blockchain vulnerabilities and exploitation in practice
play

Blockchain vulnerabilities and exploitation in practice Workshop - PowerPoint PPT Presentation

Mar 01, 2023 •394 likes •1.17k views

Blockchain vulnerabilities and exploitation in practice Workshop November 7, 2019 Nils Amiet BlackAlps19 Who am I? Nils Amiet Research team @ Public speaker From Switzerland 2 Table of Contents What

  1. Blockchain vulnerabilities and exploitation in practice Workshop November 7, 2019 Nils Amiet BlackAlps19

  2. Who am I? ● Nils Amiet ● Research team @ ● Public speaker ● From Switzerland 2

  3. Table of Contents ● What is a Blockchain? ● Components in a blockchain ecosystem ● Smart contracts and decentralized applications ● Vulnerabilities and exploitation ● Existing tools 3

  4. What is a blockchain ● List of records/transactions ● Transactions are bundled inside blocks ● Each block references the previous block ● Each node has a local copy ● Immutable, append-only ● Decentralized trust ● Tamper-proof source of trust 4

  5. Blockchain uses ● Cryptocurrencies ● Supply chain tracking ● Online voting ● Document signing ● Digital identity ● ... ● Games ● Authentication ● … 5

  6. Do you need a blockchain? 6

  7. Blockchain mining ● Each node participates ● Transaction pool ● Transactions are put into blocks ● Blocks are mined ● Proof-of-work consensus ● Block difficulty/target – Target is deterministic, depends on previous block times, changes every N blocks – hash(block) must be <= target – Increment block field and recompute hash until true – When true => block is mined 7

  8. Blockchain ecosystem components ● Base blockchains – Node software – Software wallets – Hardware wallets ● Exchanges – Web apps – REST APIs – Decentralized exchanges ● Decentralized apps – Smart contracts – Web apps – Heavy clients – Mobile apps ● E-commerce sites – Accept cryptocurrency payments 8 ● Many existing solutions

  9. Future of blockchains ● Only the first “wave” of blockchains so far ● Lessons learned ● Building better blockchains ● Current problems – Scaling ● Blockchain size is huge and growing fast ● Transaction throughput is limited compared to traditional solutions – Latency can be a problem for Dapps and payments – Environmental cost – Privacy – Security 9

  10. Smart contracts and DApps ● Ethereum – Most used for DApps – Average block time = 13 seconds ● Bitcoin = 10 minutes ● https://ethstats.net, https://bitinfocharts.com, https://etherscan.io/charts – Ethereum Virtual Machine (EVM) – Accounts have an address (160-bit long) – 2 types of accounts ● Externally Owned Accounts (EOAs) => for regular wallets ● Contract accounts => for smart contracts – Dapps ● https://stateofthedapps.com, https://dapp.com, https://dappradar.com ● Interacting with contracts – Web3 (Javascript API), Truffle framework, Embark – Metamask 10

  11. EVM ● Stack-based VM ● 256-bit words ● Stack max size = 1024 ● Takes gas to execute – Gas price, gas limit – https://github.com/djrtwo/evm-opcode-gas-costs ● Currently ~140 opcodes (1 byte long => max 256 opcodes) – Said to be “quasi” turing complete (only limited by gas) – https://ethervm.io ● Executed by miners who validate transactions ● Bytecode is executed ● High-level language compilers convert language to bytecode 11

  12. Smart contract architecture ● 256 bit architecture – Word = 32 bytes ● Storage – 2^256 slots of 32 bytes each – SLOAD: load word from storage to stack – SSTORE: save word to storage – web3.eth.getStorageAt(addressHexString, position [, defaultBlock] [, callback]) ● Stack – 1024 items of 32 bytes each (= 256 bits) – PUSH1, DUP1, SWAP1, POP ● Memory – MLOAD: read 32 byte word – MSTORE (store word), MSTORE8 (8 bits) 12

  13. Smart contract opcodes ● SELFDESTRUCT: destroys contract and send funds to address ● CALL: call another contract’s method ● DELEGATECALL: call another contract’s method using storage of current contract ● Arithmetic operations: ADD, MUL, SUB, DIV, etc. ● See https://ethervm.io 13

  14. Smart contract structure ● Functions – https://www.4byte.directory – Payable functions ● Constructor ● Default function (!) ● Variables ● Balance 14

  15. Smart contract deployment and call ● Compile language to EVM bytecode ● Make transaction to “0” address – Pass constructor bytecode as “data” – Constructor bytecode initializes contract and returns runtime bytecode ● Receive newly created contract address ● To call contract methods: – Make transaction to contract address – Pass function signature and arguments as “data” 15

  16. Writing smart contracts ● Solidity (compiler: solc) ● Vyper (compiler: vyper) ● Online compilers – https://remix.ethereum.org – https://vyper.online 16

  17. Solidity vs Vyper simplestorage.sol simplestorage.vy storedData: public(uint256) pragma solidity >=0.4.0 <0.7.0; @public contract SimpleStorage { def set(x: uint256): uint storedData; self.storedData = x function set(uint x) public { storedData = x; } function get() public view returns (uint) { return storedData; } } 17

  18. Writing a smart contract with Solidity ● Access to low level functions ● Can do almost everything you could do with bytecode ● OpenZeppelin library – https://github.com/openzeppelin/openzeppelin-contracts – SafeMath, ERC20, etc. ● Inline assembly ● Inheritance 18

  19. Writing a smart contract with Vyper ● Security as a language goal – But not invulnerable to attacks ● Less features – Cannot do everything Solidity can do ● Not battle-tested like Solidity – Compiler bugs can lead to vulnerable code ● Python :) 19

  20. Top smart contract vulnerabilities 1. Reentrancy 6. Weak randomness ● ● 2. Arithmetic issues 7. Transaction order dependence ● ● 3. Unprotected SELFDESTRUCT 8. Timestamp dependence ● ● 4. Visibility issues 9. Untrusted DELEGATECALL ● ● 5. Denial of service 10. Improper access control ● ● 20

  21. Smart contract vulnerabilities: sources ● DASP: Decentralized Application Security Project – https://dasp.co ● SWC Registry – https://swcregistry.io ● ConsenSys - Smart contract best practices - Known attacks – https://consensys.github.io/smart-contract-best-practices /known_attacks 21

  22. 1/10: Reentrancy ● Function can be re-entered before it finishes – 1) call withdraw(foobar) – 2) withdraw() calls back msg.sender’s default function – 3) default function calls withdraw() again before “balances[msg.sender] -= x” is executed – 4) x is sent 2+ times Example: function withdraw(uint x) { require(balances[msg.sender] >= x); msg.sender.call.value(x)(); balances[msg.sender] -= x; } 22

  23. 2/10: Arithmetic issues ● Integer overflow ● Integer underflow ● Can lead to unexpected behavior Example: function withdraw(uint x) { require(balances[msg.sender] - x > 0); msg.sender.transfer(x); balances[msg.sender] -= x; } What if x is really large? 23

  24. 3/10: Unprotected SELFDESTRUCT ● SELFDESTUCT makes contract unusable ● Sends balance to address in parameter – Call selfdestruct(address) ● Make sure only authorized people can call selfdestruct 24

  25. 4/10: Visibility issues ● Public functions – Anyone can call public functions – Make sure to mark visibility explicitly for all functions ● All data in storage is visible by anyone – Passwords / black-box algorithms can be reversed even if marked as “private” 25

  26. 5/10: Denial of service ● Calls to external contracts can fail – Expect failures and catch errors – Failing external call can revert whole transaction ● Block gas limit – Transactions doing heavy computations may never be picked by miners 26

  27. 6/10: Weak randomness ● Randomness based on chain data is predictable – Block.number – Block.blockhash – blockhash(blocknumber) ● Blocknumber < current block.number - 256 ● Secure randomness in Ethereum is a hard problem ● SmartBillions 27

  28. 7/10: Transaction order dependence ● Also known as “Front running” ● Example: Quizz contract – Quizz contract gives prize to first person that finds solution to problem foobar – Alice finds a solution – Alice makes a transaction to send her solution – Attacker sees Alice’s transaction in pool before it is validated – Attacker sends same solution with higher fees so that their transaction is validated first – Attacker claims the prize 28

  29. 8/10: Timestamp dependence ● Block timestamp can be manipulated by miner – Do not depend on it 29

  30. 9/10: Untrusted DELEGATECALL ● DELGATECALL – Calls external contract with context of current contract’s storage – If external contract is malicious, it can modify storage and cause unexpected behavior 30

  31. 10/10: Improper access control contract Rubixi { address private creator; ● tx.origin //Sets creator – Do not use for access control function DynamicPyramid() { creator = msg.sender; – Use msg.sender } ● Constructor name copy-paste mistakes – Rubixi ● Copy-paste “DynamicPyramid” – constructor() – __init__() 31

  32. Forcibly sending ether to a contract ● Do not expect being able to prevent receiving ether ● selfdestruct(target) Example: – Sends ether to target contract Vulnerable { function () payable { revert(); without calling fallback function } function somethingBad() { require(this.balance > 0); // Do something bad } } 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel

HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel

HOWTO Basic Vulnerabilities and their Exploitation Samuel Angebault HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel Angebault staphylo@lse.epita.fr http://lse.epita.fr/ July 18, 2013 Table

969 views • 57 slides
Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android

Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android

Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android Applications Daniele Gallingani, Rigel Gjomemo , V.N. Venkatakrishnan, Stefano Zanero Android Message Passing Mechanism Android apps are composed of

566 views • 23 slides
Practical Exploitation on System Vulnerability of ProtoGENI Dawei Li Advisor: Dr. Xiaoyan Hong

Practical Exploitation on System Vulnerability of ProtoGENI Dawei Li Advisor: Dr. Xiaoyan Hong

3/31/2011 Practical Exploitation on System Vulnerability of ProtoGENI Dawei Li Advisor: Dr. Xiaoyan Hong University of Alabama Goal: perform ProtoGENI experiments to find vulnerabilities; to suggest prevention approach vulnerabilities; to

96 views • 5 slides
Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android

Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android

Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android Applications Daniele Gallingani Rigel Gjomemo, V.N. Venkatakrishnan Stefano Zanero University of Illinois at Chicago University of Illinois at Chicago

419 views • 11 slides
SciTech Focus on Blockchain: Antitrust Regulation and Blockchain Technology Wednesday, February

SciTech Focus on Blockchain: Antitrust Regulation and Blockchain Technology Wednesday, February

SciTech Focus on Blockchain: Antitrust Regulation and Blockchain Technology Wednesday, February 13, 2019| 1:00 PM Eastern Sponsored by the ABA Section of Science &amp; Technology, Cybersecurity Legal Task Force, Tort Trial and Insurance Practice

863 views • 49 slides
bluzelle What is Blockchain? Blockchain is a combination of multiple technologies 4 3 2

bluzelle What is Blockchain? Blockchain is a combination of multiple technologies 4 3 2

MAKE BLOCKCHAIN WORK FOR YOU bluzelle What is Blockchain? Blockchain is a combination of multiple technologies 4 3 2 Consensus 1 Encryption P2P Networks Time Stamp Challenges addressed by blockchain Regulatory and compliance pressures

669 views • 14 slides
Unleashing Use-After-Free Vulnerabilities in Linux Kernel Wen Xu , Juanru Li, Junliang Shu, Wenbo

Unleashing Use-After-Free Vulnerabilities in Linux Kernel Wen Xu , Juanru Li, Junliang Shu, Wenbo

From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel Wen Xu , Juanru Li, Junliang Shu, Wenbo Yang, Tianyi Xie, Yuanyuan Zhang, Dawu Gu Group of Software Security In Progress Lab of Cryptology and Computer

584 views • 25 slides
Euro S&amp;P Who Who Am I? Am I? Jason Donenfeld, also known as zx2c4 , no academic

Euro S&amp;P Who Who Am I? Am I? Jason Donenfeld, also known as zx2c4 , no academic

Presented by Jason A. Donenfeld April 27, 2017 Euro S&amp;P Who Who Am I? Am I? Jason Donenfeld, also known as zx2c4 , no academic affiliation. Background in exploitation, kernel vulnerabilities, crypto vulnerabilities, though quite a

807 views • 41 slides
Solidus Blockchain Ethan Cecchetti March 26, 2017 Blockchains Blockchain Blockchain

Solidus Blockchain Ethan Cecchetti March 26, 2017 Blockchains Blockchain Blockchain

Solidus Blockchain Ethan Cecchetti March 26, 2017 Blockchains Blockchain Blockchain blockchain blockchain blockchain Blockchain blockchain blockchain Blockchain Blockchain (blockchain) Blockchain blockchain, blockchain

470 views • 12 slides
Automatic Techniques to Systematically Discover New Heap Exploitation Primitives Ins Insu Yu

Automatic Techniques to Systematically Discover New Heap Exploitation Primitives Ins Insu Yu

Automatic Techniques to Systematically Discover New Heap Exploitation Primitives Ins Insu Yu Yun , Dhaval Kapil, and Taesoo Kim Georgia Institute of Technology 1 Heap vulnerabilities are the most common, yet serious security issues. %

387 views • 34 slides
! Current State of Exploitation ! Return-Oriented Exploitation ! Mac OS X x86 Return-Oriented

! Current State of Exploitation ! Return-Oriented Exploitation ! Mac OS X x86 Return-Oriented

! Current State of Exploitation ! Return-Oriented Exploitation ! Mac OS X x86 Return-Oriented Exploitation ! Techniques ! Demo ! Mac OS X x86_64 ! Conclusion ! Morris Worm (November 1988) ! Exploited a stack buffer overflow in BSD in.fingerd on VAX

1.02k views • 80 slides
Blockchain and Distributed Ledgers Blockchain allows mul/ple compe/ng par/es

Blockchain and Distributed Ledgers Blockchain allows mul/ple compe/ng par/es

State of Blockchain at LF Christopher Ferris, CTO Open Technology, IBM Blockchain and Distributed Ledgers Blockchain allows mul/ple compe/ng par/es to securely interact with the same universal

567 views • 31 slides
Security Interest Group Who Who Am I? Am I? Jason Donenfeld, also known as zx2c4 .

Security Interest Group Who Who Am I? Am I? Jason Donenfeld, also known as zx2c4 .

Presented by Jason A. Donenfeld July 19, 2017 Security Interest Group Who Who Am I? Am I? Jason Donenfeld, also known as zx2c4 . Background in exploitation, kernel vulnerabilities, crypto vulnerabilities, though quite a bit of

600 views • 47 slides
Presented by Jason A. Donenfeld March 31, 2017 Who Who Am I? Am I? Jason Donenfeld, also

Presented by Jason A. Donenfeld March 31, 2017 Who Who Am I? Am I? Jason Donenfeld, also

Presented by Jason A. Donenfeld March 31, 2017 Who Who Am I? Am I? Jason Donenfeld, also known as zx2c4 , no academic affiliation. Background in exploitation, kernel vulnerabilities, crypto vulnerabilities, though quite a bit of

705 views • 44 slides
Presented by Jason A. Donenfeld Who Who Am I? Am I? Jason Donenfeld, also known as zx2c4 .

Presented by Jason A. Donenfeld Who Who Am I? Am I? Jason Donenfeld, also known as zx2c4 .

Presented by Jason A. Donenfeld Who Who Am I? Am I? Jason Donenfeld, also known as zx2c4 . Background in exploitation, kernel vulnerabilities, crypto vulnerabilities, and been doing kernel-related development for a long time.

1.07k views • 43 slides
Presented by Jason A. Donenfeld February 28, 2017 Who Who Am I? Am I? Jason Donenfeld, also

Presented by Jason A. Donenfeld February 28, 2017 Who Who Am I? Am I? Jason Donenfeld, also

Presented by Jason A. Donenfeld February 28, 2017 Who Who Am I? Am I? Jason Donenfeld, also known as zx2c4 , no academic affiliation. Background in exploitation, kernel vulnerabilities, crypto vulnerabilities, though quite a bit of

432 views • 31 slides
John Daw Glen Davis Gina Woodward Executive Officer Executive Officer Distribution Development

John Daw Glen Davis Gina Woodward Executive Officer Executive Officer Distribution Development

John Daw Glen Davis Gina Woodward Executive Officer Executive Officer Distribution Development Manager Australian Wildlife Journeys Tourism Australia Great Walks of Australia 2 Signature experiences of australia John Daw Executive

816 views • 68 slides
UPDATED GEONEUTRINO MEASUREMENT WITH BOREXINO LIVIA LUDHOVA FOR BOREXINO COLLABORATION IKP-2,

UPDATED GEONEUTRINO MEASUREMENT WITH BOREXINO LIVIA LUDHOVA FOR BOREXINO COLLABORATION IKP-2,

UPDATED GEONEUTRINO MEASUREMENT WITH BOREXINO LIVIA LUDHOVA FOR BOREXINO COLLABORATION IKP-2, FORSCHUNGSZENTRUM JLICH AND RWTH AACHEN UNIVERSITY, GERMANY SEPTEMBER 10TH, 2019 TAUP 2019, TOYAMA, JAPAN OUTLINE (OR WHERE IS THIS ENERGY COMING

560 views • 37 slides
The Drupal 8 The Drupal 8 Theming Experience Theming Experience Scott Reeves (Cottser)

The Drupal 8 The Drupal 8 Theming Experience Theming Experience Scott Reeves (Cottser)

The Drupal 8 The Drupal 8 Theming Experience Theming Experience Scott Reeves (Cottser) bit.ly/d8txdca16 Scott Reeves Scott Reeves Drupal 8 theme system and Stable (co-)maintainer Provisional Drupal 8 core committer Team Lead @ Digital

254 views • 24 slides
DevOps from the Ground Up @patkua DevOps from the Ground Up @patkua @patkua works for and is

DevOps from the Ground Up @patkua DevOps from the Ground Up @patkua @patkua works for and is

DevOps from the Ground Up @patkua DevOps from the Ground Up @patkua @patkua works for and is author of develops helps with My story ... DevOps What is DevOps I do not think it means what you think it means Dev Ops Dev Ops

1.28k views • 74 slides
Basic Concepts: ! Good relationships are the basis for strong faith communities and learning

Basic Concepts: ! Good relationships are the basis for strong faith communities and learning

Basic Concepts: ! Good relationships are the basis for strong faith communities and learning and growth ! Anything that affects relationships [such as inappropriate or hurtful behaviour] impacts on faith community life and learning and

619 views • 34 slides
EDELWEISS searches for low-mass Dark Matter particles EDELWEISS-III results on Electron Recoil

EDELWEISS searches for low-mass Dark Matter particles EDELWEISS-III results on Electron Recoil

EDELWEISS searches for low-mass Dark Matter particles EDELWEISS-III results on Electron Recoil searches with 860g detectors [PRD 98 082004 (2018)] SubGeV WIMP/SIMP search results with a 33g detector [PRD 99 082013 (2019)] Recent

297 views • 25 slides
Direct Dark Matter Searches Marc Schumann Physik Institut, Universitt Zrich What is ?

Direct Dark Matter Searches Marc Schumann Physik Institut, Universitt Zrich What is ?

Direct Dark Matter Searches Marc Schumann Physik Institut, Universitt Zrich What is ? Invisibles12, GGI Florence, June 27th 2012 marc.schumann@physik.uzh.ch www.physik.uzh.ch/groups/groupbaudis/xenon/ Dark Matter: (indirect) Evidence

1.16k views • 56 slides
Dark Matter Searches Particle Cosmology Non baryonic dark matter (Axions) WIMPs: a generic

Dark Matter Searches Particle Cosmology Non baryonic dark matter (Axions) WIMPs: a generic

Bernard Sadoulet Dept. of Physics /LBNL UC Berkeley UC Institute for Nuclear and Particle Astrophysics and Cosmology (INPAC) Dark Matter Searches Particle Cosmology Non baryonic dark matter (Axions) WIMPs: a generic consequence of new physics

416 views • 26 slides

More recommend