Smart Contract Security Newsletter #40

Sign up to receive this newsletter in your favourite email client

Here are some of the things we’ve been working on in recent weeks:

  • The Blockchain Security DB is an open-source (and machine-readable) database of security information for blockchain projects, containing information about past audits, bounty programs, and security contact info.

Some laudable efforts have been made recently to evaluate and compare the security of different projects (especially in DeFi). That’s a difficult and controversial undertaking, so we’ve decided to start just by presenting the information we could find without interpretation. Contribute by submitting a PR to the project or contribute to the Gitcoin grants.

Distilled News

$5.7 million in miner fees

Last week you may have noticed that gas prices on the Ethereum network skyrocketed. Other than high transaction volume, it was mainly caused by a few transactions that paid millions of dollars in transaction fees. Mainly these two:

There are unproven theories on what caused these transactions, from software bugs to blackmailing partially hacked exchanges.

SparkPool and Ethermine both announced that they will be refunding the fees if the sender comes forward. However, at the time of the writing, no one has raised their hand and the pools are deciding to distribute the ETH to all the miners who were active on the day of those transactions. Good day to be mining.

Detecting transaction replacement attacks — Sam Moelius

Last year we published a paper systemizing front-running attacks on blockchain, Also here’s the video at SBC19 for those who prefer to watch the talk.

Transparent Dishonesty: Taxonomy of front-running attacks on Blockchain

The taxonomy of the front-running attacks helps to understand the process of different attack types and facilitates developing detection mechanisms. In this video, Sam Moelius of Trail of Bits, shows the attempt to implement a detection method for one of the specific attacks explained in the paper.

Solidity 0.6.9 0.6.10 Release

Solidity 0.6.9 was released on June 5th:

Solidity v0.6.9 adds SMT-checking to solc-js, allows calldata for all variables and provides a mechanism to specify an import directory.

A mere 6 days later, Solidity 0.6.10 dropped, establishing what must be a record release cycle time, even for Solidity! The gist of the bug is pretty low level:

This resulted in a bug related to calling library functions with calldata parameters via using for. More specifically, the compiler would copy all calldata arguments to memory first — like done for calls to public library functions. The internal library function would then receive the memory pointer but interpret it as a calldata pointer resulting in calldata reads at the wrong location and potential stack corruption. The stack corruption is caused by the fact that calldata pointers can use two stack slots while memory pointers always only use one stack slot. This can in turn cause problems for other variables and a wrong jump at the function return.

Research Papers

Other Links

If you enjoy this newsletter please share it with your friends, or ask them to sign up here Smart Contract Security Newsletter

Smart Contract Security Newsletter #40 was originally published in ConsenSys Diligence on Medium, where people are continuing the conversation by highlighting and responding to this story.

—Source link—

What do you think?

The Future Freedom Of Ideas Will Depend On Decentralization

Introducing Rosetta: Build once. Integrate your blockchain everywhere.