bypass the require statement in Onlynonzerobala nCE
Mitigation:never use a contract ' s balance as a guard. 5. Call to the Unknown (DoS with unexpected revert)
This is vulnerability appeared in the King of the Ether Smart contract.
In this case, a attacker ' s contract could the claim leadership by sending enough ether to the insecure. Then, the transactions of another player who would attempt to claim leadership would the throw due to the above Ppet.
Although a simple attack, this causes a permanent denial for service to the contract rendering it useless. This can is found in the Ponzi scheme contracts that follow the same pattern. 6. Short Address Attack
This attack is discovered by the Golem team and described into this article. This is vulnerability allows a attacker to abuse the transfer function and withdraw a larger amount of ERC20 tokens than is allowed to.
Note:for simplicity we ' ll use words half the normal size.
To explain it bug let's consider an exchange has a wallet with 10000 tokens and a user with a balance of That exchange ' s wallet. Let's also consider that this user's address Is0x12345600-notice the trailing zeroes-and that they want Amount larger than their balance. To do this they would go to the exchange and click the token's withdraw button and input their address without the Trailin G Zeroes (the Exchange does not perform input validation and allows the transaction to go through, even though the Attacke R ' s address length is invalid).
Then, the EVM calculates, the input data for the transaction to is executed by concatenating the function ' s signature and T He arguments.
The ERC20 ' s transfer function is formulated as transfer (address to, uint256 amount). The 3 fields would be as follows:
SIG:A9059CBB = WEB3.SHA3 ("Transfer (ADDRESS,UINT256)"). Slice (0,10)
arg1:123456 = receiving address
arg2 : 00000020 = hexademical (0x20)
----------------------------------------
CONCATENATED:A9059CBB 123456 00000020
Transaction input data:0xa9059cbb12345600000020
The Vulnerability
Looking closely, the transaction ' s length is 2 bytes shorter (4 bytes in the real world with full words). The EVM in this case would pad the transaction with trailing zeroes, resulting in:
0xa9059cbb1234560000002000
A9059CBB = WEB3.SHA3 ("Transfer (ADDRESS,UINT256)"). Slice (0,10)
//12345600 = Receiving address
// 00002000 = 8192 in hexademical (0x2000 = = 0x20<<8)
That way, even though the attacker's balance according to the "Exchange is" tokens, they are to execute a able Legitimate transfer for a amount is a much larger. This is course relies on the fact so sending account (the exchange's wallet) has enough for the balance.
Mitigations:throw The If Msg.data has invalid size exchanges must perform input validation Reddit comment describing Validati ng msg.data size Bonus:
ALWAYS avoid the "use of" and Block.blockhash for your contract ' s business logic as their results are predictable or can Be manipulated by miners. More on that. What can I do towards securing my Smart contracts?
This is has been mentioned in many places, I personal favorite being here.
Among others, my most important picks Are:don ' t write fancy code with audited and tested code write as many unit tests as Possible What tools can I use to audit and analyze my code?
All, Solc performing semantic checking are a huge step towards security as potential mistakes get found at Compila tion time. securify.ch is a static analysis tool for Smart contracts. Remix also performs static analysis to your code and are able to spot bugs such as uninitialized storage pointers and Reent Rancy. Oyente is another recently announced analysis tool to Smart contracts Hydra is a ' framework for cryptoeconomic contract s ecurity, decentralized security bounties ' porosity is a ' decompiler for blockchain-based ethereum smart-contracts ' Mantico Re is a dynamic binary analysis tool and EVM support Ethersplay is a binary Ninja for plugin
Finally, visualizing your code by using tools such as solgraph can help you find potential bugs regarding functions ' Visib Ility. Https://github.com/raineorshine/solgraph
Note:devcon3 Day 2 is filled with contract security talks, I definitely recommend watching them [1,2].
For a, in-depth read on attacks on smart contracts refer to:the underhanded solidity Contest [1,2,3] trailofbits/not- So-smart-contracts A Survey of attacks on Ethereum smart Contracts Smart contract Best Practices-known attacks onward WI Th Smart Contract Security
Can practice your Smart Contract hacking skills At:ethernaut (requires Ropsten account) Testnet (hackthiscontract Uires Rinkeby testnet account)