Ethereum Smart Contract Attacks and protections
2018-02-03 15:10
393 查看
This is the community wiki (no reputation) answer for possible attacks and how to protect against them. Feel free to update the list. If your contract functions have characteristics matching prerequisites carefully evaluate your function against given advice.
This is the list of potential attacks or mispractices enabling those attacks only. For additional resources for smart contract programming best practices see Resources link at the end of the answer.
Internal functions are marked as such and only the proper author can call the function.
Please see The
Parity Wallet Hack Explained.
Synonyms: Shallow stack attack, stack attack
Prerequisites: Functions uses
Invoking: The attacker manipulates cross-contract call stack to call() to fail by calling contract with stack of 1023.
Protection: Always check return value of a send() and call(). Prefer
More info
http://martin.swende.se/blog/Devcon1-and-contract-security.html
Synonyms: Race condition
Prerequisites: Functions uses
Invoking: The untrusted called contract calls the same function back, having it in unexpected state. This is how TheDAO was hacked.The attack can be chained over several of functions (cross function race condition).
Protection: Make sure internal state and balance updates in the function are done before
More info
https://github.com/ConsenSys/smart-contract-best-practices
Prerequisites: Functions uses
throw following on fail
Invoking: The attacker manipulates the contract state so that
fails (e.g. refund)
Protection: Prefer pull payment system over
More info
https://github.com/ConsenSys/smart-contract-best-practices
Prerequisites: Using an external contract as a library and obtaining it through the registry.
Invoking: Call another contract function through a contract registry (see
in Solidity).
Protection: Ensure no dynamic parts which can be swapped out in future versions.
http://martin.swende.se/blog/Devcon1-and-contract-security.html
Prerequisites: Function accepts an uint argument with is used in math
Invoking: Sending very big or very negative integer causing the sum calculation to overflow
Protection: Always check the order of values when doing math operations. E.g. https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol
More info
Is
it possible to overflow uints?
Prerequisites: Payment logic requires division operator /
Invoking: Programmer's error
Protection: Be aware that divisions are always rounded down
Others: Allocating too small int for arrays
Prerequisites: Any loop, copy arrays or strings inside the storage. A for loop where contract users can increase the length of the loop. Consider voting scenario loops.
Invoking: The attacker increases the array length or manipulates block gas limit
Protection: Use pull style payment systems. Spread
multiple transactions and check
https://blog.ethereum.org/2016/06/10/smart-contract-security/
https://github.com/ConsenSys/smart-contract-best-practices
https://ethereum.stackexchange.com/a/7298/620
Prerequisites: A Solidity contract with catch all function() { } to receive generic sends
Invoking: Programmer's error
Protection: 100% test coverage. Make sure your fallback function stays below 2300 gas. Check for all branches of the function using test suite. Don't store anything in fallback function. Don't call contracts or send ethers in fallback function.
More info:
https://blog.ethereum.org/2016/06/10/smart-contract-security/
https://github.com/ConsenSys/smart-contract-best-practices
Prerequisites: Function reads contract total balance and has some logic depending on it
Invoking: selfdestruct(contractaddress) can forcible upgrade its balance
Protection: Don't trust this.balance to stay within given limits
More
https://github.com/ConsenSys/smart-contract-best-practices
Synonym: TOD
Prerequisites: A bid style market
Invoking: The attacker sees transactions in mempool before they are finalized in blockchain
Protection: Pre-commit schemes
More
https://github.com/ConsenSys/smart-contract-best-practices
https://github.com/ConsenSys/smart-contract-best-practices
https://blog.ethereum.org/2016/06/10/smart-contract-security/
https://ethereum.stackexchange.com/questions/8551/methodological-security-review-of-a-smart-contract/8593
This is the list of potential attacks or mispractices enabling those attacks only. For additional resources for smart contract programming best practices see Resources link at the end of the answer.
Correct use of function visibility modifiers
Internal functions are marked as such and only the proper author can call the function.Please see The
Parity Wallet Hack Explained.
Call stack attack
Synonyms: Shallow stack attack, stack attackPrerequisites: Functions uses
send()or
call()
Invoking: The attacker manipulates cross-contract call stack to call() to fail by calling contract with stack of 1023.
Protection: Always check return value of a send() and call(). Prefer
someAddress.send()over
someAddress.call.value()
More info
http://martin.swende.se/blog/Devcon1-and-contract-security.html
Re-entrancy attack
Synonyms: Race conditionPrerequisites: Functions uses
send()or
call()
Invoking: The untrusted called contract calls the same function back, having it in unexpected state. This is how TheDAO was hacked.The attack can be chained over several of functions (cross function race condition).
Protection: Make sure internal state and balance updates in the function are done before
call()or
send()
More info
https://github.com/ConsenSys/smart-contract-best-practices
DoS with unexpectd throw
Prerequisites: Functions uses send()or
call()with
throw following on fail
Invoking: The attacker manipulates the contract state so that
send()always
fails (e.g. refund)
Protection: Prefer pull payment system over
send()
More info
https://github.com/ConsenSys/smart-contract-best-practices
Malicious libraries
Prerequisites: Using an external contract as a library and obtaining it through the registry.Invoking: Call another contract function through a contract registry (see
librarykeyword
in Solidity).
Protection: Ensure no dynamic parts which can be swapped out in future versions.
http://martin.swende.se/blog/Devcon1-and-contract-security.html
Integer overflow
Prerequisites: Function accepts an uint argument with is used in mathInvoking: Sending very big or very negative integer causing the sum calculation to overflow
Protection: Always check the order of values when doing math operations. E.g. https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol
More info
Is
it possible to overflow uints?
Integer division round down
Prerequisites: Payment logic requires division operator /Invoking: Programmer's error
Protection: Be aware that divisions are always rounded down
Loop length and gas manipulation
Others: Allocating too small int for arraysPrerequisites: Any loop, copy arrays or strings inside the storage. A for loop where contract users can increase the length of the loop. Consider voting scenario loops.
Invoking: The attacker increases the array length or manipulates block gas limit
Protection: Use pull style payment systems. Spread
send()over
multiple transactions and check
msg.gaslimit.
https://blog.ethereum.org/2016/06/10/smart-contract-security/
https://github.com/ConsenSys/smart-contract-best-practices
https://ethereum.stackexchange.com/a/7298/620
Fallback function consuming more than the limit of 2300 gas
Prerequisites: A Solidity contract with catch all function() { } to receive generic sendsInvoking: Programmer's error
Protection: 100% test coverage. Make sure your fallback function stays below 2300 gas. Check for all branches of the function using test suite. Don't store anything in fallback function. Don't call contracts or send ethers in fallback function.
More info:
https://blog.ethereum.org/2016/06/10/smart-contract-security/
https://github.com/ConsenSys/smart-contract-best-practices
Forced balance update
Prerequisites: Function reads contract total balance and has some logic depending on itInvoking: selfdestruct(contractaddress) can forcible upgrade its balance
Protection: Don't trust this.balance to stay within given limits
More
https://github.com/ConsenSys/smart-contract-best-practices
Transaction-Ordering Dependence
Synonym: TODPrerequisites: A bid style market
Invoking: The attacker sees transactions in mempool before they are finalized in blockchain
Protection: Pre-commit schemes
More
https://github.com/ConsenSys/smart-contract-best-practices
Resources
https://github.com/ConsenSys/smart-contract-best-practiceshttps://blog.ethereum.org/2016/06/10/smart-contract-security/
https://ethereum.stackexchange.com/questions/8551/methodological-security-review-of-a-smart-contract/8593
相关文章推荐
- Ethereum Smart Contract Safety and Security Checklist
- Build Your First Ethereum Smart Contract with Solidity — Tutorial
- How To Write, Deploy, and Interact with Ethereum Smart Contracts on a Private Blockchain
- 『0004』- 基于Ethereum Wallet的Solidity HelloWorld智能合约(Smart Contract)
- 【翻译】A Next-Generation Smart Contract and Decentralized Application Platform
- Setting up Ethereum smart contract development using Parity on Ubuntu
- 【比特币】 From P2SH of bitcoin to Smart Contract of ethereum
- XmlSerializer and DataContractSerializer 不同
- SQL Injection Attacks and Some Tips on How to Prevent Them
- Bringing Big Data and Smart Energy Together
- Android 快速开发框架:推荐10个框架:afinal、ThinkAndroid、andBase、KJFrameForAndroid、SmartAndroid、dhroid..
- Android 快速开发框架:推荐10个框架:afinal、ThinkAndroid、andBase、KJFrameForAndroid、SmartAndroid、dhroid..
- 以太坊智能合约安全编程最佳实践smart-contract-best-practices
- Insider Computer Fraud: An In-depth Framework for Detecting and Defending against Insider IT Attacks
- Java equals() and hashCode() Contract
- CC3000 Smart Config - transmitting SSID and keyphrase
- Safe! Repel Attacks on Your Code with the Visual Studio 2005 Safe C and C++ Libraries
- 架构设计 SmartClient Architecture and Design Guide一书的作者Edward A.Jezieski
- [Blender.材质纹理教程] Cartoon Smart Blender Materials And Textures Tutorials
- smart contract 知识点