An updated version of https://www.slideshare.net/SergeiTikhomirov/security-challenges-in-ethereum-smart-contract-programming
Video (Russian): https://youtu.be/FbZTJE7b5e8
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
Security challenges in Ethereum smart contract programming (ver. 2)
1. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
1/36
Security challenges in Ethereum smart
contract programming
Sergei Tikhomirov
SnT, University of Luxembourg
2. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
2/36
Outline
Introduction
Six security challenges in Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure contracts: practical advice
Conclusion
3. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
3/36
Who am I: Sergei Tikhomirov
PhD researcher (University of Luxembourg)
Topics: blockchain security and privacy
Previously in code analysis / bug detection
4. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
4/36
Blockchain is a hype
Total market cap 9X since 1 January 2017
ICO boom, innovative dApps
5. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
5/36
Security issues
New execution paradigm: trustless network of nodes
6. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
5/36
Security issues
New execution paradigm: trustless network of nodes
A whole software stack developed from scratch
(consensus layer, compilers, VM)
7. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
5/36
Security issues
New execution paradigm: trustless network of nodes
A whole software stack developed from scratch
(consensus layer, compilers, VM)
Financially motivated anonymous attackers
8. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
6/36
Massive security breaches
The DAO hack (2016)
Parity wallet bug (2017)
9. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
7/36
Ethereum in one slide
Account: controlled by key (like in Bitcoin) or by code
(smart contract)
10. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
7/36
Ethereum in one slide
Account: controlled by key (like in Bitcoin) or by code
(smart contract)
Nodes store state (balances, code, data), execute code,
extend blockchain (PoW)
11. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
7/36
Ethereum in one slide
Account: controlled by key (like in Bitcoin) or by code
(smart contract)
Nodes store state (balances, code, data), execute code,
extend blockchain (PoW)
Developers write contracts in Solidity, compile to
bytecode, deploy to blockchain
12. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
7/36
Ethereum in one slide
Account: controlled by key (like in Bitcoin) or by code
(smart contract)
Nodes store state (balances, code, data), execute code,
extend blockchain (PoW)
Developers write contracts in Solidity, compile to
bytecode, deploy to blockchain
Users interact with contracts via transactions
(e.g., send ether, perform computation)
13. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
8/36
Three types of blockchain devs
Core protocol developers create basic infrastructure
(virtual machine, compilers, consensus)
14. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
8/36
Three types of blockchain devs
Core protocol developers create basic infrastructure
(virtual machine, compilers, consensus)
Contract developers create contracts on top of
basic infrastructure (assuming it works as specified)
15. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
8/36
Three types of blockchain devs
Core protocol developers create basic infrastructure
(virtual machine, compilers, consensus)
Contract developers create contracts on top of
basic infrastructure (assuming it works as specified)
Dapp developers create blockchain-interfacing apps
16. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
9/36
Six security challenges in Solidity
17. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
10/36
Challenge 1: External calls
Ethereum contracts can call other contracts
Those can be malicious!
18. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
11/36
Re-entrancy attack: problem
1 mapping (address => uint) private balances;
2 // msg.sender is a user withdrawing funds
3 function withdraw () public {
4 uint amount = balances[msg.sender ];
5 if (!( msg.sender.call.value(amount)())) {
6 revert;
7 }
8 balances[msg.sender] = 0;
9 }
19. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
11/36
Re-entrancy attack: problem
1 mapping (address => uint) private balances;
2 // msg.sender is a user withdrawing funds
3 function withdraw () public {
4 uint amount = balances[msg.sender ];
5 if (!( msg.sender.call.value(amount)())) {
6 revert;
7 }
8 balances[msg.sender] = 0;
9 }
External contract at msg.sender calls withdraw again
(line 4), while balance[msg.sender] is still non zero.
20. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
12/36
Re-entrancy attack: solution
1 mapping (address => uint) private balance;
2 function withdraw () public {
3 uint amount = balance[msg.sender ];
4 balance[msg.sender] = 0;
5 if (!( msg.sender.call.value(amount)())) {
6 revert;
7 }
8 }
First update balance[msg.sender] (line 4), then do
actual withdraw (line 5)
Checks – effects – interactions
21. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
13/36
Methods of ether transter
What’s the difference?
1 address.call.value (1 ether);
2 address.send (1 ether);
3 address.transfer (1 ether);
22. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
13/36
Methods of ether transter
What’s the difference?
1 address.call.value (1 ether);
2 address.send (1 ether);
3 address.transfer (1 ether);
call.value – forwards all gas (re-entrancy)
23. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
13/36
Methods of ether transter
What’s the difference?
1 address.call.value (1 ether);
2 address.send (1 ether);
3 address.transfer (1 ether);
call.value – forwards all gas (re-entrancy)
send – 2300 gas stipend (check return value!)
24. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
13/36
Methods of ether transter
What’s the difference?
1 address.call.value (1 ether);
2 address.send (1 ether);
3 address.transfer (1 ether);
call.value – forwards all gas (re-entrancy)
send – 2300 gas stipend (check return value!)
transfer = if (!send() revert;) – preferable
29. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
16/36
Insecure randomness: solution
Implement a commit-reveal scheme
Use secure randomness sources
RANDAO
Bitcoin blocks via BTCRelay
trusted oracles
30. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
17/36
Challenge 3: Immutability
Q: Isn’t immutability a good thing?
31. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
17/36
Challenge 3: Immutability
Q: Isn’t immutability a good thing?
A: Yes, but there is a caveat...
32. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
17/36
Challenge 3: Immutability
Q: Isn’t immutability a good thing?
A: Yes, but there is a caveat...
A deployed contract can’t be patched
33. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
18/36
Example: Black hole contract
1 contract BlackHole {
2 function () payable { }
3 function getBalance ()
4 constant
5 returns (uint) {
6 return this.balance;
7 }
8 }
The contract can receive ether (line 2), but there is no way
to withdraw it (though you can check the balance).
34. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
19/36
Deal with immutability
Test contracts fully before deployment
Revert payments you don’t expect
Avoid unrecoverable states
35. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
20/36
Challenge 4: Privacy
All transactions are broadcast in plaintext
Anyone can download and analyze history
Blockchain analysis tools only get better
The private modifier does not hide the variable,
it only prevents external contracts from changing it
36. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
21/36
Challenge 5: Execution cost
Users pay gas for every execution step
Centralized clouds are much cheaper
37. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
21/36
Challenge 5: Execution cost
Users pay gas for every execution step
Centralized clouds are much cheaper
Ethereum is not a ”world computer”...
...and definitely not a cloud storage
38. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
22/36
Gas costs defined in Yellow paper
39. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
23/36
Example: using storage inside loop
1 uint [255] res;
2 function costlyFunction () {
3 for (uint8 i = 0; i < 255; i++) {
4 res[i] = (255 - i) * i;
5 }
6 }
Running this costlyFunction is $601
1
5m gas @ 35 gwei, $330 / ETH
40. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
23/36
Example: using storage inside loop
1 uint [255] res;
2 function costlyFunction () {
3 for (uint8 i = 0; i < 255; i++) {
4 res[i] = (255 - i) * i;
5 }
6 }
Running this costlyFunction is $601
More importantly, tx’s calling costlyFunction will likely
never be confirmed (block limit is around 6.7m gas)
1
5m gas @ 35 gwei, $330 / ETH
41. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
24/36
Optimizing contracts for gas costs
Avoid iterating over large arrays
Avoid using permanent storage
Measure and optimize gas consumption
Move all except security critical computations off-chain
42. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
25/36
Challenge 6: Subtleties
Solidity / EVM subtleties cause bugs if not accounted for.
43. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
26/36
Example: Loop
1 for (var i = 0; i < 300; i++) {
2 foo();
3 }
44. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
26/36
Example: Loop
1 for (var i = 0; i < 300; i++) {
2 foo();
3 }
Type of i is inferred to uint8
Overflow at step 256
49. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
30/36
Step 1. Write specification
Describe what you want before implementing it: you
can’t fix incorrect code without defining correct
Is public blockchain the right tool?
Can you use a database? Permissioned blockchain?
Private instance of Ethereum?
51. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
32/36
Step 2. Check source code
Adhere to best practices
Update software (compiler, framework)
Run analysis tools (Oyente, Securify, Solgraph)
Do external audits
52. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
33/36
Step 3. Check bytecode
Compiler may have bugs
Bytecode is what is actually executed
Run analysis tools (Dr Y’s analyzer)
Run verification tools (not yet available)
53. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
34/36
Step 4. Check dApp as a whole
Create tests at early development stages
Truffle framework: truffle test
Make sure to cover all cases (solidity-coverage)
54. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
35/36
Conclusion
Smart contracts are still a new technology
Potential is enormous, but security issues are inevitable
Tread carefully!
55. Ethereum security
challenges
Sergei Tikhomirov
Introduction
Six security
challenges in
Solidity
External calls
Miners’ influence
Immutability
Privacy
Execution cost
Subtleties
Writing secure
contracts:
practical advice
Conclusion
36/36
Questions?
s-tikhomirov.github.io