ETH Basic to Advance Smart Contract Hacking for web3 in 2023

ETH Basic to Advance Smart Contract Hacking for web3 in 2023 | by Dr. Gupta | Feb, 2023 | Medium | Medium

ETH Advance Smart Contract Hacking for web3 in 2023

Basic to know about Smart Contracts :

Smart Contract defines as “a set of promises, specified in digital form, including protocols within which the parties perform on the other promises.”

In terms of Ethereum: “smart contracts” to refer to immutable computer programs that run deterministically in the context of an Ethereum Virtual Machine as part of the Ethereum network protocol — i.e., on the decentralized Ethereum world computer.

• contracts only run if they are called by a transaction. All smart contracts in Ethereum are executed, ultimately, because of a transaction initiated from an EOA.
• A transaction to a contract address destination will execute the contract in EVM and will call the function named in the data payload of your transaction, if there is no data in your transaction then EVM will call a fallback function and if that function is payable, will execute it to determine what to do next. if no fallback function or non-payable fallback function, transaction will be reverted.
• A function selector : The first 4 bytes of the Keccak-256 hash of the function’s prototype. This allows the contract to unambiguously identify which function you wish to invoke.

The function arguments

The function’s arguments, encoded according to the rules for the various elementary types defined in the ABI specification.

• In DollarFactory smart contract example, we defined a function for withdrawals: function withdraw(uint _amount) public {}
• The prototype of a function is defined as the string containing the name of function, followed by data types of each of its arguments, enclosed in parentheses as separated by commas. The function name here is withdraw and it takes a single argument what is a uint (which is an alias for uint256), so the prototype of withdraw would be: withdraw(uint)256
• To calculate the Keccak-256 hash of this string in parity;

web3.utils.sha3("withdraw(uint256)");

Multisignature Transfer:

• transfer ether to a multisig contract
• want to send funds to another account
• all the required users will need to send transactions to contract using a regular wallet app, authorizing contract to perform final transaction.

Ethereum HIgh-Level Languages:

Solidity

soliditylang.org

A procedural (imperative) programming language with a syntax similar to JavaScript, C++, or Java. The most popular and frequently used language for Ethereum smart contracts.

Vyper

A more recently developed language, similar to Serpent and again with Python-like syntax. Intended to get closer to a pure-functional Python-like language than Serpent, but not to replace Serpent.

Bamboo

A newly developed language, influenced by Erlang, with explicit state transitions and without iterative flows (loops). Intended to reduce side effects and increase auditability. Very new and yet to be widely adopted.

Others:

LLL, Serpent

Building Smart Contract with Solidity

Official Solidity Documentation website : CLICK HERE

• Solidity compiler, solc, which converts programs written in the Solidity language to EVM bytecode. The project also manages the important application binary interface (ABI) standard for Ethereum smart contracts
• https://docs.soliditylang.org/en/latest/installing-solidity.html
• To install Solidity solc, we will add using Linux Packages: Solidity have PPAs for Ubuntu, use below commands to install:

sudo add-apt-repository ppa:ethereum/ethereum
sudo apt-get update
sudo apt-get install solc

//you can also install solidity using npm:
npm install -g solc

To check it has installed properly or not, check version;

solc --version

Compiling with the Solidity Compiler (solc)

We use the — bin and — optimize arguments of solc to produce an optimized binary of our example contract developed in my previous article of this series. Learn Ethereum smart contract basics for web3 development 2023 https://medium.com/@web3doctor/learn-ethereum-smart-contract-basics-for-web3-2023-611dcc1caff9

solc --optimize --bin DollarFactory.sol

The Ethereum Contract ABI:

ABI = application binary interface ; defines how data structures and functions are encoded and decoded into OR out of machine code

Purpose of ABI: define functions, describe how function will accept arguments and return result.

It will be helpful when you try to solve, Ethernaut CTFs first part.

To interact with deployed contract, an application needs ; an ABI and address of contract.

solc --abi DollarFactory.sol

Data Types in Solidity Programming:

• Boolean (bool) : true or false, with logical operators; ! (not), && (and), || (or), == (equal), ≠ (not equal).
• Integer ( int, uint) : signed (int), unsigned (uint), declared in steps of 8 bits of increments from int8 to uint256, without size suffix, 256-bit are used
• Fixed point (fixed, ufixed) : fixed / ufixed ; Signed and unsigned fixed point number of various sizes. Keywords ufixedMxN and fixedMxN, where Mrepresents the number of bits taken by the type and Nrepresents how many decimal points are available. Its a fancy way of floating point in solidity. Fixed point numbers are not fully supported by solidiy as per version 0.8.18. They can be declared but cannot be assigned to or from.
• Address (address payable, address) : address payable is an address you can send Ether to with additional members transfer, balance and send, while you are not supposed to send Ether to a plain address as it might be a smart contract.
• Fixed-size byte arrays : The value types bytes1, bytes2, bytes3, …, bytes32hold a sequence of bytes from one to up to 32.
• dynamically-sized byte array : can be bytes or string dynamically assigned
• Enums : user-defined type, convertible to and from all integer types, require at least one member, cannot have more than 256 member; enum NAME { LABEL1, LABEL2, …}
• Function Types: internal and external functions, internal functions only inside current contract, external functions consist of address and function signature, can be passed via and returned from external function calls function (<parameter types>) {internal|external} [pure|view|payable] [returns (<return types>)]
• Data Location: memory, storage, calldata
• Structs : use to define new types in the form of structs
• Ether Units : wei, gwei, ether ; finnery and szabo removed in version 0.7.0
• Time Units : seconds, minutes, hours, days, weeks ; years removed in version 0.5.0, cannot be applied to variables

Control Structures:

• if, else, while, do, for, break, continue, return
• Error handling : Assert, Require, Revert, Exceptions

Constructor is executed as a part of contract creation only once then it is discarded.

Selfdestruct : it should not be in a contract code as it can be used to delete contract and withdraw all money

Function Modifiers: special function, use to create conditions that apply to many functions within a contract

contract inheritance: extend base contract with additional functionality, inherits all the methods, functions, and variable of parent, support multiple inheritance by comma separated contract names ; contract child is Parent1, Parent2 {}

Events: completed transaction produce a receipt, contains log enteries, provide information about action occurred during the execution of transaction.

event Withdrawal(address indexed to, uint amount);
event Deposit(address indexed from, uint amount);

emit: incorporate the event data in the transaction logs

function withdraw(uint _amount) public {
msg.sender.transfer(_amount);
emit withdraw(msg.sender, _amount);
}
receive () external payable {
	emit Deposit(msg.sender, msg.value);
}

Gas Considerations:

• avoid dynamically sized arrays
• avoid calling other contract without knowing gas cost of their functions,
• avoid using library not well tested and broadly used

Now you have understood the very basics of Solidity Programming, use above learned points to understand below security and hack leading codes.

Security Considerations:

While it is usually quite easy to build software that works as expected, it is much harder to check that nobody can use it in a way that was not anticipated.

all smart contracts are public, and any user can interact with them simply by creating a transaction, Any vulnerability can be exploited, and losses are almost always impossible to recover.

Security Best Practices

• Minimalism / simplicity : the simpler the code, the lower the chances are of a bug.
• code reuse : Try not to reinvent the wheel, don’t repeat yourself
• code quality : once launched, there’s little to fix any problem
• Readablility / auditability : the easier it is to read, the easier it is to audit.
• Test Coverage : test everything that you can

Smart Contract Security Risk and Antipatterns: Be familiar with most common security risks

Reentrancy :

• smart contract can call and utilize code from other external contracts. these external calls can be hijacked by attackers, who can force to execute further code through a fallback function. search about the DAO hack
• https://gus-tavo-guim.medium.com/reentrancy-attack-on-smart-contracts-how-to-identify-the-exploitable-and-an-example-of-an-attack-4470a2d8dfe4
• https://consensys.github.io/smart-contract-best-practices/attacks/reentrancy/
• FIX : any code that performs external calls to unknown addresses to be the last operation in a localized function or piece of code execution, all state changing logic variables happens before ether is sent out of contract, introduce mutex bool reEntrancyMutex = false; which locks contract require(!reEntrancyMutex); during code execution prevents reentrant calls and set true before external call reEntrancyMutex = true;release mutex after external call reEntrancyMutex = false;
• Further Read : The DAO attack of $150 million

Arithmetic Over / Underflows :

• EVM specifies fixed-size data types for integers, can represent only a certain range of numbers, uint t8 can store in range [0,255], trying to store 256 into a uint8 will result 0
• variables in Solidity can be exploited if user input is unchecked and calculations are performed that result in numbers that lie outside the range of the data type that stores them
• https://medium.com/loom-network/how-to-secure-your-smart-contracts-6-solidity-vulnerabilities-and-how-to-avoid-them-part-1-c33048d4d17d
• https://consensys.github.io/smart-contract-best-practices/attacks/insecure-arithmetic/
• https://randomoracle.wordpress.com/2018/04/27/ethereum-solidity-and-integer-overflows-programming-blockchains-like-1970/
• Adding numbers larger than the data type’s range is called an overflow, allow attackers to misuse code and create unexpected logic flows
• Division is not cause over/underflow, to prevent use or build mathematical libraries that replace standard math operators +, -, * safemath libraray from OpenZeppelin
• RealLife : https://medium.com/@ebanisadr/how-800k-evaporated-from-the-powh-coin-ponzi-scheme-overnight-1b025c33b530
• Standard Interface for Tokens : https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20.md
• Batch Vulnerability : https://peckshield.medium.com/alert-new-batchoverflow-bug-in-multiple-erc20-smart-contracts-cve-2018-10299-511067db6536

Unexpected Ether :

• ether sent to contract, must execute either the fallback function OR another function,
• https://medium.com/loom-network/how-to-secure-your-smart-contracts-6-solidity-vulnerabilities-and-how-to-avoid-them-part-2-730db0aa4834
• Self-destruct / suicide : removes all bytecodes, from the contract address and send all ether stored there to the parameter specified address, no function even fallback get called, selfdestruct forcibly send ether to any contract regardless of any code even with no payable functions.
• https://swende.se/blog/Ethereum_quirks_and_vulns.html
• Pre-sent ether : preload the contract with ether ; https://blog.sigmaprime.io/solidity-security.html#keyless-eth
• usually arise from the misuse of this.balance, contract logic when possible avoid being dependent on exact values of balance of contract because it can be artificially manipulated. if applying cope with unexpected balances.
• Underhanded Solidity Coding Contest : https://github.com/Arachnid/uscc/tree/master/submissions-2017/

Delegatecall

call delegatecall useful to modularize the code, call is run in context of external contract/function, delegatecall executed at the targeted address is run in context of calling contract and msg.sender and msg.value remain unchanged.

• enables implementation of libraries, allow developers to deploy reusable code once and call it from future contracts.
• the use of DELEGATECALL can lead to unexpected code execution, delegatecall preserves contract context. This means that code that is executed via delegatecall will act on the state (i.e., storage) of the calling contract.
• https://ethereum.stackexchange.com/questions/3667/difference-between-call-callcode-and-delegatecall
• delegatecallis state-preserving, we are not talking about the variable names of the contract, but rather the actual storage slots to which those names point, a simple mistake let attacker hijack the entire contract and its ether
• https://docs.soliditylang.org/en/latest/contracts.html#libraries for prevention and use of libraries, when using delegatecall pay attention to possible calling context of both library contract and calling contract, if possible build stateless libraries.
• Parity Multisig hack : https://medium.com/chain-cloud-company-blog/parity-multisig-hack-again-b46771eaa838
• InDepth analysis of parity multisig bug : https://hackingdistributed.com/2017/07/22/deep-dive-parity-bug/

Default Visibilities:

• it determines whether a function can be called externally by users, by other derived contracts, only internally or only externally.
• Further Read : https://docs.soliditylang.org/en/latest/contracts.html#visibility-and-getters
• default is public, if developer omit the visibility specifiers which should be private; only callable within contracts, bug happened
• Prevention : always specify the visibility of all functions in contract, even intentionally public
• parity hack : https://www.freecodecamp.org/news/a-hacker-stole-31m-of-ether-how-it-happened-and-what-it-means-for-ethereum-9e5dc29e33ce

Entropy Illusion :

• https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620

External contract Referencing :

• a large number contracts reference external contracts usually via external message calls.
• https://www.reddit.com/r/ethdev/comments/7x5rwr/tricked_by_a_honeypot_contract_or_beaten_by/
• https://www.reddit.com/r/ethdev/comments/7xu4vr/comment/dubakau/

Short address / parameter attack :

• sending less hex chars and less bytes, EVM add zero to end of encoded parameter to makeup expected length.
• https://medium.com/huzzle/ico-smart-contract-vulnerability-short-address-attack-31ac9177eb6b
• https://www.reddit.com/r/ethereum/comments/6r9nhj/cant_understand_the_erc20_short_address_attack/

Unchecked CALL Return Values :

• sending ether to external accounts by using transfer
• send and CALL also use for external call but return only Boolean failed or succeeded, BUT in these two functions, revert wil not occur if failed instead it will simply give false result whereas developer expects it to trigger revert function.
• Dasp Unchecked Return Values: https://www.dasp.co/#item-4
• Scanning unchecked-send bug : https://hackingdistributed.com/2016/06/16/scanning-live-ethereum-contracts-for-bugs/
• Prevention: use transfer function rather than send , transfer will revert if external transaction fails, if send is required to use, check the return value.
• Withdrawal recommendation : https://docs.soliditylang.org/en/latest/common-patterns.html#withdrawal-from-contracts
• King of the ether post-Mortem: https://www.kingoftheether.com/postmortem.html

Race Conditions / Front Running :

• Dasp Front Running BUG : https://www.dasp.co/#item-7
• ETH SC Best practice : https://consensys.github.io/smart-contract-best-practices/attacks/frontrunning/
• https://hackingdistributed.com/2017/08/28/submarine-sends/
• https://hackernoon.com/front-running-bancor-in-150-lines-of-python-with-ethereum-api-d5e2bfd0d798
• https://www.youtube.com/watch?v=RL2nE3huNiI

Denial of Service (DOS) :

• Looping through externally manipulated mappings or arrays : contracts should not loop through data structures that can be artificially manipulated by external users
• Owner operations : a privileged user was required to change the state of the contract. In such examples a failsafe can be used in the event that the owner becomes incapacitated, make the owner a multisig contract, use a time-lock,
• Progressing state based on external calls
• GovernMental 1100 ether after 2.5M gas : https://www.reddit.com/r/ethereum/comments/4ghzhv/governmentals_1100_eth_jackpot_payout_is_stuck/

Block Timestamp Manipulation :

• https://docs.soliditylang.org/en/latest/units-and-global-variables.html#block-and-transaction-properties
• https://ethereum.stackexchange.com/questions/413/can-a-contract-safely-rely-on-block-timestamp
• block timestamps should not be the deciding factor for changing an important state
• use block.number by calculating average block time * days to use.

Constructors with care :

• Ethernaut Fallout challenges
• https://applicature.com/blog/blockchain-technology/history-of-ethereum-security-vulnerabilities-hacks-and-their-fixes

Uninitialized storage pointers :

• storage or memory ; possible to produce vulnerable contracts by inappropriately initializing variables.
• Data Types : https://docs.soliditylang.org/en/latest/types.html#data-location
• https://medium.com/cryptronics/storage-allocation-exploits-in-ethereum-smart-contracts-16c2aa312743
• https://medium.com/cryptronics/storage-allocation-exploits-in-ethereum-smart-contracts-16c2aa312743
• https://www.reddit.com/r/ethdev/comments/7wp363/how_does_this_honeypot_work_it_seems_like_a/
• https://medium.com/coinmonks/an-analysis-of-a-couple-ethereum-honeypot-contracts-5c07c95b0a8d

Tx.origin authetication :

• travel the entire call stack, contain the address of the account that originally sent the call or transaction and use it for authentication.
• vulnerable to phising attack
• prevention : shouldn’t use for authorization, can be use to prevent intermediate contracts to call and only limit contract to regular codeless addresses

“Mastering Ethereum by Andreas M. Antonopoulos and Dr. Gavin Wood (O’Reilly). Copyright 2019 The Ethereum Book LLC and Gavin Wood, 978–1–491–97194–9.”

Follow me on Twitter: https://twitter.com/BgxDoc