智能合约漏洞调研补充
漏洞分类
Incorrect Calculation/arithmetic issues 1 Integer bugs
arithmetic bugs
Integer Overflow and Underflow Division by zero or modulo zero, 2)truncation bugs /multiply before divison/Imprecise arithmetic operations order 3)signedness bugs 目前精通整型溢出漏洞的工具:
- Osiris Integer bugs 论文
- ERC20 智能合约整数溢出系列漏洞披露 提到一个自动化工具可以高效挖掘高危整数溢出漏洞,检测出了文中很多漏洞
Use of Incorrect Operator/Typographical Error
The unary + operator is deprecated in new solidity compiler versions.
Using Components with Known Vulnerabilities
- Outdated Compiler Version
- Compiler version not fixed / Floating Pragma
Unchecked Return Value / Handle errors in external calls 2
Unchecked Call Return Value Uncheck low-level call
CWE-284: Improper Access Control 3
Unprotected Ether Withdrawal
unintentionally exposing initialization functions。such as Constructor 也可以说是初始化函数可见性问题 -- 见 SWC-105
Unprotected SELFDESTRUCT Instruction/functionality / suicide 4
Function Default Visibility -- Improper Adherence to Coding Standards5
State Variable Default Visibility/Implicit visibility level(不明确指定可见性)6
Owner 权限问题 避免 owner 权限过大
Improper Adherence to Coding Standards
Shadowing State Variables [^write]
Function Default Visibility
Freezing ether7
只有收钱,转账委托给其他合约,delegatecall,如果其他合约死了,就造成此问题
Ether lost in transfer
转向空地址
Incorrect Inheritance Order[^control_flow]
Use of Obsolete Function
- Use of Deprecated Solidity Functions
- Authorization through tx.origin[^authorization]8
CWE-841: Improper Enforcement of Behavioral Workflow 行为工作流的不恰当实施 [^improper_enforcement_workflow]9
CWE-670: Always-Incorrect Control Flow Implementation[^control_flow]
- Assert Violation //存在某条控制流总是错误 1. 有 bug 或者 不该用 Assert
Insufficient Control Flow Management [^control_flow]
Call to the unknown 16
代码写错,未匹配到,默认调用 fallback 函数
CWE-829: Inclusion of Functionality from Untrusted Control Sphere17
- Delegatecall to Untrusted Callee
Mishandled Exceptions/Improper Check or Handling of Exceptional Conditions/Exception disorder 18
- DoS with Failed External Call19
- 未作限制的 DelegateCall
Call 注入20
Improper Following of Specification by Caller21
- Requirement Violation SWC-123
Race Condition/Concurrent Execution using Shared Resource with Improper Synchronization
Front-runnig:22 目前最常发生: The ERC20 token standard includes a function called 'approve'
Displacement/顶替
Insertion/Transaction Order Dependence 提前插队,倒卖
Suppression/Block Stuffing attacks/Transaction Congestion Attack 拥挤堵塞23
Weak Sources of Randomness from Chain Attributes/Use of Insufficiently Random Values/Entropy Illusion24
block.timestamp、blockhash
,block.difficulty
block Number
都是不安全的 1. Block values as a proxy for time/Timestamp dependence 2. Block Number DependencyImproper Verification of Cryptographic Signature/Signature Replay Attacks[^authorization]
Signature Malleability -- SWC-117
ecrecover
A signature should never be included into a signed message hash to check if previously messages have been processed by the contract.Missing Protection against Signature Replay Attacks -- SWC-121
增加对重放攻击的保护,比如: 1.保存每次消息的 hash 2.Include the address of the contract that processes the message, 3. SWC-117
Lack of Proper Signature Verification -- SWC-122
sign messages off-chain. This can lead to vulnerabilities especially in scenarios where proxies can be used to relay transactions.
Write-what-where Condition
Write to Arbitrary Storage Location25
Use of Low-Level Functionality/Assembly instructions
- Arbitrary Jump with Function Type Variable
User Interface (UI) Misrepresentation of Critical Information
Right-To-Left-Override control character (U+202E)
Irrelevant Code/Dead code
- Presence of unused variables
- Code With No Effects
Improper Locking
Unexpected Ether balance/Forcibly Sending Ether to a Contract26 In the worst case scenario this could lead to DOS conditions that might render the contract unusable.
Keeping secrets/Unencrypted Private Data On-Chain27
Access to Critical Private Variable via Public Method
Authentication Bypass by Capture-replay[^authorization]
Hash Collisions With Multiple Variable Length Arguments
Improper Initialization
Message call with hardcoded gas amount[^gas]
Gas
Uncontrolled Resource Consumption
DoS With Block Gas Limit28
Gas Limit DoS on a Contract via Unbounded Operations/Loop over an array of unknown size
lock Ether
Gas Limit DoS on the Network via Block Stuffing/Block Stuffing attacks/Transaction congestion Attack
它不只可以用来消耗 Gas, 还可以通过 GasToken 来倒成钱
GasLess Send
Dos29
DoS With Block Gas Limit
- DoS with Failed External Call/External calls without gas stipends30
- Looping through externally manipulated mappings or arrays/通过外部操纵映射或数组(Array)循环
Owner operations 所有者操作
Progressing state based on external calls 基于外部调用的进展状态31
见 Solidity Security: Comprehensive list of known attack vectors and common anti-patterns 中文翻译
DoS with (Unexpected) revert 32
恶意退款的 fallback 函数
Signature collisions: two different functions may have the same signature
假充值问题 专门做它的: 1.EVulHunter: Detecting Fake Transfer Vulnerabilitiesfor EOSIO’s Smart Contracts at Webassembly level 2. 知道创宇 404/慢雾团队
版本更新已解决
Uninitialized Storage Pointer~~~ compiler version 0.5.0 and higher 已解决
Incorrect Constructor Name -- SWC-118 Solidity version 0.4.22 引入了 constructor 关键字
参照
SWC Registry Classification of smart contract vulnerabilities Known Attacks Silent But Vulnerable: Ethereum Gas Security Concerns Solidity Security: Comprehensive list of known attack vectors and common anti-patterns ethereum wiki 智能合约的常见漏洞 以太坊智能合约安全入门了解一下(上) 区块链智能合约安全审计白皮书(2018 年)解读 以太坊 Solidity 合约 call 函数簇滥用导致的安全风险
想法总结
以太坊 Solidity 合约 call 函数簇滥用导致的安全风险 call 安全漏洞