Smarter Contracts: A Brief Look at Smart Contract Security

so today this looks basically yeah [Music] that's important is it just for that yeah okay okay can you hear me okay cool all right so this talk is basically you're going to cover just a few concepts we're gonna look at the basics of what blockchain is and what makes it theorem special we're gonna look at the risk landscape of these technologies we're gonna look at some historical blunders and then no demo sorry guys so I'm the co-founder of a company called Isis IRA we do blockchain security stuff if you're interested come talk to me I used to work at NWR used to hack mobile phone stuff and I'd like to talk about investing in crypto stuff

because I know you guys care so let's dive straight into the basics of things [Music] okay so who here owns Bitcoin or a cryptocurrency of any type okay cool the guys who don't earn any or like and how many people don't earn any Bitcoin know anything okay

okay cool yeah so the guys who don't earn Bitcoin I'm sure if you guys asked the guys who do a Bitcoin it's a very very cool experience just to receive a little bit of it it's very easy process and if you get on to it you'll realize that it's a very useful technology to to be a part of and now the blockchain the underlying technology of what we'll be talking about today it's basically a public database and it's all over the internet when all the data's validated and evidence okay a lot of people say it's immutable that's not quite sure we'll get into that in in a couple of minutes if we look at the actual underlying tech

of a blockchain you start out with a single block and there's a whole chain of block before this all of the miners on the network they'll try to form the next block on the blockchain sorry who here knows what about chain is cool awesome so just the gist of it as you can see transactions into a single block are you gonna do some proof of work and then you are going to attach it to the chain okay so who here knows why you have proof of work someone and you want answer yeah to make it show you can change anything the boss yeah exactly so I mean there are alternatives to this like proof of stake for an

example which a theorem is moving to now or POA which is proof of authority but what's interesting is that only proof of work block chains are immutable in in some sense they're actually tamper proof because if you look at all these other technologies are being implemented like proof of stake for example they don't have that same electricity requirement or the hashing power requirement of proof of work block chains so that's a quite a nice distinction to make that the next time that you're having arguments with somebody over why Bitcoin has value for example because nation-states have limited just to see and it's quite a unique blockchain in itself see how this process just keeps continuing you from your blockchain

smart contracts who here knows about small contracts just one engage the level of tech I need to get in together okay so not too many people so the basic concept here is you take code you put onto blockchain okay the basic idea behind this is that you have code that you can trust you know what it's going to produce at the end of the day so when you have something like insurance or you have a wall that needs to pay out when you die I personally don't trust son time to pay me when my it's stolen but I will trust code on the blockchain that's quite an interesting distinction or like quite an interesting capability of it this is all implemented

in people the most part sorry I feel like I'm gonna so you also get VIPRE which is kind of like a Python implementation but most people use solidity at the moment which kind of looks like JavaScript you can see the syntax of it here you put contracts and then yeah it looks very similar to JavaScript if you are familiar with it then the concept of gasps so the ability to make put code onto the blockchain begs the question of if people all over the world are going to be running this code and they can say that you can run any code that you want what prevents me from just dotting the network by putting some like for loop or a while loop in

the code so that's why the concept of gas is introduced into the system gas basically Associates a price for any operation that's executed in the system and that's independent of the ethereum price so some of you might have heard of gas and seen on like coin map market cap for example that's gas form here so that's a different use case gas in this sense is only in in aetherium sense and you don't ever actually transact in gas it's only ever you only when you make a transaction you basically specify the gas price that you're willing to pay so if you move up your gas price you're willing to pay - more per transaction that's that allows for certain attacks

that will get into later but yes if you have like a very important transaction that you need to do set a high gas price you set the maximum gas limit so that's how much are you willing to pay in total for the transaction and then as long as that is all less than a certain amount of the block gas limit then that transaction can happen and that's limits on the amount of gas that you can use makes ethereum turing-complete so like Bitcoin for example it has a scripting language that's quite limited do certain things like have extensive loops which you can do in aetherium so that's worth noting so if we look at the wrists landscape of it you should read

these quotes cuz they're quite funny if we look at the basket who actually oh he has heard about some of your tax like the dowel hat for example okay cool so yeah we're getting to this but I mean it's a bit of a dog show right now in in this space these are just small contract hacks so these aren't even like BitFenix getting hacked a couple years ago or like websites getting hacked anything like this is just small contracts so at the top we've got the DA 3.6 million ether that is close to like 1.5 billion dollars worth of ether okay fortunately they forked so it's worth a fraction of that currently imperative multi-sig this

actually happens at the beginning of November so I mean these things are still happening today we're actually gonna be diving into these top three but I mean if you look at the hacker gold for example $400,000 dollars because the dev said equals plus rather than plus equals yeah so the interesting thing is that you've got this code that like you put on to the box and you can't change it and it's just it's holding so much money so if we look at some of the risks involved in this the first step is the off chain risks so this has nothing to do with actual ethereum technology it just has to do with the way that you

interact with it so if you look at like forum hacks getting or forums getting have to like decentralized applications getting hacked those that's happening is like a high high level right you've also got phishing attacks so if you've ever participated in like an ICO for example or sent ether to somebody to participate in something you'll often times get phishing emails because it's so easy to steal the money and so he's it's so difficult to actually track down who's stealing it from you and then the last point compromised Oracle's so an Oracle in in the sense basically means if you come back to the example will you need to find out when somebody's diet right so you can plug

into a database in the government which will tell you okay this death certificate has been registered for this individual so you know that they're dead but you need that API that untrusted connection with the outside world into the blockchain world and that's what an Oracle is so earlier this year in Nasdaq actually had a massive screw-up where they were reporting the wrong numbers to Yahoo Google MSN and so on so the wrong financial details so if you had posted financial contracts which said pay a certain amount out when the stocks reach a certain price all the small contract would have broken based off of the auricles and nothing to do with the contracts then if we move a layer down

to the blockchain so this is quite interesting to see about mining risks so typical attacks like if you want to sent attack where you earn most of the hashing power in the networks you're able to put in invalid transactions or malicious transactions hard folks if you look at like aetherium versus if they're in classic what happened there or you can get other folks like Bitcoin cash versus Bitcoin where they've got different philosophical outcomes consensus splits again where people don't agree on things dots attacks so you can see again if you're looking at the Bitcoin holes the saga with all the folks what's happened on the main channel is that zero value transactions so if you make transactions with no

value - on truly incentivized to actually places transactions in the block so they aren't so it just clogs up the network so people can just spam out all these transactions and nothing gets mined and this gets slow and it's terrible and then you get protocol bugs so in 2010 92 billion Bitcoin was brought into existence through a bug that was quickly sorted out but yeah these things happen okay so last layer down is just a small contracts themselves so here you have immutable codes so once you've actually put your code onto the blockchain there's not really a way to change it the only way that currently exists to change code on the block chain or on the

ethereum blockchain is through upgradable techniques right so you get something like upgrade delegate proxy where you can basically say say now you've got one contract that points to another contract this contract can operate as a proxy so it says if you ever call me delegate it out to other proxies and then you can just keep changing where this one contract points to so that gives you a way to actually change your code base but now you've defeated the whole point of the blockchain right so this brings into question governance issues of them if I don't want to give the ability to change contracts to small group of developers how do I actually control the decisions

that get made so people are doing a lot of work around this voting mechanisms like carbon voting for example we can like pledge tokens or value to say that you actually you will put your money behind something then you get EVM bugs so EVM is basically the ethereum virtual machine and there have been some bugs in the past around that lack tooling so again this is a very young ecosystem so things like formal verification static code analysis these tools are busy developing but they're not they're not quite there yet so it's a work in progress and then last of all we have the smart contract vulnerabilities so this is this is actually why I got into

this in the first place because the vulnerabilities that you find here are very different to traditional bugs that you get I mean something like front-running for example where you know only how I referenced the fact that gas price by saying at high you can actually get in front of other people so now imagine you were to create a lottery where you had a million dollar payoffs right and all of a sudden and all that care to do was guess the right number to actually get the money out and as the lottery owner I could just watch the network for submissions when I pick up a correct submission I just said a very high gas price

I changed the lottery payout to be $0 and that's it right so that's one example we're gonna dive into some other examples of like re-entrance ii and what else is cool time or during dependency as well so like say now you want to create random numbers on the through solidity for example this is actually quite difficult to do some people try to use time stamps for example but miners actually have the ability to affect time stamps they can go plus minus 90 seconds out of all the other miners so they can actually bias random numbers in their own like what's the word like a preference I guess a favor thank you cool so no I guess let's

let's dive into some of the actual hacks that have happened in the past so the first one the parity hack so this happened on a multi-sig wallet so the idea behind the multi-sig wallet is that you require multiple signatures multiple people to sign for a single transaction to happen so this would be used say now you've got a company with three directives and you require two of those directors to verify any transaction that were to happen alright so if one of them gets compromised it's not the end of the world right so you think that you're actually secure as a result of this but because you're adding code complexity and additional functionality you're increasing the attack surface and that's

a very bad thing in this system so what's interesting is if you've ever used like copay for example for Bitcoin that's another multi-sig wallet but that happens or chain but coin while it's there are multi-sig are off chain whereas sharing ones are Unchained so they can be attacked and yes it was 500 14k ether so that's what's like two hundred and fifty million dollars ish currently the current price and then yeah it's entailed a couple of bugs so if we dive into it's at the top there you see what's called a fullback function sorry I don't have a point on me yeah you've got a fullback functions basically means if you look at all these

other functions you'll see how they have like is owner has confirmed get onna that one doesn't have an named as specified so that basically means if you just send ether to the contract or if you don't if you specify a function call that isn't in this contract it goes straight there and then it will say if there is actually ether scent to it then deposit it like you would expect from a wallet otherwise delegate it to the library okay and then at the bottom here you'll see that there's a wallet library with an address so that basically that's like pointing to the wallets code so if you ever get a call that's not in this

contract just send it straight to to this wallet address now the reason for doing that is basically whenever you deploy a code onto the blockchain you're charged gas fees for putting it bringing there so you want to minimize the amount of code that you actually deploy in instances where you have to deploy it on for every single user so like a wallet for example where every user who uses it has to have their own wallets so in order to minimize that cost you put the bulk of that code into a library you deploy it once and then you make all your users reference at one library however that creates a single point of failure so it's a bit of a trade-off so

if we go into oh sorry so just to clarify so there's a delegate call into your wallet library so if we go into the actual library now we'll see the init wallets function which take note of the slide we will be coming back here later in the second half oh sorry yeah in the second half so if you look at this it's actually quite simple they had a couple of major issues that shouldn't have been there if you see this code here the only many owners so that syntax that it's called a modifier so solidity has this really cool feature in it where you can specify a modifier that will run every single time that a certain function is

called and only if that call is actually valid will it continue on with the rest of the code in it what you can see there's no modifier there there's no guard protecting it from malicious things happening and so if the wallets already been initialized well you can initialize it again okay that's not a good thing so that was mistake number one is that it had no guard mistake number two is that there's no scope so you can see yes solidity it has three different scopes you've got public which means that any contracts sir anybody can call any of these things so like as an attacker you can just send make a transaction to in it wallet or

kill and then it will run those things right that's public you get private which means only within that contracts can you call it and then you get something called internal which means that itself as well as any derived contracts so example for example like the wallets calling the wallet library so this should have been internal so that only the wallets could talk to each other so coming back to this function here this operated pretty much as a catch-all statement this delegate call so that so basically as an attacker you have an attack vector that goes straight in to delegate call by just making sure that you don't specify a function that's in here and by not sending any value to

it's by sending no ether and so now you've got the entire attack path to basically initialize the wallet as your own during that initialization process you become the owning of the contract and then you have access to all that ether and so here's the here's the patch that was pushed shortly thereafter you can see internal at the top their internal there and this is the guard here any uninitialized and so the takeaway from this the three people who were affected by this eternity editors casino in swarm city the takeaway don't put an infinity sign in your logo yeah so okay a couple of weeks ago the second hack happens well it's not really a hack

but again it was a multi-sig functionality so again this the reason this is so scary is that this is us right we use multi six ordinary people that like they don't really care but just because you're using the multisig you're affected by this 514 care ether that's that's a lot of money right there right and the bugs in votes so I mean this size contract and kill functionality sir look who we have again so basically all that happened was they didn't initialize the library itself and so an attacker this guy on github basically said that he was trying to deploy a wallet and that was buggy and he wasn't sure he was doing so he tried to enter the wallet

which was a library he gained ownership of the library itself and remember it's a single point of failure so when he was stupid enough to call kill it broke it for everyone yeah everyone okay so sorry that everyone who deployed the new contract since the previous hack yeah so that that wasn't good either yeah moving on to the dollar hack this was actually literally what happened with the popcorn and everything so the Dow is basically a decentralized autonomous organization which means it's a company that's all of its functionality has been or is intended to be programmed right so it doesn't actually require any individuals to do anything within the organization it's just all it happens at the programmatic

level and at the time that was hacked it held about 14% of all ether which is a scary amount 3.6 million yeah I gave you the numbers earlier and it used a reentrant sea bug which is kind of difficult to understand at first if you haven't seen it before but if you think about a typical transaction let's say you've got an individual who wants to transact with the wallet contract the first step is they'll indicate the day when I will draw their balance their balance is 100 tokens and the wallet itself actually holds a thousand tokens because there's 10 other users say or 9 other users so it's going to send the credits ups and there's gonna update the

balance and then at the top of that you'll have ok the users balance is zero it's 900 ok cool but the thing is that you can send make these transactions as another contract right so you can do something quite sneaky when you withdraw it's gonna transfer the credits but because you actually have this wallet attention at this stage or no attention what's the right word for this you you've basically got it's going to pause execution waiting on you to respond to it basically okay so you can call withdrawal again before it has updated its own balance and you can cause a recursive instance that will basically keep withdrawing until the wallet runs out of money okay and then

it will update the balance so in this instance there are just two withdrawals setup there's 800 so that's that's basically what's reentrant see is now this was the dark heard you can see is specifically these few lines of withdrawal a reward for a message to sender and this balances when you set it equal to zero right now had they just reverse these two lines it would have actually been fixed because when you call back into the contract the balance would already be zero right but because it's a program like this is gonna keep hitting withdrawal reward for each time that you call into it so here you can it just goes in so here's of a stroll for

payout and then if you go into that function you'll see this code here so you can see its recipient I call that value so what that is it's basically a low-level call into a solidity transfer function transfer tokens currently there are better ways to make transfers like if you use dot transfer or dot send it limits the amount of gas that the transfer has so if you think about it if you're making a recursive call you're gonna run out of gas it's actually it's a very small amount of gas just not to log an error message so when you try to make that recursive call is just gonna fail so this bug isn't really that

common anymore because you need to specifically call that value to exploit it so yeah just coming back to this one if they had reversed those two it would have fixed it fortunately a lot of static and analysis tools actually detect this type of behavior because it's quite easy to pick up automatically yeah so I guess the takeaway from this is it's a very very young technology I didn't realize how early on it is for these types of technologies if you look at like the scaling questions and our interoperability like all these major questions around how how is this actually gonna work they haven't been answered yet people see the massive like 50 billion dollar market cap and they

say ok well this must be awesome no it's still very young so it's a great time to be getting into this type of technology and just the last point is under s Antonopoulos he's an awesome guy to follow he has this great point about Bitcoin which is sewer rats versus bubble boys so if you think about sewer rats they live in the streets of New York it's the in the in the drains and the sewers in the most disgusting places ever right and they're exposed to all of these terrible diseases and just like if they can survive they're gonna be the most badass like yeah like this strong and like animals around right so sewer

rats are like block chains right very in the public anybody can attack them you can do anything that you want to them there's currently over 100 billion dollar bounty on Bitcoin if you can hack it right so that creates a very strong technology whereas if you look at the banks that have all of their technology hidden from the outside world and they're kind of like padded by these bubble suits you don't know what's gonna happen when somebody gets in so that's why you have to ask yourself like okay there's been some major hacks here but is that such a bad thing actually like those hacks have happened out of the way they're not gonna happen again so that's

the core distinction you need to make and like I said sorry guys the demo it actually broke it's not going so uh so that's actually the end of the talk [Applause] yeah yeah so there's quite a few different solutions to this right now like if you're interested in specific technologies like Oracle eyes is one of the major ones right now and now you pretty much have to rely on the fact that these people are going to be they'll has like 7sl is in place around what they can deliver to you and you have to rely on the fact that they're monitoring on a regular basis so like you'll have an Oracle specifically for like the Deeds office or for like nasdaq

prices for example but yeah I don't know if I answered your question like the hola

exactly yeah which brings in the massive like as I said earlier like it's a big I wouldn't say loophole but like it's a massive question right now about how do you actually verify that data and not introduce to security risks into the system yeah yeah and so I mean there are some interesting technology all like solutions to this I mean if you look at art lies or if you look at Nia for example they basically rely on the fact that your reputation is very important and if you can tell who submitted the incorrect data so if you look at I don't know say now Nasdaq screws up and you can pinpoint it on NASDAQ and you lost

50 million dollars due to this don't use Nasdaq anymore right it's kind of the free market speaking so there's that transparency about who's responsible for things happening yeah sorry there's a question [Music]

[Music]

[Music] yeah sure so on your solidity points absolutely like solidity is the core issue behind everything or all the bugs that have happened it's people are really struggling to coordinates kill you because it's a different paradigm there's quite a few things that you need to understand behind it that's why near as well they have their bit more familiar languages for people to code in it's a massive advantage for those people so solidity is not I mean it is Java Script esque but it's not javascript so yeah noted that one and then your second point on IRC 20 so for those of you people who don't know years C 20 is basically a token standard in

the if that was developed by the ethereum community so if you want to launch a new token like on an ICO for example you can make it have this standard and then you can plug it into things like exchanges or other wallets so that displays nicely and that you put integration across the board now I'm not sure I would say that that really introduces additional complexity because if you look at the alternative case you basically require people to either come up with their own block chains or to like folk another one you know yeah well okay I mean look you also get scaling solutions to this I mean if you look at some of the stuff being proposed at the

moment with charting for instance or if you've got what's the thing called sorry my mind skipping it right now but you basically got technologies are basically trying to have your main blockchain and then you'll have child block chains yeah exactly but there's sorry this is one specific youth boy there and that's just skipping my mind and those technologies can be settled or chained and then committed onto the chain later and you could use something like that to solve this ICU issue because you'll you'll actually able to detect if you use ethereum on a like an hourly basis you'll be able to see when an ICU is going on because there's such an effect on the network but I don't think that's

necessarily a security issue right I mean that's that's more of a scaling issue that will be addressed over time I think if people do use your C 20 tokens they're a lot better off than any other eco system currently yeah yeah okay cool sir we're second under Murphy so okay you get remix which is a super easy browser like you can just you can actually put your all that you go to and then you can deploy contracts onto the blockchain in your browser right and that that's really straightforward there's also really nice framework truffle which basically packages everything you need into a single plant or framework where you can write your solidity code you can write unit tests

and everything like actual migration so like if you've got multiple contracts that depend on each other you can set up the order that they gets deployed to the network and like any configuration things so to answer your question I check out remix it's really not that difficult to get into it's like just it's as easy as any picking up any other type of coding practice yeah sorry I don't have a better if anybody is interested in getting in writing small contracts just come speak to me afterwards and I'll show you how easy it is you know cool any other questions

yeah so the question is just it was basically how how do we stabilize the value of Bitcoin and oh yeah okay so there's some cryptocurrencies were necessarily fascist I mean like if you look at tether for example tethers intention isn't to go to the moon but they're probably gonna go other direction yeah look there is a philosophical question here and ultimately most people who need to answer this question on they don't actually want the value to be pegged to a dollar value right like for myself I'm happy to take payments in Bitcoin in fact for clients of ours we give them a discount for paying us in Bitcoin and we don't change it based off of the US

dollar price right because if you buy into the actual ecosystem of it and like the philosophy behind it you don't need you don't care about what the price is I mean like if you think about South Africa okay the the ran [ __ ] race against the dollar and sure like that can affect like import rates whatever but I mean that doesn't change like the amount of money that you are charging your clients on that daily basis right as the dollar is fluctuating so you kind of need to buy into the actual asset that you purchase all those sort of the currency that you are purchasing to answer your question yeah this is I don't really think this is going to be a

way to ever stabilized against other currencies

if you're serious about that come speak to me afterwards because I happen to know someone yeah okay so basically the typical like best practice here hardware wallets trestles and whatever that's you use cold storage or like deep free storage like stuff you never gonna access you keep on a hardware wallet in a safe that's never gonna be touched then you put the next step up from that so that's more your actual cold wallets so that's again a hard wallet sorry hardware wallet then you've got your hot wallet which is basically daily transactions which again it can be either a separate Hardware wallet or the same one and that's generally I mean like some people as only you're not

putting it on an exchange like it's not that bad yeah well to be honest with you like a small contract side of things the only small contracts I operate with our ICS or like to invest with I don't I haven't found any daps I actually like well like decentralized applications which we normally use ethereum for so I don't actually most of my funds are in a cold wallets to be honest with you yeah I mean like the yeah that's [Music]

[Music]

yeah and it's on the dock yeah no I I haven't really looked at that too much the security aspect of it I think it's a very interesting space to be to be looking at but honestly I haven't even found quality gaps at the moment so like it's not it's too premature I think well okay so basically this is it's not really a race condition because you if it's more about the context of the call right it jumps between contracts so you're not really racing anything you just if the one contract had finished its own process while the other one was finishing I mean like that would make it a race condition but in this sense it

was jumping between them and because the let me just go back to slide sorry yes exactly exactly because your actual context is like you're going from here and then when this guy should be updating its act the context is over there so I don't think to answer your actual question sorry was race conditions in this space I can't really think of I mean like a better example of a race condition would be where if you see some of these like lotteries for example or if you look like being able to get your transaction process before something else so like if you're a mine on the network and you're able to like push your transaction ahead

or if you're able to clog the network and slow down to everyone those are bigger concern yeah I guess that would be the type of race conditions you're talking about yeah that's that's common there's a few vulnerabilities like if you look at yeah there are a few don't see a question it's not just reentrant see yeah any other questions so who's participated in ICA anyone not fast enough yeah yeah exactly if anybody wants to go to the moon or drive Lander like investigate it that's it's kind of cool it's it's nice to participate in innocency the actual and as I said at the at the beginning like if anybody here doesn't own Bitcoin download a wallet and even I will

personally give you some Bitcoin if it if it has to come to that but it's just it's so easy famous last words yeah yeah but once you bite into and you just see how straightforward it is and how cheap it is and how practical it is like I guess most people they don't need to deal with international payments on a daily basis currently but in the future we're gonna see that it's just it you can't compete against it so I hope you guys take a look at it and see how cool it is yeah [Applause]