Security with Block Chain Technology:Part 3 |(Researching in Smart Contracts- Block Chain)

Security with Block Chain Technology: Part 3 Security by Design | Researching in Smart Contracts- Block Chain

If you are a block chain enthusiast, user, miner or any person involved with the usage of block chain, you will know about Smart Contracts. For people who are new to it, let’s state in simple lines about Smart Contracts:

What are smart contracts?

Smart contracts are part of executable code that automatically runs on the block chain model to execute agreement presets between multiple parties involved in the transaction. Smart contracts allow the performance of credible transactions without third parties. These transactions are trackable and irreversible.

Implementation relies on- Byzantine fault-tolerant algorithms which allows digital security through decentralization to form smart contracts.

Notable examples of implementation of smart contracts include the following:

·         Bitcoin 

·         Ethereum 

·         Ripple (Codius)

Why Smart Contracts security is important:

Smart contracts security is an emerging research area that deals with security issues arising from the execution of smart contracts in a block chain system.

In spite of the fact that block chain is designed to be inherently secure, it is not the case. Smart contracts still have many security issues such as:

·         Public block chains where visibility is expanded.

·         Smart contract code once deployed is hard to patch.

·         Open-source nature: This feature may lead to ease of exploitation of vulnerabilities

·         Lack of skilled secure coding developers in Dapps

·         Reentrancy: Flaw occurs when a contract calls an external contract that takes over the control flow and calls back into the calling contract before the first invocation is finished.

·         Improperly declared self-destruct: Due to missing or insufficient access controls, malicious parties can call the function self-destruct to destruct the contract. Thus, the balance in the destructed contract will be transferred to an unauthorized account.

·         Integer underflow/ overflow: A common finding in source code review of even C/ Java languages. An underflow/overflow occurs when an arithmetic operation reaches the minimum/ maximum) of a declared type

·         Delegate call to untrusted contracts: A special function in contract A , namely delegatecall, may call a function of another untrusted contract B. When calling into contract B , the context such as msg.sender is still identical to the previous context of contract A . Calling into untrusted contract B is very dangerous, because the code in B can change any storage values of A and thus can completely control the balance of A .

·         Transaction order dependence- A contract EthClaimReward will give a reward to the first person who will solve a math problem (the contract owner will initialize the value of the reward by calling the function setReward).

Assuming that a user A solves the problem and submits the answer by calling claimReward with a standard gas price, user B can see the answer that user A just submitted because the ledger is public.

Now user B can resubmit the answer with a much higher gas price, and thus B’s transaction probably gets processed and committed before A’s. In that case, user B will receive the reward even though user A was the first person to solve the problem.

·         Insecure/weak random generation from chain attributes- Attackers can easily predict the random number generated by an algorithm with custom seeds using the corresponding block information.

Fix Scheme. Use a commitment scheme that is carried out in two phases:

·         Timestamp dependence. Smart contracts often use a block timestamp to trigger conditions to execute some critical operations. For example, a smart contract may depend on a block timestamp to send out money. Malicious miners can adjust the timestamp to a specific value that influences the timestamp-dependent condition and favors them.

Fix Scheme. Do not use a block timestamp as a random seed to trigger conditions. Meanwhile, use the previous commitment scheme.

·         Mishandled exceptions. This vulnerability mainly arises from Solidity. If an external function in a contract contains many operations that may use up gas, calling such a costly function may trigger an exception. A mishandled exception may cause an attack, such as DOS (denial of service), on the on-going contract.If a malicious bidder in an auction becomes a leader, he can remain the leader forever because he can prevent anyone else from successfully calling the function bid via a costly fallback function.

Fix Scheme. Set up a pull payment system to isolate each external call into an independent transaction from the function bid so that the recipient of the call can initiate the independent transaction. 

·         Replay attack. By intercepting and replaying the user’s previous digital signatures, a malicious user can impersonate a specific user. By invoking “transferProxy”, a user can transfer tokens with an x amount to another user with valid elliptic curve signature

Let’s see an example here:

Source: https://medium.com/cypher-core/replay-attack-vulnerability-in-ethereum-smart-contracts-introduced-by-transferproxy-124bf3694e25         

·         Alice (sender) initiates a transaction in which 100 Token 1s will be sent to Bob (recipient) and 3 Token 1s will be paid to Proxy as service fee. Alice then signs the transaction with her signature → sig(A,B,100,3).

·          Transaction gets carried out by Proxy. Bob gets 100 Token 1s from Alice.

·          Bob replays Alice’s signature in a new transaction → transferProxy(A,B,100,3,sig) → sig(A,B,100,3).

·          New transaction gets carried out by Proxy. Bob gets 100 Token 2s from Alice without her authorization.

Security Solutions for Smart Contracts

In order to follow security practices and optimum security, it should be noted that smart contracts take time to review and secure implementation is vital not only needs the business of rushing with deployment. A thorough security architecture should be followed starting from design, feasibility of implementation, security assessments and a post implementation defense control and monitoring.

·         Security design

·         Security implementation, Pre deployment testing and 

·         Post Deployment Monitoring and analysis.

 Security Tools

·         Solidity Visual Auditor - This extension contributes security centric syntax and semantic highlighting, a detailed class outline and advanced Solidity code insights to Visual Studio Code

·         Sūrya - Utility tool for smart contract systems, offering a number of visual outputs and information about the contracts' structure. Also supports querying the function call graph.

·         Solgraph - Generates a DOT graph that visualizes function control flow of a Solidity contract and highlights potential security vulnerabilities.

·         EVM Lab - Rich tool package to interact with the EVM. Includes a VM, Etherchain API, and a trace-viewer.

·         ethereum-graph-debugger - A graphical EVM debugger. Displays the entire program control flow graph.

·         Piet - Web application helping understand smart contract architectures. Offers graphical representation and inspection of smart contracts as well as a markdown documentation generator.

·         MythX - Professional security analysis tools and extensions for Remix, VSCode, Truffle, Embark, Guardrails, and other environments (awesome list).

·         Mythril - The Swiss army knife for smart contract security.

·         Slither - Static analysis framework with detectors for many common Solidity issues. It has taint and value tracking capabilities and is written in Python.

·         Contract-Library – De compiler and security analysis tool for all deployed contracts.

·         Echidna - The only available fuzzer for Ethereum software. Uses property testing to generate malicious inputs that break smart contracts.

·         Manticore - Dynamic binary analysis tool with EVM support.

·         Oyente - Analyze Ethereum code to find common vulnerabilities, based on this paper.

·         Securify - Fully automated online static analyzer for smart contracts, providing a security report based on vulnerability patterns.

·         SmartCheck - Static analysis of Solidity source code for security vulnerabilities and best practices.

·         Octopus - Security Analysis tool for Block chain Smart Contracts with support of EVM and (e)WASM.

·         sFuzz - Efficient fuzzer inspired from AFL to find common vulnerabilities. Zeus takes as input contract source code and security policy (written in XACML-styled templates). It performs static analysis atop the source code to determine the points at which the verification predicates must be asserted.

·         Chaincode Scanner is a static security analyzer designed for Fabric smart contracts. It often takes smart contracts written in the Go language as input.

·         Zeus takes as input contract source code and security policy (written in XACML-styled templates). It performs static analysis atop the source code to determine the points at which the verification predicates must be asserted.

About the author:

Samrat Das is a security consultant having 5+ years of experience in multiple security domains with a research background currently working with KPMG UAE. He’s mostly interested in learning in and out on emerging technologies including block chain, machine learning, Internet of things etc.

His other interests involve telecom security research, malware analysis, reverse engineering fuzzing on technologies and breaking and building secure stuff. He can be reached on sam9318@gmail.com or https://www.linkedin.com/in/samratd9/