Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227
  1. \documentclass [10pt]{article}
  2. \usepackage{latexsym}
  3. \usepackage{amssymb}
  4. \usepackage{epsfig}
  5. \usepackage{fullpage}
  6. \usepackage{enumerate}
  7. \usepackage{xspace}
  8. \usepackage{todonotes}
  9. \usepackage{listings}
  10. \usepackage{url}
  11. \usepackage[ruled,linesnumbered]{algorithm2e} % Enables the writing of pseudo code.
  12. \usepackage{float}% http://ctan.org/pkg/float
  13. \newcommand{\true}{true}
  14. \newcommand{\false}{false}
  15. \pagestyle{plain}
  16. \bibliographystyle{plain}
  17. \title{192.127 Seminar in Software Engineering (Smart Contracts) \\
  18. SWC-124: Write to Arbitrary Storage Location \\
  19. Report Exploits }
  20. \author{Exercises}
  21. \date{WT 2023/24}
  22. \author{\textbf{Ivanov, Ivaylo (11777707) \& Millauer, Peter (01350868)}}
  23. \newtheorem{theorem}{Theorem}
  24. \newtheorem{lemma}[theorem]{Lemma}
  25. \newtheorem{corollary}[theorem]{Corollary}
  26. \newtheorem{proposition}[theorem]{Proposition}
  27. \newtheorem{conjecture}[theorem]{Conjecture}
  28. \newtheorem{definition}[theorem]{Definition}
  29. \newtheorem{example}[theorem]{Example}
  30. \newtheorem{remark}[theorem]{Remark}
  31. \newtheorem{exercise}[theorem]{Exercise}
  32. \renewcommand{\labelenumi}{(\alph{enumi})}
  33. \usepackage{xcolor}
  34. \definecolor{codegreen}{rgb}{0,0.6,0}
  35. \definecolor{codegray}{rgb}{0.5,0.5,0.5}
  36. \definecolor{codepurple}{rgb}{0.58,0,0.82}
  37. \definecolor{backcolour}{rgb}{0.95,0.95,0.92}
  38. \definecolor{verylightgray}{rgb}{.97,.97,.97}
  39. \lstdefinelanguage{Solidity}{
  40. keywords=[1]{anonymous, assembly, assert, balance, break, call, callcode, case, catch, class, constant, continue, constructor, contract, debugger, default, delegatecall, delete, do, else, emit, event, experimental, export, external, false, finally, for, function, gas, if, implements, import, in, indexed, instanceof, interface, internal, is, length, library, log0, log1, log2, log3, log4, memory, modifier, new, payable, pragma, private, protected, public, pure, push, require, return, returns, revert, selfdestruct, send, solidity, storage, struct, suicide, super, switch, then, this, throw, transfer, true, try, typeof, using, value, view, while, with, addmod, ecrecover, keccak256, mulmod, ripemd160, sha256, sha3}, % generic keywords including crypto operations
  41. keywordstyle=[1]\color{blue}\bfseries,
  42. keywords=[2]{address, bool, byte, bytes, bytes1, bytes2, bytes3, bytes4, bytes5, bytes6, bytes7, bytes8, bytes9, bytes10, bytes11, bytes12, bytes13, bytes14, bytes15, bytes16, bytes17, bytes18, bytes19, bytes20, bytes21, bytes22, bytes23, bytes24, bytes25, bytes26, bytes27, bytes28, bytes29, bytes30, bytes31, bytes32, enum, int, int8, int16, int24, int32, int40, int48, int56, int64, int72, int80, int88, int96, int104, int112, int120, int128, int136, int144, int152, int160, int168, int176, int184, int192, int200, int208, int216, int224, int232, int240, int248, int256, mapping, string, uint, uint8, uint16, uint24, uint32, uint40, uint48, uint56, uint64, uint72, uint80, uint88, uint96, uint104, uint112, uint120, uint128, uint136, uint144, uint152, uint160, uint168, uint176, uint184, uint192, uint200, uint208, uint216, uint224, uint232, uint240, uint248, uint256, var, void, ether, finney, szabo, wei, days, hours, minutes, seconds, weeks, years}, % types; money and time units
  43. keywordstyle=[2]\color{teal}\bfseries,
  44. keywords=[3]{block, blockhash, coinbase, difficulty, gaslimit, number, timestamp, msg, data, gas, sender, sig, value, now, tx, gasprice, origin}, % environment variables
  45. keywordstyle=[3]\color{violet}\bfseries,
  46. identifierstyle=\color{black},
  47. sensitive=true,
  48. comment=[l]{//},
  49. morecomment=[s]{/*}{*/},
  50. commentstyle=\color{gray}\ttfamily,
  51. stringstyle=\color{red}\ttfamily,
  52. morestring=[b]',
  53. morestring=[b]"
  54. }
  55. \lstset{
  56. language=Solidity,
  57. backgroundcolor=\color{verylightgray},
  58. extendedchars=true,
  59. basicstyle=\footnotesize\ttfamily,
  60. showstringspaces=false,
  61. showspaces=false,
  62. numbers=left,
  63. numberstyle=\footnotesize,
  64. numbersep=9pt,
  65. tabsize=2,
  66. breaklines=true,
  67. showtabs=false,
  68. captionpos=b
  69. }
  70. \lstdefinestyle{mystyle}{
  71. backgroundcolor=\color{backcolour},
  72. commentstyle=\color{codegreen},
  73. keywordstyle=\color{magenta},
  74. numberstyle=\tiny\color{codegray},
  75. stringstyle=\color{codepurple},
  76. basicstyle=\ttfamily\footnotesize,
  77. breakatwhitespace=false,
  78. breaklines=true,
  79. captionpos=b,
  80. keepspaces=true,
  81. numbers=left,
  82. numbersep=5pt,
  83. showspaces=false,
  84. showstringspaces=false,
  85. showtabs=false,
  86. tabsize=2
  87. }
  88. \begin{document}
  89. \maketitle
  90. %\begin{abstract}
  91. % This paper outlines different forms of the common smart contract weakness with the SWC number 124, commonly referred to as "Write to Arbitrary Storage Location". While this paper focuses on applications within the context of Ethereum's EVM and higher-level language Solidity, we will also briefly touch on other research that deals with the Hyperledger Fabric environment. We will begin with a gentle introduction to the Solidity storage layout design that allows this weakness to occur, followed by common forms of exploit, alongside their associated consequences. Finally, we will outline the code characteristics that are detectable by automated tools as well as an exploit sketch.
  92. %\end{abstract}
  93. \section{Introduction}
  94. \subsection{Precautions}
  95. \subsection{Preprocessing}
  96. \subsection{Setup}
  97. We attempted to implement an automatic weakness detection pipeline by using a multitude of tools. The software used includes:
  98. \begin{itemize}
  99. \item \textbf{solc}: Using \textbf{solc-select} we select the correct solc version and compile the associated *.sol file. This way we gather compiler hints and warnings.
  100. \item \textbf{Mythril}: %TODO% Mythril also does something
  101. \item \textbf{teEther}: A tool we found in the last research step of this seminar, teether is a dynamic analysis tool for smart contracts. It is unfortunately hardly documented and has been unmaintained for several years. We were unable to generate usable results with it.
  102. \item \textbf{Slither}: A highly useful tool that offers a large static analysis toolkit for solidity, it not only allows the extraction of contract data like storage layouts but also automatic scanning for common weaknesses. Although it did not seem to be able to detect SWC-124, the storage layout functionality was used extensively by our team.
  103. \end{itemize}
  104. \section{Exploit Creation}
  105. \subsection{extra short recap of weakness definitions}
  106. SWC-124 attempts to use the underlying mechanisms that govern dynamic array allocation to deterministically overwrite arbitrary data in smart contracts. An analogous weakness can be created by employing unchecked assembly instructions, although this is a less common attack vector due to its unusual structure.
  107. \subsection{exploit idea(s)}
  108. The workflow of determining the vulnerability of a given contract is straight forward and follows the general approach of automatic detection mechanisms from our last paper. Since SWC-124 requires the presence of very specific code, it is relatively easy to exclude non-vulnerable contracts. Namely any contract without dynamic arrays or raw assembly including a SSTORE instruction can immediately be considered non-vulnerable. The presence of dynamic arrays can be determined using \textbf{slither --print variable-order}. A sample output looks as follows:
  109. \begin{verbatim}
  110. $slither cans.sol --print variable-order
  111. Cans:
  112. +----------------------------+----------------------------------------------+------+--------+
  113. | Name | Type | Slot | Offset |
  114. +----------------------------+----------------------------------------------+------+--------+
  115. | ERC1155._balances | mapping(address => uint32[7]) | 0 | 0 |
  116. | ERC1155.tokens | uint256[] | 1 | 0 |
  117. | ERC1155._operatorApprovals | mapping(address => mapping(address => bool)) | 2 | 0 |
  118. | ERC1155._uri | string | 3 | 0 |
  119. | Ownable._owner | address | 4 | 0 |
  120. | Functional._reentryKey | bool | 4 | 20 |
  121. | Cans.START_TIME | uint256 | 5 | 0 |
  122. | Cans.END_TIME | uint256 | 6 | 0 |
  123. | Cans.amountClaimed | uint8[9998] | 7 | 0 |
  124. | Cans.CLAIM_ENABLED | bool | 320 | 0 |
  125. | Cans.soda | SODAContract | 320 | 1 |
  126. | Cans.SODA_CONTRACT | address | 321 | 0 |
  127. | Cans.baseURI | string | 322 | 0 |
  128. +----------------------------+----------------------------------------------+------+--------+
  129. \end{verbatim}
  130. In this example the \textbf{ERC1155.tokens} array is the only potential weakess present. We would then look for the presence of what-where writes to this array in order to confirm the potential presence of SWC-124. What-where writes are of the form
  131. \begin{verbatim}
  132. someArray[where] = what;
  133. \end{verbatim}
  134. \noindent and are a necessary code snippet for SWC-124. If such an instruction is present, we then attempt to reverse engineer a sequence of inputs to trigger the exploit, or formulate a reason why we believe this not to be possible.
  135. \section{Results}
  136. \subsection{vulnerable contracts}
  137. None.
  138. \subsection{non-exploitable contracts}
  139. \noindent Solidity files that contained no contracts:
  140. \begin{itemize}
  141. \item AuctionLib.sol
  142. \item LibRegion.sol
  143. \item LToken.sol
  144. \end{itemize}
  145. \noindent Contracts that were discarded due to the non-presence of dynamic arrays or assembly using SSTORE:
  146. \begin{itemize}
  147. \item DCU.sol
  148. \item ERC20\_Asset\_Pool.sol
  149. \item FacelessNFT.sol
  150. \item GElasticTokenManager.sol
  151. \item GoldToken.sol
  152. \item GovernmentAlpha.sol
  153. \item HedgeSwap.sol
  154. \item HermesImplementation.sol
  155. \item IMETACoin223Token\_13.sol
  156. \item UniswapV3PoolAdapter.sol
  157. \item UserDeposit.sol
  158. \item WPCMainnetBridge.sol
  159. \end{itemize}
  160. \subsection{undecidable contracts}
  161. \subsection{optionally fixes}
  162. \section{Discussion}
  163. \subsection{conclusions}
  164. \subsection{lessons learned: what works, what doesn't}
  165. \subsection{open challenges}
  166. \bibliography{exercise.bib}
  167. \end{document}