A team of researchers from the University of California, Santa Barbara, has demonstrated a "scalable technique" for vetting smart contracts and mitigating state-inconsistency bugs, uncovering 47 zero-day vulnerabilities on the Ethereum blockchain in the process.
Smart contracts are programs that are stored on the blockchain and are automatically executed when predetermined conditions are met based on the agreement's encoded terms. They enable anonymous parties to carry out trusted transactions and agreements without the need for a central authority.
In other words, the code is intended to be the final arbiter of "the deal" that it represents, with the program controlling all aspects of execution and providing an immutable evidentiary audit trail of transactions that are both trackable and irreversible.
This also implies that vulnerabilities in the code could result in significant losses, as evidenced by hacks against the DAO and, more recently, MonoX, in which adversaries exploited loopholes to illicitly syphon funds, a scenario that could have disastrous consequences given the burgeoning adoption of smart contracts in recent years.
"Because smart contracts are not easily upgradeable, auditing the contract's source prior to deployment and deploying a bug-free contract is even more important than in the case of traditional software," the researchers wrote in a paper.
Enter Sailfish, which aims to detect state inconsistency vulnerabilities in smart contracts that allow an attacker to tamper with transaction execution order or take over control flow within a single transaction (i.e., reentrancy).
The tool operates as follows. Given a smart contract, Sailfish converts it into a dependency graph, which captures the control and data flow relations between storage variables and smart contract state-changing instructions, and uses it to identify potential flaws by defining hazardous access, which is implemented as graph queries to determine whether two different execution paths, at least one of which is a write operation, operate on the same storage variable.
The researchers tested Sailfish on 89,853 contracts obtained from Etherscan, discovering 47 zero-day vulnerabilities that could be exploited to drain Ether and even corrupt application-specific metadata.
This also includes a vulnerable contract implementing a housing tracker that could be abused in such a way that a homeowner could have multiple active listings. The study's findings will be presented at the IEEE Symposium on Security and Privacy (S&P) in May 2022.
This is not the first time that academics have been drawn to problematic smart contracts. In September 2020, Chinese researchers created a framework for categorizing known vulnerabilities in smart contracts, with the goal of providing a detection criterion for each bug.
Airzero Sec's cybersecurity experts have worked on a wide range of projects for a number of well-known companies for many years. Use our previous experience to your advantage, whether it's to assist you in getting there or to perform technical tests. If you have any doubts about the aforementioned issue, please contact us. Please do not hesitate to get in touch with us.
Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/