BG - All your Ether are belong to us (a.k.a Hacking Ethereum-based DApps)

this next talk is being presented by breaking grounds it's all your ether are belong to us by luis quispay gonzalez hello everyone and welcome to this talk all your editors are belong to us or how to hack extreme basic tabs who am i my name is risquez gonzalez i've been having fun for around seven years working for offensive security field you know ethical hacking returning and all that time stuff currently i'm working as a lead offensive security engineer at halberd a company specialized in cyber security for blockchain application i also post graduate instructor in ethical hacking courses if you enjoy this talk you can reach out to me in linkedin telegram and say hello i really appreciate it

so what are we going to see today we are going to have a quick recap about what blockchain is a general introduction to smart contracts and the meat of this stock what are decentralized applications or dabs how they work and the most important part how to hack them so let's start blockchain 101 what is blockchain as the name indicates is a change of block that contains some kind of information blockchain became very popular with appearance of bitcoin in 2009 but be careful bitcoin is just one of the many applications that blockchain can have in fact blockchain is a distributed ledger so it's completely open to anyone and they have an interesting property when some data has been

recorded inside the blockchain it's extremely extremely difficult to modify it how does it work let's take a closer look at a block a block has some data has a hash and a hash of brief block where is the data and there is a store inside a block it depends on the blockchain for example in the bitcoin blockchain blockchain we have details of a transaction we have a sender we have a receiver and obviously we have the amount of coins that is involved in the transaction we also have a hash a hash we can compare it with like a fingerprint so each block has its unique hash and it's interesting because if you modify one bit in a block the hash

it's completely different if you modify another bit of the block the hash is completely different so hash is very useful to verify if our block has been has been tampered for example and finally we have a hash of a previous block so that's how we can create a change of vlog or blockchain a big question here is what happens if an attacker wants to jumper or modify our blockchain well blockchain has two powerful mechanisms about it the third one is called consensus in bitcoin in ethereum that consensus mechanism is called proof of work how does it work well they have to solve a crypto challenge what does it mean they have to guess a number

to make its well if someone wants to create a block they have they have to guess a number that make that block comply with a specific numerical condition so due to the fact you have to guess a number the more computational resources you have it's more probable you can create a block damming type for block creation is 10 minutes in bitcoin in other blockchain varies and this process is called mining obviously the ones who create a blog are called miners and the second mechanism is called peer-to-peer network so remember blockchain is distributed so every participant in the network has its sounds copied locally of the blockchain so if someone wants to create a new block

this new block is shared with all the participants in the networks the participants have to verify if this block comply the specific numerical a condition i told you earlier so if so they join the new block to its own local blockchain so that's the way he obtained the consensus if an attacker for example wants to create a fake block that is not compliant is automatically reacted that's how it works fine now why why is is a smart contract we can compare the smart contract with a traditional contract for example they both have terms and conditions the big difference here is that the smart contract is digitalized so the term and conditions are expressed in code

this code it's compiled and stored inside the blockchain so if if a smart contract are inside a blockchain is accessible for everyone everyone can rate the code of the smart contract for example is everyone can interact with the contract obviously it will depend on the authorization level you can have but at the end of the day you can interact with them and finally there is consensus about the outcome of the smart contract let's see an example we all know about crowdfunding platform for example kid starter indiegogo etc it's a platform there is a product team and there are supporters if the product team if the product team gets to raise some amount of money a goal for example a

monetary goal the money goes to the team otherwise the monies the money is returned to the supporters how can it work in blockchain instead of the of the crowdfunding platform we can have a smart contract so supporters send money to the smart contract that the money is stored inside the smart contract and if the monetary goal is met the money is automatically sent to that product team otherwise the money is returned to the supporters what is the logic inside the smart contract very straightforward we have an if condition if gold is met then give money to the product team if gold is not met refund supporters very easy there are other uses cases for different industries for example we have

banks we have insurance delivery music services streaming video games a huge etc very fun okay while the blockchain that supports smart contacts there are many the main one nowadays is ethereum and if you want to create a smart contact for ethereum you can use the solidity programming language it's not the only one but it's the most used nowadays okay regarding material we have users external users and we have smart contracts they both are identified with a 20 by excellent email address okay so what can we do inside the blockchain network we can for example send money we can send money between accounts the money in ethereum is called ether so we can send headers to another account

or if we want we can interact with a contract when we interact with a contact we call a function on the contract and the contract can also interact with another users at the end we can have for example chain reaction a user a call a function in a contract the contact call another contract at the contract interact with another user a chain reaction when a user wants to call a function on a contract i mean they transact a user transact you have to sign this transaction why that's the way to demonstrate the transat you're the owner of the transaction so you need a private key once you sign the transaction you send it to the blockchain

and there are public keys to to decrypt the transaction itself so in a day-to-day operation you don't use the private key manually you have to to have a tool uh for example in this case a crypto wallet to restore the private key and to manage the keys you can have we can have many examples for a metamask transfer ledger etc for example metamask is uh can be installed like a plugin for a browser to interact with a private keys now what are dabs or decentralized applications i think the basic the best way to understand what are that is to see one of them in action so here i introduce you with synthetics synthetics is a

platform to interact with financial assets so for example we can you can see this looks like a normal webpage so we can go to staking option and now we enter to this this menu as you can see in this corner we are not connected so if we connect a wallet for example i will select meta mask and here appears a list of others i will select the first one as you can see the address my address is a 20 byte hexadecimal address this address in particular ends with a d1 e6 so once i connect you can see in this in this corner i'm connected with a address d1e6 now now that i'm connected i can

interact with the different options for this that financial dap we have many examples of that we have financial application of recall defined we can have marketplace like amazon like ebay for example similar to them we can have social networks similar for example to youtube we can have video game we can have a exchange application a huge etc okay now with architecture inside adapt we can compare with a web application to understand it better in a whole application we have a browser that observe its static files from a web server when i when i say static files i mean html css javascript so then the browser uh connects to a backend to the logic uh for example through apis the back can

connect to a database and so on on the other hand in the the centralized application or that our the front end and the back end is on the blockchain the most used in architecture is a hybrid decentralized application where the static files are on web server and the backend is in the blockchain the big question is how a browser can connect to a blockchain what is the magic behind that well here we have in the left side the browser on the right side the ethereum blockchain for this to connect we need a bridge it can be any machine any server on premise and a cloud etc we have to turn this server an interior node

so we install for example a tool called get we can use uh enclosed service like infuriate etc but we we turn this server into ethereum node what does it mean to be and you know you have to you have to have your own copy of the blockchain obviously with the smart contracts you also install what is called a tune virtual machine is a component that allows to interpret a different instruction for the smart contracts we also have interfaces that allow allow us to interact with the external world and within internal processes the browser here we have the the blackboard so let's play the browser serve the static files from the web server have the html

the css and the javascript one of the many javascripts that allow us to to build a transaction we can have for example at web3js it's not the only one javascript but one of the most popular this javascript can build a transaction on behalf of us and this transaction is signed by a crypto one for example metamask remember metamask can be applied inside our browser once this transaction is signed we send it through for example http to the iterative node now here here comes the fun part if you want to query a value for example how much money i have in my in my in my account is if it's a read-only query you can read

directly from your local copy of the blockchain but if you if you make a transaction that implies a change for example send money to this account or interact with this smart contract then you create a block locally in your return node this block is locally and then through ethereum protocol dc3 node this node send the block to the network when this block is mined then there is synchronized for all the nodes inside the ethereum blockchain network so that's how it works perfect the big question are the apps secure well as far as we know they are immutable no one can modify a smart contract they are inside a blockchain we know we have to sign the transactions

so every transaction has its own owner and the contacts are verifiable anyone can verify and reduce the code of the contract so what can go wrong well many things there are many news that implies millionaire attacks for blockchain so let's have some fun hacking dabs the first example an encrypted private data imagine we have a bet in that so yeah and we have two players player one is going to bet one eater to a number and one and player two is going to get one liter to the number and two it's important to know that the player just know its own numbers other numbers are stored inside the smart contract so player what player 2 doesn't know

what play player 1 and vice versa let's see the the code on the smart contract oh before that if the sum of the numbers is even the money goes to player one otherwise see if the sum is up the the money goes to player two they both have a half and a half opportunity to win okay now let's see the code of the contract here we have a data structure that represents a player here we have a number the number that the play a select we also have a function you can see this is a public function what does it mean that an external user i mean external from the contract external user can interact with this function that's

why it's public and we have a function called select winner and you can see this is a private function what does it mean no one external can interact with this function okay and now we have a data player data that are private uh it means that anyone can see what value has this players uh data so it's apparently secret but what happened if you remember if you remember every transaction is inside the blockchain so everyone can see the blockchain and that's the big problem with this game so let a it's time for a demo we're going to move here and we have this contract i have deployed this this contact here and let's see uh here we have the

account this this environment is an ide an online id called remix for to play with a smart contacts here we have a list of accounts different accounts let's let's say this is account number one player number one and this is player number two they both have 100 eaters okay so uh the first player that that has 100 heaters is going to be winter to a number for example saving and play okay here we have a blockchain remember this in the ethereum node everyone can see the transaction so if we see this transaction that is the last transaction we can see this number apparently it makes no sense but if we look uh here we have an

identifier this identifier is an identifier for this function called play and this argument is the number the player has played there is seven index in excel is a decimal so it's seven if anyone can see this transaction please number two can see to this transaction and he can he can think how he played seven and the the change uh player number two 100 liters i'm going to play one liter to number four way number four to make it a odd and to play and to win so i'm going to play and we can see there is a new transaction video number four but due to the fact that zoom is odd player 2 has won

we can see uh here we have player number two before he had 100 and now he has a well 101 eaters approximately so player number two can always win big why because all the information can be seen all information of the transaction can be seen in the blockchain the gm perfect let's return to the presentation what is that remediation well any private data should either be a store off chain or encrypted there is no way to store a private data on chain on the blockchain because everyone everyone can see finally this information when someone transacts here i i here we can have some reference to know how to how to store the data of change

okay example of attack number two integer overflow this is very interesting the easiest way to understand the integral overflow is if you can imagine an odometer in an old car here we have an odometer and we when we reach the maximum number and we we run another mine it becomes zero so that's that's the magic behind integer overflow for example we have an exchange dab we send some eaters and we receive some token this token can be anything for example points in a platform anything so here we have the code this variable called balance of represents the balance the token balance for each user and is represented in a variable in a data type called uint 266

56 and it divides from 0 to 2 powers 266 minus 1. this is the maximum number what would happen if we add one unit to this number due to the fact is unsigned integer it becomes like the odometer it becomes zero and that's that's uh let's say that's the secret on how to attack this kind of contract so if we see the price for each token is one letter if i pay one letter i receive one token okay it's important to know that one letter is equal to 10 power 18 ways weight is the minimum unit like dollar and cents the enter and weighs okay what else there's a public function obviously we need a public function to

interact with and uh to buy tokens we can see that the money we paid it's the multiplication between the number of tokens we want to buy and the price per token let's straight forward how much to pay well we we know that we have to pay the number of token times price per token we know the price per token is one meter and we know that one meter is 10 power 18 way so if we want to do a trick and to generate an overflow we can look for a number of tokens that make this move this multiplication to overflow the minimum number of token we can find is this huge number this number of token times this value

at the end is this little value how is possible that when we multiply these those values this is the answer it's called integral overflow due to the fact we have uh reached the maximum amount of unsigning integer there is an overflow so this number on a meter of of weight represents this number of features so let's recap one token is one letter and if we want to get this huge amount of token we you have to pay less than a half later let's see this in action we're going to going to copy this value going to this contract okay and here we have this contact token challenge i want to buy a huge amount of token what is the amount of it are

going to pay well i'm going to pay in ways this number okay and we're going to buy this amount of token how much token okay the huge amount of token and we're going to use this account okay this account that we have 100 heaters and let's press the buy option it works as you can see uh the amount of of it has been reduced in less than a half meter right and if we if we want to know how many tokens we have now we can consult and balance and this is the huge amount of stocking we have how much money we pay less less than uh less than a half of it perfect let's return return

greater remediation we have to use a safe mat library that can handle the integral overflow from solidity 0.8 the this new version onwards can manage internal overflow but before this version we have to use a map library here we have uh different links for for contact or libraries that allow allow us to manage or handle this this overflow and finally we have this attack called re-entrancing this is my favorite attack okay let's imagine we have a contract that allows to deposit some money and when we deposit we have some credit for example many users can deposit its money in the in this contract called simple down if someone deposit the contract update its balance for

example if i deposit two letters the contract updates my balance and says luis has two letters in this contract and if i withdraw i want to withdraw my money the contract transfer ether to my account and finally update the balance very simple this is the contact simple down and before the attack lexi is a schema if someone wants to send a smart contract with different function what happens when we call a non-existent function and send money to it the smart contract by default always receive the money there is a hidden function called fallback function that always receive the money if the function we call does not exist so by default the folder function just received the money

and that's it but if we own the smart contract we can change the behavior the default behavior of the fallback function and do something malicious let's see here we have the simple dial i show you and we can deploy a malicious smart contract a proxy smart contract and the attacker can call its own fallback function but what happened we can rewrite the fallback function to despite receiving money we can withdraw call that withdraw function of the simpledown contract so when attacker calls its unfoldup function it calls that we draw the withdrawal function of simple down what does the withdrawal does it transfer ether to the one who called it who called withdraw the proxy the approximate contract so

they translator to the proxy what happens when someone's translators to a contract like this well what happens is that the fallout function is called and then it goes withdraw again and this call withdraw a single dial transferator and here appears a loop this is called re-entrancing and this happens until until all the money all the money is sent from simple doubt to to proxies ladies and gentlemen this is a hacking masterpiece i know i'm not a romantic guy but believe me this is a love point to hacking it's awesome so let's see in action here we have the contract simple down okay let's see what is the total amount of money inside simple down we have 12 eaters

okay and here we have the malicious proxy contract this is the the address we're going to copy and let's see what is the credit of this address twitters what does it mean due to the fact we have only have two liters of credit we can in theory i can withdraw just tweeters no more but the total supply is 12 meter so here i have the the the code of the the malicious smart contract called proxy and i'm going to call uh i'm going to call the fallback function ah before that let's see how much money i have um the malicious contract i have zero ether but when i call the fallback function here is working right i'm going to

query again here i have 12 heater and the total supply in the in the simple down contact is zero i have hacked completely the simple doubt contract and i have still all the money perfect what is the remediation well um if you can see here we see a pattern a curious pattern fear first we transfer ether and then we update the balance this is about practice so remediation is use a secure pattern called checks effects interaction pattern what does it mean before sending money first you have to update the balance update allowance and then send the money and the second recommendation is use a mutex unlock for example when someone has entered a function lock

that function so anyone can enter a meanwhile the function is working here we have some reference on how to implement the reactancy measures so we have seen three of the most popular attacks on the smart contract for blockchain there are many others in fact every month or less there are news about hacks military hacks in different blockchain application final thoughts smart contracts and apps in general are in adoption phase so if you implement another in an inadequate way it can lead to huge and millionaire branches as you can see billion million of dollar million here million there so it's important to adopt some secure design patterns so when we have to develop in such a way

that from the burning of the content it's secure why because remember smart contracts are immutable we can we cannot change the code after the deployment well it's it's not so true we can upgrade a contact with some patterns but in general we cannot change the smart contact code what else the security training is key a continuous security training is key for all the team involved in the project i mean creation development maintenance deployment etc so if the developer of or any component of the team know that security is important for this kind of of application so they will be more careful when they deployed the contract on real life and finally we can have some automated

scans to see the security of the mark contract but remember they are limited in scope so it's important to complement those review with uh with scans with a manual manual security test carried out by especially the staff that can see different kind of attacks a and if they impact the smart contract before deploy in magnet and thank you very much for your participation a welcome any question

okay perfect can you hear me perfect well i think the hardest part is not to to find so many information about security on blockchain this is one of the hardest part and the other one is once you you find the information there are not so many tools uh to to for example to to scan a smart contract or to do some uh some specific tests on a smart contract so i think it's very useful at least for for the the hackers or the auditors that that like a would like to to enter to this work is to understand what is the code behind the smart contract once you read the code and you understand the logic behind that it's it's easier

to understand easier to advance and easier to find bugs

okay for example there are static tools static review tools that make you verify if the smart contract there are for example issues with ownership issues with integers etc so this is the static files uh it's leader slitter for from or mid-x are important tools for this for this task another kind of tool are the dynamic tools for example what happens if you want to enter some a strange value in the smart contract i want to verify how how the contract reacts so in this part we have another kind of tools that fuse fuse the the input values in the smart contract and try to to to get a strange return value well this kind of

of the tasks you can do they are obviously they are important they can simplify your life but at the end of the day i think the most important part of policy is just to interpret the results and to understand the code i know it's so common to to to listen hey you have to understand what is behind to to know how to attack but i think the smart contract is particularly important to understand the call remember there is a logic behind the smart contract and especially in the defined smart contract there are millions of dollar in a locket in this smart contract so if you find an issue about you can steal that kind of money so it's

important to understand how what is the workflow behind the contract so so would you say the tools uh lack maturity like they don't they don't have really good coverage today like how's the coverage of the tooling today if i was looking at this okay i would say they have a good coverage for let's say the most uh the most that the top that the top vulnerabilities for for a smart contract but there's there's a but a very important part you have you can just scan the smart contract and finish the work you have to adapt the tool you have obviously understand the code adapt the tool and when you add up the tool you can

have you can have a good coverage uh obviously these pythons get there is a a space you can have to to try manual testing that is very important like just traditional pen testing so so it sounds like it's a lot of work to do this kind of pen testing it's not as as uh automated as other areas might be so so how how are how's the bug bounty situation when it comes to these kind of apps this is the payout good do they exist like what's that situation like yes it exists actually the last two years they appear some back boundaries for crypto in general for smart contracts uh for example ngr finance that was a

a platform that was hacked this year earlier this year has a back bounty platform a there is an important protocol in the d5 world it has for example a backbone to plan for two uh i think in hacker one there is a section called crypto that has a a section for for for bounties for this particular topic and i think that's the trend for for a smart contract in general obviously uh what is more most used uh most used is that they paid you in that money they they mind i mean if they work with with a specific token they will pay you with a token only that token it's money at the end of the day but and it's

an interesting path to enter to this war interesting yeah so so if you're going after def coin uh you're gonna get paid in def coin so interesting um so so you covered a bunch of different attack scenarios like how at risk is the overall eco the d-app ecosystem from these kind of attacks depending depending on the vulnerability there are many of them that happens nowadays and what is that important part here the table isn't in the details you can have a a set of smart contracts that are good or secure but if you fail in identifying a vulnerability in just one smart contact in just one line well all your platform could be hacked and

it cost you million of dollars literally uh so so with that in mind uh like do you see threat actors going after these d apps to steal money today like do you see them using the type of attacks you were talking about to actually steal coins um to sell to so they can make money or launder money okay yeah uh like actors well actually that the attacks has been uh let's say from different accounts so we don't we haven't identified a particular group that is dedicated to attack a protocol in particular but obviously in just in this year they have we have seen like a more than 12 attack that finished in millionaire steels of money just this

year so there are many many attacks for this kind of platform nowadays interesting um so you talked about a few attacks uh in your talk um you know is there any other areas or types of attacks you'd like to talk about or research um you know not everyone's got all the time in the world so like you know there are areas that you'd like to to dive deeper or yeah there's an attack that happens a lot this year especially in d5 platform called slash log actual flashlight is not it's not an attack per se it's a characteristic property when you can borrow money you can borrow a huge amount of money and you can do any anything you want

and the only condition is you have to return that money in the same transaction so you can borrow let's say one million dollar can do my my my stuff and then i returned a million of dollar that's let's say a property but what happened many attacks used that flashlight to borrow many millions of dollars create an imbalance in many protocols he defied and tried to take advantage of the imbalance and at the end of the day still 2 million of dollars 10 million of dollars and they only they return the money they borrow and that's it and that's how at the end they could steal that kind of that that amount of money wow really um damn that's not

i mean that's that's great for the people stealing money um so so you talked about a bunch of things in your presentation what do you think you know for people out there who are getting who are just getting into this type of research uh you know what are some of the key takeaways that they should they should have from this if you want to enter to the to world of mark contract it's important to understand what is the programming language behind that smart contract well you have to you have to know how to write a smart contract actually in order to understand how to how to read a complex one because remember we are talking about uh most of the time and

the five protocols they are complex they are they have many lines of code they they have a logic a mathematical logic behind that so it's important to understand how they work so that the key critical uh take away is learn solidity in a case of theory for example learn solidity learn how to code and then try to understand where the the common attacks we we are seeing these days so there are many there are many attacks there are many blocks online that that analyze how was uh done the attack so it's important to understand what are doing the bad guys to replicate that kind of attacks or another ones in our in our print testing interesting that's

great i see someone typing on the discord but i don't know if they're going to get their question out um so so so obviously this research you know takes a lot of time takes a lot of effort uh where can can people follow you follow the you um and i'll ask uh this question that came from discord um you know where can people follow you where can people follow this research like what resources do you recommend people use feel free to post that discord yeah yeah sure i mean i'm writing my twitter you can find me there and then and then i'll read the question for the discord as well you see the anchor yeah yeah we got it

in the discord yeah yeah yeah we can say we got it so so i got your your twitter is uh owl at night and then uh regarding resources with me a second here i have okay you're posting the discord um so while you're doing that let me let me read this question off to you so so what would you say uh being the biggest challenger or pain point for smart contract security seeing as the field is new um it is understandable there are a few auditors available but considering the nature of smart contracts you know they're immutable the amount of money involved etc wouldn't it require breakthroughs improvements in other areas as well to make things viable long-term i was

like great question yeah it's a very interesting question actually smart contracts are immutable you cannot change the smart contract but there is a there is a pattern that is called upgradability so instead you you can deploy a smart contact with a logic or certain logic and you can deploy as say a proxy a proxy that points that logic when you when you consider to upgrade a logic you deploy another contract another smart contact with a logic version two for example and you have to change in the proxy you have to change the pointer that instead of point version one you point version two the version two it's a more let's say a more secure version

a more another version of the smart contract with maybe a a better logic and that's how you can manage let's say that gradability of the smart contract so it's an interesting pattern obviously there are so they have pros and cons uh but it's a uh i think it's a good way to to manage the immutability of the smart contract and the security issues that can appear in the logic of safari contract itself great um yeah so if you have any other questions in the discord uh luis i think you'll be in the discord for a few minutes to answer questions i just wanted to say thank you so much for giving this presentation it was very

interesting um we really appreciate you giving us talk to besides las vegas this year so thank you so much you're welcome it was a huge pleasure great