Online Courses
Blockchain Security
Online Courses
Blockchain Security
  • Blockchain Security
  • Fundamentals of Blockchain Security
    • Introduction to blockchain
    • The promises of blockchain
    • Inside the blockchain hype
    • Blockchain structures
    • What is public-key cryptography?
      • How does public-key cryptography work?
      • Public-key cryptography in the blockchain
    • Security assumptions of public-key cryptography
      • Quantum computing
    • Hash function in blockchain
      • Properties of hash functions
      • Hash functions in the blockchain
      • Blockchain security hash key functions
    • Quiz
  • Consensus Algorithm Security
    • Introduction
      • The Byzantine generals problem
      • Security via scarcity
      • Common blockchain consensus algorithms
      • The longest chain rule
    • Proof of work
      • Inside PoW mining
    • Attacking proof of work
      • The 51% attack
      • Denial of service: Artificial difficulty increases
    • Proof of stake
      • Choosing the block creator
    • Attacking PoS consensus
      • XX% attack and the PoS "timebomb"
      • Fake stake attacks
      • Long-range attack
      • Nothing at stake problem
      • Sour milk attack
    • Quiz
  • Blockchain in Action
    • Nodes and network
      • Inside the node
      • How blocks are created
    • Attacking block creation
      • Denial-of-service
      • Frontrunning
      • Selfish mining
      • SPV mining
    • Attacking blockchain nodes
      • Blockchain software misconfiguration
      • Denial of service
      • Malicious transactions
    • Attacking the blockchain network
      • Eclipse attack
      • Routing attack
      • Sybil attack
    • Quiz
  • Smart Contract Security
    • What are smart contracts?
      • Smart contracts
    • General programming vulnerabilities
      • Arithmetic vulnerabilities
      • Right-to-left control character
    • Blockchain vulnerabilities
    • Ethereum vulnerabilities
    • Quiz
  • Beyond the Basics
    • Alternative distributed ledger architectures
      • Introduction to DAGs
      • Introduction to block lattices
      • Introduction to sidechains
    • Second-level blockchain protocols
      • How a state channel works
    • Advanced cryptography in blockchain
      • Multisignatures
      • Zero-knowledge proofs
      • Stealth addresses
      • Ring signatures
      • Commitment schemes
    • Quiz
  • Cumulative Quiz
Powered by GitBook
On this page
  • Access control
  • Bad randomness
  • Denial of Service
  • Frontrunnning
  • Timestamp dependence
  1. Smart Contract Security

Blockchain vulnerabilities

Smart contracts are programs that run on top of a blockchain network

The underlying blockchain infrastructure creates unique vulnerabilities:

  • Access control

  • Bad randomness

  • Denial of Service

  • Frontrunning

  • Timestamp dependence

Access control

function initContract() public {
    owner = msg.sender
}

Smart contracts commonly have functions that transfer "ownership" of the contract to a particular address, this gives the owner access to protected functionality

If these functions are poorly implemented, an unauthorized user can gain contract ownership

Bad randomness

function play() public payable {
    require(msg.value >= 1 ether);
    if (block.blockhash(blockNumber) % 2 == 0){
        msg.sender.transfer(this.balance)
    }
}

Smart contracts commonly require access to a strong source of randomness:

  • Gambling

  • Contests

  • etc

There are many "wrong" ways to generate random numbers in a smart contract:

  • Based on embedded "secret" values

  • Using embedded "secret" code

  • Based on mining activity

Denial of Service

Blockchain users are dependent upon blockchain nodes to add their transactions to blocks

A smart contract can be the target of a DoS attack if:

  • Transactions to the contract are ignored by a block creator

  • Blockchain nodes do not propagate a transaction through the network

  • The node creating a transaction or the block containing it is the target of a DoS attack

Frontrunnning

Frontrunning attacks take advantage of the block creation process. Transactions with higher fees are more likely to be added to a block first.

Smart contracts that rely upon a "first come, first served" model are vulnerable to attack

If an attacker sees a transaction and rapidly sends out a similar or conflicting transaction with a higher transaction fee, it is likely to be processed first

contract King is Ownable {
    address public king;
    uint public prize;
    
    function King() public payable {
        king = msg.sender;
        prize = msg.value;
    }
    
    function() external payable {
        require(msg.value >= value || msg.value == owner);
        king.transfer(msg.value);
        king = msg.sender;
        prize = msg.value;        
    }
}

King of the Ether code from Ethereum is applicable to other smart contracts

Lines 10-15 are an example of a fallback function

Order of operations is very important in this example

The order dependency of the program creates the vulnerability

Timestamp dependence

function play() public {
    require(now > 1521763200 && neverPlayed == true);
    neverPlayed = false;
    msg.sender.transfer(1500 ether);
}

Smart contracts may be designed to execute after a certain time:

  • Contests

  • Contracts

  • etc

These timestamps are typically based upon the timestamp of a given block

Block timestamps are flexible and under the control of the block creator

PreviousRight-to-left control characterNextEthereum vulnerabilities

Last updated 8 months ago