SlideShare a Scribd company logo

Security in the blockchain

Bellaj Badr
Bellaj Badr

The document discusses blockchain security. It begins by defining what a blockchain is - a shared digital ledger that records transactions in a decentralized peer-to-peer network. It then discusses several key aspects of blockchain security including cryptography techniques like SHA-256 that secure the data, the computational power of the network that acts as a deterrent to attacks, and vulnerabilities like smart contract bugs that still need to be addressed. Overall the document conveys that blockchain security is strong due to its design but also that more work is needed to develop tools and best practices as the technology continues to evolve.

Internet
1 of 40
Downloaded 257 times
1
2
3
4
Most read
5
6
Most read
7
8
9
10
11
12
13
14
Most read
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
Gentle introductionto BlockchainSecurityBELLAJ BADR
S WHAT IS THE BLOCKCHAIN? • A blockchain is a tamper-proof, shared digital ledger that records transactions(history) that take place between the peers in a peer- to-peer network. • All the confirmed and validated transaction blocks are linked and chained from the beginning of the chain to the most current block, hence the name blockchain. BLOCK CHAIN
SHA256(SHA256(80byte header of block k)). data's integrity. WHAT IS THE BLOCKCHAIN?
WHAT IS THE BLOCKCHAIN? NO SPOF
In the Context of protocol stack, cryptocurrency is a blockchain service 5 • THE DIGITALCURRENCY • CONSENSUS PROTOCOL • TRANSACTIONPROTOCOL • THE LEDGER : SHARED DATA LAYER • GMAIL • SMTP – SIMPLE MAIL TRANSFER PROTOCOL • TCP/IP – TRANSMISSION CONTROL PROTOCOL/INTERNET PROTOCOL Application Layer Application Protocol Layer General Protocol Layer HOW IT WORKS? STACK VUE (Blockchain System): Security layer
FEATURES DECENTRALIZED CONSENSUS Ensure Consensus within a decentralized Network. TRANSPARENCE & ANONYMITY DATA is available to the participants. Users are anonymous IMMUTABILITY Data is stored for ever in the blockchain and can’t be altered *The genesis blockchain WHAT IS THE BLOCKCHAIN?
Blockchain is BFT. POW : Byzantine general problem resolution.
Blockchain is Secure by design Cryptography + Computationalshield SHA256(Pow, address), RIPEMD-160(address), ECDSA Variant of DSA that ECC(1992 by Vanstone) . secp256k1,from SECG (the "Standards for Efficient Cryptography Group", founded by Certicom)
Benefits Of ECC : • Smaller key size provides • Storage efficiencies • Bandwidth savings • Computational efficiencies • Relatively newer field Security Level “256-bit ECC public key should provide comparable security to a 3072-bit RSA public key”
Security in the blockchain
51% Attack The probabilityof a transaction being reversed decreases exponentiallywith the number of confirmationsit has received. Computationalshield for an attacker to be able to successfully interfere with the Bitcoin network and block and reverse transactions
Bitcoin uses SHA- 256 encryption for both its Proof- of-Work (PoW) system and transaction verification 3 ExaHash/S !!! Computationalshield
The computing power of the Bitcoin network is 7468 times higher than the one of the cumulative 500 world supercomputers. X7500 Computationalshield
An Antminer S9 runs at 0.1 Joule per GH (109 hashes) 1026 hashes * 0.1 J / 109 hashes = 1015 joules 1015 joules = 2,777,777,778 kw hours * $0.10 kw/hour = $277,777,778 worth of electricity to rewrite the entire blockchain $3,028 worth of electricity per block Computationalshield
Sybil Attack (resistance) Because the bitcoinprotocol considers the true chain to be the one with the most cumulative proof of work (not the longest chain as is often incorrectly stated,) it’s not possible for someone to launch an attack against a node by creating many dishonest peers Computationalshield
Bitcoin Code Bugs most real Blockchain vulnerabilities do not stem from a weakness in the underlying hardness assumption, but rather from implementation issues
Computationalshield Human Factor Zerocoin bug in the code allowedthe attacker to reuse his existing validproofs to generate additional Zerocoinspend transactions(370,000 Zcoins=> 410 BTC).
Smart Contract Security ETHEREUM BLOCKCHAIN
Code Issue Leads to $60M Theft DAO Hack
DAO Decentralized Autonomous Organization (DAO) Organization without CA => No CEO => Smart contract Decentralized fund manager
SMART CONTRACT • “A smart contract is a program that runs on the blockchain • and has its correct execution enforced by the consensus protocol” • They enable trustless financial services like loans, micropayments, and more. • Get rid of intermediariesand thirdparties
SMART CONTRACT
DAO The DAO was the largest crowdfunding in history, having raised over $150m from more than 11,000 enthusiastic members. The DAO has lost 3.6m ether 1ether =17(60M) $ today =80(288M)
function splitDAO(... ... withdrawRewardFor(msg.sender); // be nice, and get his rewards totalSupply -= balances[msg.sender]; balances[msg.sender] = 0; paidOut[msg.sender] = 0; return true; } The Heist the attacker managed to drain more than 3.6 million Ether into a “child DAO” that has the same structure as The DAO
On 17th of June an attacker tried to rob ~3.5M ETH using the reentry exploit // THIS CONTRACT CONTAINS A BUG - DO NOT USE contract Recipient { contract Fund { uint counter; /// Mapping of ether shares of the contract. function() { mapping(address => uint) shares; if (counter < 10) { /// Withdraw your share. Fund(msg.sender).withdraw(); function withdraw() { counter+=1; if (msg.sender.call.value(shares[msg.sender])()) } shares[msg.sender] = 0; } } } } The attack (quite simple)
function getBalance(address user) constant returns(uint) { return userBalances[user]; } function addToBalance() { userBalances[msg.sender] += msg.amount; } function withdrawBalance() { amountToWithdraw = userBalances[msg.sender]; if (!(msg.sender.call.value(amountToWith draw)())) { throw; } userBalances[msg.sender] = 0; } function () { // To be called by a vulnerable contract with a withdraw function. // This will double withdraw. vulnerableContract v; uint times; if (times == 0 && attackModeIsOn) { times = 1; v.withdrawBalance (); } else { times = 0; } } vulnerableContract.withdraw run 1 attacker default function run 1 vulnerableContract.withdraw run 2 attacker default function run 2 reentry exploit
function withdrawBalance() { amountToWithdraw = userBalances[msg.sender]; userBalances[msg.sender] = 0; if (amountToWithdraw > 0) { if (!(msg.sender.send(amountToWithdraw ))) { throw; } } } Correction
Blockchain DDOS
• Sandboxing • Repricing the opcodes. • VM rearchitecting Fight against DDOS A transaction or smart contract execution takes too long
Security measures
● It’s early days - we lack experience: ○ Solidity version 0.4.11 ○ Mist version 0.8.9 ○ Geth version 1.6.1 ○ Frontier has been launched ~ 2 year ago ○ Number of operating Dapps still very low ● Vitalik suggested 10M$ as cap in foundation blog Cap contracts
Mathematically proof that a contract has a certain feature or invariant http://dr-y.no-ip.net/ Formal proof verification formal verificationis the act of proving or disproving the correctness of intended algorithmsunderlying a system with respect to a certain formal specificationor property, using formal methods of mathematics.
● Stake Vote (X% of all Ether) Going stepwise from centralization to decentralization ● Ethereum: Olympic - Frontier (canaries) - Homestead (difficulty increase) - Metropolis … ● DAO: Curators (except of “splitDAO”) ● DigixDAO, MakerDAO Who could control it: ● token holders (The DAO) ● central trusted authority (DigixDAO) ● “Community multisig” ? Centralization
DAO: ● 7 Days for splitDAO proposals ● 14 Days for regular proposals ● 27 days creation period ● … Gives time for a central authority (if implemented in the contract) to act Time Delays
Statistics: ~15-50 bugs per 1000 lines of code Not everything needs decentralization and needs to be in the smart contract ● Only include in a smart contract the very core of a Dapp ● Reuse trusted proven code ○ Standard Token Contract ○ Foundation multisig ○ (Hopefully one day a DAO standard framework) Minimal complexity
Statistics: ~15-50 bugs per 1000 lines of code Not everything needs decentralization and needs to be in the smart contract ● Only include in a smart contract the very core of a Dapp Source: https://eprint.iacr.org/2016/633.pdf Code security flaws
● Formal proof verification (work in progress) ● Compiler warnings (work in progress) ● Improved IDEs (work in progress) ● Trusted Libraries (work in progress) ● Best practices literature (work in progress) ● Decentralized master keys / Decentralized escape hatches / trusted community multisig to be used in smart contracts as centralized authorities Better tools
Best practices
http://solidity.readthedocs.io/en/latest/security-considerations.html ● 1024 call stack depth -> always check return values of each call ● Block gas limit -> No arbitrary length loops ● Reentry exploit -> update state before executing CALLs ● Ether sent to contract without contract invocation -> be careful with Invariants ● Specify right amount of gas (SEND vs CALL) ● Block timestamp can be manipulated -> block.number are safer ● Tx.orgin vs msg.sender (pishing attacks) ● … Literature: https://github.com/ConsenSys/smart-contract-best-practices Establish security patterns
It’s early days, like the internet in 90s Conclusion https://arxiv.org/pdf/1605.09193.pdf Bitcoin’sSecurity Model Revisited

More Related Content

What's hot (20)

PPTX
Blockchain Introduction Presentation
Amr Alaa Yassen
 
PDF
Blockchain Security Issues and Challenges
Merlec Mpyana
 
PDF
Understanding Blockchain Security
ITU
 
PDF
Blockchain Presentation
Zied GUESMI
 
PDF
Blockchain Technology Fundamentals
Experfy
 
PPTX
The Blockchain and the Future of Cybersecurity
Kevin Cedeño, CISM, CISA
 
PDF
Blockchain Explained | Blockchain Simplified | Blockchain Technology | Blockc...
Edureka!
 
PPTX
The Blockchain - The Technology behind Bitcoin
Jérôme Kehrli
 
PPTX
Blockchain and Bitcoin
Hugo Rodrigues
 
PDF
Introduction to Blockchain
Jordan Harris
 
PPTX
Hyperledger Fabric
Murughan Palaniachari
 
PDF
Ethereum in a nutshell
Daniel Chan
 
PPTX
Blockchain Technology
Rashi Singh
 
PDF
An Introduction to Blockchain Technology
Niuversity
 
PDF
Introduction to Blockchain
Malak Abu Hammad
 
PPTX
Crypto wallets
Christian Kameir
 
PDF
Blockchain 101 | Blockchain Tutorial | Blockchain Smart Contracts | Blockchai...
Edureka!
 
PPTX
A Secure Model of IoT Using Blockchain
Altoros
 
PDF
6 Key Blockchain Features You Need to Know Now
101 Blockchains
 
PPTX
Blockchain Consensus Protocols
Melanie Swan
 
Blockchain Introduction Presentation
Amr Alaa Yassen
 
Blockchain Security Issues and Challenges
Merlec Mpyana
 
Understanding Blockchain Security
ITU
 
Blockchain Presentation
Zied GUESMI
 
Blockchain Technology Fundamentals
Experfy
 
The Blockchain and the Future of Cybersecurity
Kevin Cedeño, CISM, CISA
 
Blockchain Explained | Blockchain Simplified | Blockchain Technology | Blockc...
Edureka!
 
The Blockchain - The Technology behind Bitcoin
Jérôme Kehrli
 
Blockchain and Bitcoin
Hugo Rodrigues
 
Introduction to Blockchain
Jordan Harris
 
Hyperledger Fabric
Murughan Palaniachari
 
Ethereum in a nutshell
Daniel Chan
 
Blockchain Technology
Rashi Singh
 
An Introduction to Blockchain Technology
Niuversity
 
Introduction to Blockchain
Malak Abu Hammad
 
Crypto wallets
Christian Kameir
 
Blockchain 101 | Blockchain Tutorial | Blockchain Smart Contracts | Blockchai...
Edureka!
 
A Secure Model of IoT Using Blockchain
Altoros
 
6 Key Blockchain Features You Need to Know Now
101 Blockchains
 
Blockchain Consensus Protocols
Melanie Swan
 

Similar to Security in the blockchain (20)

PPTX
Best practices to build secure smart contracts
Gautam Anand
 
PDF
Ethereum Blockchain and DApps - Workshop at Software University
Open Source University
 
PDF
Token platform based on sidechain
Luniverse Dunamu
 
PPTX
Hello world contract
Gene Leybzon
 
PPTX
Chronicle accelerate building a digital currency
Peter Lawrey
 
PDF
Simone Bronzini - Weaknesses of blockchain applications - Codemotion Milan 2018
Codemotion
 
PDF
How to be a smart contract engineer
Oded Noam
 
PDF
Blockchain, cryptography and tokens — NYC Bar presentation
Paperchain
 
PPTX
Blockchain architected
IBM Sverige
 
PDF
Blockchain and Smart Contract Simulation
Jun Furuse
 
PDF
blockchain-and-trusted-computing
YongraeJo
 
PDF
Hyperledger Fabric Application Development 20190618
Arnaud Le Hors
 
PDF
Ergo Presentation - Tokyo
Alex Chepurnoy
 
PDF
Basics of Block Chain
Tharindu Weerasinghe
 
PPTX
Robust Programming of Smart Contracts in Solidity+, RK Shyamasundar
Napier University
 
PPTX
Vert.x for Microservices Architecture
Idan Fridman
 
PDF
New Business Models enabled by Blockchain
Slash
 
PDF
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...
Ambassador Labs
 
PDF
Programming smart contracts in solidity
Emanuel Mota
 
PDF
Smart contracts using web3.js
Felix Crisan
 
Best practices to build secure smart contracts
Gautam Anand
 
Ethereum Blockchain and DApps - Workshop at Software University
Open Source University
 
Token platform based on sidechain
Luniverse Dunamu
 
Hello world contract
Gene Leybzon
 
Chronicle accelerate building a digital currency
Peter Lawrey
 
Simone Bronzini - Weaknesses of blockchain applications - Codemotion Milan 2018
Codemotion
 
How to be a smart contract engineer
Oded Noam
 
Blockchain, cryptography and tokens — NYC Bar presentation
Paperchain
 
Blockchain architected
IBM Sverige
 
Blockchain and Smart Contract Simulation
Jun Furuse
 
blockchain-and-trusted-computing
YongraeJo
 
Hyperledger Fabric Application Development 20190618
Arnaud Le Hors
 
Ergo Presentation - Tokyo
Alex Chepurnoy
 
Basics of Block Chain
Tharindu Weerasinghe
 
Robust Programming of Smart Contracts in Solidity+, RK Shyamasundar
Napier University
 
Vert.x for Microservices Architecture
Idan Fridman
 
New Business Models enabled by Blockchain
Slash
 
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...
Ambassador Labs
 
Programming smart contracts in solidity
Emanuel Mota
 
Smart contracts using web3.js
Felix Crisan
 
Ad

More from Bellaj Badr (14)

PPTX
Cours4.pptx
Bellaj Badr
 
PDF
0240-formation-ssh-secure-shell.pdf
Bellaj Badr
 
PDF
5-Authentification.2P.pdf
Bellaj Badr
 
PDF
Is web 3 an overengineered solution
Bellaj Badr
 
PDF
create your own cryptocurrency
Bellaj Badr
 
PPTX
Blockchain and bitcoin in numbers
Bellaj Badr
 
PPTX
Blockchain Tokenization
Bellaj Badr
 
PDF
Blockchain demystification
Bellaj Badr
 
PPTX
Bitcoin
Bellaj Badr
 
PPTX
An introduction to AI (artificial intelligence)
Bellaj Badr
 
PPTX
Connected Car Platform (CC-p)
Bellaj Badr
 
PPTX
the age of cryptocurrency at Devoxx Morocco
Bellaj Badr
 
PPTX
C from hello world to 010101
Bellaj Badr
 
PPTX
beware of Thing Bot
Bellaj Badr
 
Cours4.pptx
Bellaj Badr
 
0240-formation-ssh-secure-shell.pdf
Bellaj Badr
 
5-Authentification.2P.pdf
Bellaj Badr
 
Is web 3 an overengineered solution
Bellaj Badr
 
create your own cryptocurrency
Bellaj Badr
 
Blockchain and bitcoin in numbers
Bellaj Badr
 
Blockchain Tokenization
Bellaj Badr
 
Blockchain demystification
Bellaj Badr
 
Bitcoin
Bellaj Badr
 
An introduction to AI (artificial intelligence)
Bellaj Badr
 
Connected Car Platform (CC-p)
Bellaj Badr
 
the age of cryptocurrency at Devoxx Morocco
Bellaj Badr
 
C from hello world to 010101
Bellaj Badr
 
beware of Thing Bot
Bellaj Badr
 
Ad

Recently uploaded (20)

PDF
Web Hosting for Shopify WooCommerce etc.
Harry_Phoneix Harry_Phoneix
 
PPTX
一比一原版(LaTech毕业证)路易斯安那理工大学毕业证如何办理
Taqyea
 
PPTX
一比一原版(SUNY-Albany毕业证)纽约州立大学奥尔巴尼分校毕业证如何办理
Taqyea
 
PDF
Azure_DevOps introduction for CI/CD and Agile
henrymails
 
PPTX
L1A Season 1 Guide made by A hegy Eng Grammar fixed
toszolder91
 
PPTX
sajflsajfljsdfljslfjslfsdfas;fdsfksadfjlsdflkjslgfs;lfjlsajfl;sajfasfd.pptx
theknightme
 
PPTX
原版西班牙莱昂大学毕业证(León毕业证书)如何办理
Taqyea
 
PPT
Computer Securityyyyyyyy - Chapter 2.ppt
SolomonSB
 
PPTX
internet básico presentacion es una red global
70965857
 
PDF
AI_MOD_1.pdf artificial intelligence notes
shreyarrce
 
PPT
introduction to networking with basics coverage
RamananMuthukrishnan
 
PPTX
Orchestrating things in Angular application
Peter Abraham
 
PPTX
Research Design - Report on seminar in thesis writing. PPTX
arvielobos1
 
PPT
introductio to computers by arthur janry
RamananMuthukrishnan
 
PPTX
Lec15_Mutability Immutability-converted.pptx
khanjahanzaib1
 
PDF
𝐁𝐔𝐊𝐓𝐈 𝐊𝐄𝐌𝐄𝐍𝐀𝐍𝐆𝐀𝐍 𝐊𝐈𝐏𝐄𝐑𝟒𝐃 𝐇𝐀𝐑𝐈 𝐈𝐍𝐈 𝟐𝟎𝟐𝟓
hokimamad0
 
PPTX
Optimization_Techniques_ML_Presentation.pptx
farispalayi
 
PPTX
INTEGRATION OF ICT IN LEARNING AND INCORPORATIING TECHNOLOGY
kvshardwork1235
 
PPTX
Presentation3gsgsgsgsdfgadgsfgfgsfgagsfgsfgzfdgsdgs.pptx
SUB03
 
PPTX
ZARA-Case.pptx djdkkdjnddkdoodkdxjidjdnhdjjdjx
RonnelPineda2
 
Web Hosting for Shopify WooCommerce etc.
Harry_Phoneix Harry_Phoneix
 
一比一原版(LaTech毕业证)路易斯安那理工大学毕业证如何办理
Taqyea
 
一比一原版(SUNY-Albany毕业证)纽约州立大学奥尔巴尼分校毕业证如何办理
Taqyea
 
Azure_DevOps introduction for CI/CD and Agile
henrymails
 
L1A Season 1 Guide made by A hegy Eng Grammar fixed
toszolder91
 
sajflsajfljsdfljslfjslfsdfas;fdsfksadfjlsdflkjslgfs;lfjlsajfl;sajfasfd.pptx
theknightme
 
原版西班牙莱昂大学毕业证(León毕业证书)如何办理
Taqyea
 
Computer Securityyyyyyyy - Chapter 2.ppt
SolomonSB
 
internet básico presentacion es una red global
70965857
 
AI_MOD_1.pdf artificial intelligence notes
shreyarrce
 
introduction to networking with basics coverage
RamananMuthukrishnan
 
Orchestrating things in Angular application
Peter Abraham
 
Research Design - Report on seminar in thesis writing. PPTX
arvielobos1
 
introductio to computers by arthur janry
RamananMuthukrishnan
 
Lec15_Mutability Immutability-converted.pptx
khanjahanzaib1
 
𝐁𝐔𝐊𝐓𝐈 𝐊𝐄𝐌𝐄𝐍𝐀𝐍𝐆𝐀𝐍 𝐊𝐈𝐏𝐄𝐑𝟒𝐃 𝐇𝐀𝐑𝐈 𝐈𝐍𝐈 𝟐𝟎𝟐𝟓
hokimamad0
 
Optimization_Techniques_ML_Presentation.pptx
farispalayi
 
INTEGRATION OF ICT IN LEARNING AND INCORPORATIING TECHNOLOGY
kvshardwork1235
 
Presentation3gsgsgsgsdfgadgsfgfgsfgagsfgsfgzfdgsdgs.pptx
SUB03
 
ZARA-Case.pptx djdkkdjnddkdoodkdxjidjdnhdjjdjx
RonnelPineda2
 

Security in the blockchain

  • 2. S WHAT IS THE BLOCKCHAIN? • A blockchain is a tamper-proof, shared digital ledger that records transactions(history) that take place between the peers in a peer- to-peer network. • All the confirmed and validated transaction blocks are linked and chained from the beginning of the chain to the most current block, hence the name blockchain. BLOCK CHAIN
  • 3. SHA256(SHA256(80byte header of block k)). data's integrity. WHAT IS THE BLOCKCHAIN?
  • 4. WHAT IS THE BLOCKCHAIN? NO SPOF
  • 5. In the Context of protocol stack, cryptocurrency is a blockchain service 5 • THE DIGITALCURRENCY • CONSENSUS PROTOCOL • TRANSACTIONPROTOCOL • THE LEDGER : SHARED DATA LAYER • GMAIL • SMTP – SIMPLE MAIL TRANSFER PROTOCOL • TCP/IP – TRANSMISSION CONTROL PROTOCOL/INTERNET PROTOCOL Application Layer Application Protocol Layer General Protocol Layer HOW IT WORKS? STACK VUE (Blockchain System): Security layer
  • 6. FEATURES DECENTRALIZED CONSENSUS Ensure Consensus within a decentralized Network. TRANSPARENCE & ANONYMITY DATA is available to the participants. Users are anonymous IMMUTABILITY Data is stored for ever in the blockchain and can’t be altered *The genesis blockchain WHAT IS THE BLOCKCHAIN?
  • 7. Blockchain is BFT. POW : Byzantine general problem resolution.
  • 8. Blockchain is Secure by design Cryptography + Computationalshield SHA256(Pow, address), RIPEMD-160(address), ECDSA Variant of DSA that ECC(1992 by Vanstone) . secp256k1,from SECG (the "Standards for Efficient Cryptography Group", founded by Certicom)
  • 9. Benefits Of ECC : • Smaller key size provides • Storage efficiencies • Bandwidth savings • Computational efficiencies • Relatively newer field Security Level “256-bit ECC public key should provide comparable security to a 3072-bit RSA public key”
  • 11. 51% Attack The probabilityof a transaction being reversed decreases exponentiallywith the number of confirmationsit has received. Computationalshield for an attacker to be able to successfully interfere with the Bitcoin network and block and reverse transactions
  • 12. Bitcoin uses SHA- 256 encryption for both its Proof- of-Work (PoW) system and transaction verification 3 ExaHash/S !!! Computationalshield
  • 13. The computing power of the Bitcoin network is 7468 times higher than the one of the cumulative 500 world supercomputers. X7500 Computationalshield
  • 14. An Antminer S9 runs at 0.1 Joule per GH (109 hashes) 1026 hashes * 0.1 J / 109 hashes = 1015 joules 1015 joules = 2,777,777,778 kw hours * $0.10 kw/hour = $277,777,778 worth of electricity to rewrite the entire blockchain $3,028 worth of electricity per block Computationalshield
  • 15. Sybil Attack (resistance) Because the bitcoinprotocol considers the true chain to be the one with the most cumulative proof of work (not the longest chain as is often incorrectly stated,) it’s not possible for someone to launch an attack against a node by creating many dishonest peers Computationalshield
  • 16. Bitcoin Code Bugs most real Blockchain vulnerabilities do not stem from a weakness in the underlying hardness assumption, but rather from implementation issues
  • 17. Computationalshield Human Factor Zerocoin bug in the code allowedthe attacker to reuse his existing validproofs to generate additional Zerocoinspend transactions(370,000 Zcoins=> 410 BTC).
  • 19. Code Issue Leads to $60M Theft DAO Hack
  • 20. DAO Decentralized Autonomous Organization (DAO) Organization without CA => No CEO => Smart contract Decentralized fund manager
  • 21. SMART CONTRACT • “A smart contract is a program that runs on the blockchain • and has its correct execution enforced by the consensus protocol” • They enable trustless financial services like loans, micropayments, and more. • Get rid of intermediariesand thirdparties
  • 23. DAO The DAO was the largest crowdfunding in history, having raised over $150m from more than 11,000 enthusiastic members. The DAO has lost 3.6m ether 1ether =17(60M) $ today =80(288M)
  • 24. function splitDAO(... ... withdrawRewardFor(msg.sender); // be nice, and get his rewards totalSupply -= balances[msg.sender]; balances[msg.sender] = 0; paidOut[msg.sender] = 0; return true; } The Heist the attacker managed to drain more than 3.6 million Ether into a “child DAO” that has the same structure as The DAO
  • 25. On 17th of June an attacker tried to rob ~3.5M ETH using the reentry exploit // THIS CONTRACT CONTAINS A BUG - DO NOT USE contract Recipient { contract Fund { uint counter; /// Mapping of ether shares of the contract. function() { mapping(address => uint) shares; if (counter < 10) { /// Withdraw your share. Fund(msg.sender).withdraw(); function withdraw() { counter+=1; if (msg.sender.call.value(shares[msg.sender])()) } shares[msg.sender] = 0; } } } } The attack (quite simple)
  • 26. function getBalance(address user) constant returns(uint) { return userBalances[user]; } function addToBalance() { userBalances[msg.sender] += msg.amount; } function withdrawBalance() { amountToWithdraw = userBalances[msg.sender]; if (!(msg.sender.call.value(amountToWith draw)())) { throw; } userBalances[msg.sender] = 0; } function () { // To be called by a vulnerable contract with a withdraw function. // This will double withdraw. vulnerableContract v; uint times; if (times == 0 && attackModeIsOn) { times = 1; v.withdrawBalance (); } else { times = 0; } } vulnerableContract.withdraw run 1 attacker default function run 1 vulnerableContract.withdraw run 2 attacker default function run 2 reentry exploit
  • 27. function withdrawBalance() { amountToWithdraw = userBalances[msg.sender]; userBalances[msg.sender] = 0; if (amountToWithdraw > 0) { if (!(msg.sender.send(amountToWithdraw ))) { throw; } } } Correction
  • 29. • Sandboxing • Repricing the opcodes. • VM rearchitecting Fight against DDOS A transaction or smart contract execution takes too long
  • 31. ● It’s early days - we lack experience: ○ Solidity version 0.4.11 ○ Mist version 0.8.9 ○ Geth version 1.6.1 ○ Frontier has been launched ~ 2 year ago ○ Number of operating Dapps still very low ● Vitalik suggested 10M$ as cap in foundation blog Cap contracts
  • 32. Mathematically proof that a contract has a certain feature or invariant http://dr-y.no-ip.net/ Formal proof verification formal verificationis the act of proving or disproving the correctness of intended algorithmsunderlying a system with respect to a certain formal specificationor property, using formal methods of mathematics.
  • 33. ● Stake Vote (X% of all Ether) Going stepwise from centralization to decentralization ● Ethereum: Olympic - Frontier (canaries) - Homestead (difficulty increase) - Metropolis … ● DAO: Curators (except of “splitDAO”) ● DigixDAO, MakerDAO Who could control it: ● token holders (The DAO) ● central trusted authority (DigixDAO) ● “Community multisig” ? Centralization
  • 34. DAO: ● 7 Days for splitDAO proposals ● 14 Days for regular proposals ● 27 days creation period ● … Gives time for a central authority (if implemented in the contract) to act Time Delays
  • 35. Statistics: ~15-50 bugs per 1000 lines of code Not everything needs decentralization and needs to be in the smart contract ● Only include in a smart contract the very core of a Dapp ● Reuse trusted proven code ○ Standard Token Contract ○ Foundation multisig ○ (Hopefully one day a DAO standard framework) Minimal complexity
  • 36. Statistics: ~15-50 bugs per 1000 lines of code Not everything needs decentralization and needs to be in the smart contract ● Only include in a smart contract the very core of a Dapp Source: https://eprint.iacr.org/2016/633.pdf Code security flaws
  • 37. ● Formal proof verification (work in progress) ● Compiler warnings (work in progress) ● Improved IDEs (work in progress) ● Trusted Libraries (work in progress) ● Best practices literature (work in progress) ● Decentralized master keys / Decentralized escape hatches / trusted community multisig to be used in smart contracts as centralized authorities Better tools
  • 39. http://solidity.readthedocs.io/en/latest/security-considerations.html ● 1024 call stack depth -> always check return values of each call ● Block gas limit -> No arbitrary length loops ● Reentry exploit -> update state before executing CALLs ● Ether sent to contract without contract invocation -> be careful with Invariants ● Specify right amount of gas (SEND vs CALL) ● Block timestamp can be manipulated -> block.number are safer ● Tx.orgin vs msg.sender (pishing attacks) ● … Literature: https://github.com/ConsenSys/smart-contract-best-practices Establish security patterns
  • 40. It’s early days, like the internet in 90s Conclusion https://arxiv.org/pdf/1605.09193.pdf Bitcoin’sSecurity Model Revisited