您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符

slides.tex 9.6KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280
  1. \documentclass{beamer}
  2. %\documentclass[aspectratio=169]{beamer}
  3. % You have to install the theme first!
  4. % corporate design of TU Wien
  5. \usetheme[font=helvetica]{tuw}
  6. % background "TU main building" on title page
  7. %\usetheme[tuw_background]{tuw}
  8. % individual background on title page
  9. %\usetheme[tuw_image=TU_Background]{tuw}
  10. % white logo if you have a dark background image
  11. %\usetheme[tuw_image=TU_Background,tuw_whitelogo]{tuw}
  12. % sidebar (not in TU Wien CD! but nice for long presentations)
  13. % width of the sidebar can be changed with option: "width=2cm"
  14. %\usetheme[outer=sidebar]{tuw}
  15. % move frametitle up (beside logo)
  16. %\usetheme[tuw_frametitletotop]{tuw}
  17. % if you use german umlaute use T1 encoding:
  18. %\usepackage[T1]{fontenc}
  19. % default Latex fonts are not T1 supported -> bitmaps used, this is not nice on
  20. % screen; you can use the lmodern package instead
  21. %\usepackage{lmodern}
  22. \usepackage[utf8]{inputenc}
  23. \usepackage{listings}
  24. \usepackage{booktabs}
  25. \usepackage{url}
  26. \usepackage{xcolor}
  27. \usepackage{graphicx}
  28. \graphicspath{ {./} }
  29. \definecolor{codegreen}{rgb}{0,0.6,0}
  30. \definecolor{codegray}{rgb}{0.5,0.5,0.5}
  31. \definecolor{codepurple}{rgb}{0.58,0,0.82}
  32. \definecolor{backcolour}{rgb}{0.95,0.95,0.92}
  33. \definecolor{verylightgray}{rgb}{.97,.97,.97}
  34. \lstdefinelanguage{Solidity}{
  35. keywords=[1]{anonymous, assembly, assert, balance, break, call, callcode, case, catch, class, constant, continue, constructor, contract, debugger, default, delegatecall, delete, do, else, emit, event, experimental, export, external, false, finally, for, function, gas, if, implements, import, in, indexed, instanceof, interface, internal, is, length, library, log0, log1, log2, log3, log4, memory, modifier, new, payable, pragma, private, protected, public, pure, push, require, return, returns, revert, selfdestruct, send, solidity, storage, struct, suicide, super, switch, then, this, throw, transfer, true, try, typeof, using, value, view, while, with, addmod, ecrecover, keccak256, mulmod, ripemd160, sha256, sha3}, % generic keywords including crypto operations
  36. keywordstyle=[1]\color{blue}\bfseries,
  37. keywords=[2]{address, bool, byte, bytes, bytes1, bytes2, bytes3, bytes4, bytes5, bytes6, bytes7, bytes8, bytes9, bytes10, bytes11, bytes12, bytes13, bytes14, bytes15, bytes16, bytes17, bytes18, bytes19, bytes20, bytes21, bytes22, bytes23, bytes24, bytes25, bytes26, bytes27, bytes28, bytes29, bytes30, bytes31, bytes32, enum, int, int8, int16, int24, int32, int40, int48, int56, int64, int72, int80, int88, int96, int104, int112, int120, int128, int136, int144, int152, int160, int168, int176, int184, int192, int200, int208, int216, int224, int232, int240, int248, int256, mapping, string, uint, uint8, uint16, uint24, uint32, uint40, uint48, uint56, uint64, uint72, uint80, uint88, uint96, uint104, uint112, uint120, uint128, uint136, uint144, uint152, uint160, uint168, uint176, uint184, uint192, uint200, uint208, uint216, uint224, uint232, uint240, uint248, uint256, var, void, ether, finney, szabo, wei, days, hours, minutes, seconds, weeks, years}, % types; money and time units
  38. keywordstyle=[2]\color{teal}\bfseries,
  39. keywords=[3]{block, blockhash, coinbase, difficulty, gaslimit, number, timestamp, msg, data, gas, sender, sig, value, now, tx, gasprice, origin}, % environment variables
  40. keywordstyle=[3]\color{violet}\bfseries,
  41. identifierstyle=\color{black},
  42. sensitive=true,
  43. comment=[l]{//},
  44. morecomment=[s]{/*}{*/},
  45. commentstyle=\color{gray}\ttfamily,
  46. stringstyle=\color{red}\ttfamily,
  47. morestring=[b]',
  48. morestring=[b]"
  49. }
  50. \lstset{
  51. language=Solidity,
  52. backgroundcolor=\color{verylightgray},
  53. extendedchars=true,
  54. basicstyle=\footnotesize\ttfamily,
  55. showstringspaces=false,
  56. showspaces=false,
  57. numbers=left,
  58. numberstyle=\footnotesize,
  59. numbersep=9pt,
  60. tabsize=2,
  61. breaklines=true,
  62. showtabs=false,
  63. captionpos=b
  64. }
  65. %%% title page settings
  66. \title[SWC-124]{%
  67. SWC-124: Write to Arbitrary Storage Location
  68. }
  69. \subtitle{192.127 Seminar in Software Engineering (Smart Contracts)}
  70. \author{Ivaylo Ivanov \& Peter Millauer}
  71. \date{\today}
  72. %%% slides start here
  73. \begin{document}
  74. % first frame must include the title page!
  75. \begin{frame}
  76. \titlepage
  77. \end{frame}
  78. % table of contents if you have a long presentation (uses 'part' and 'section'
  79. % elements)
  80. \begin{frame}{Outline}
  81. \tableofcontents
  82. \end{frame}
  83. \section{Introduction}
  84. \subsection[SWC-124: Weakness Outline]{SWC-124: Weakness Outline}
  85. \begin{frame}[fragile]
  86. \frametitle{SWC-124: Weakness Outline}
  87. SWC-124 is a weakness that allows attackers to write to places in the storage where they should not be able to.
  88. It can be used to gain unauthorized access, overwrite data, steal funds etc.
  89. \end{frame}
  90. \begin{frame}[fragile]
  91. \frametitle{SWC-124: Weakness Outline}
  92. We generally differentiate three types of SWC-124:
  93. \begin{itemize}
  94. \item unchecked array write
  95. \item incorrect array length check
  96. \item unchecked assembly code
  97. \end{itemize}
  98. Examples follow, use in production at your own risk ;)
  99. \end{frame}
  100. \begin{frame}[fragile]
  101. \frametitle{Why this works}
  102. A dynamic array in storage slot $p$ stores its data at continuous addresses starting at $keccak(p)$.
  103. For example, if the variable $x$ is a dynamic array occupying storage slot 3, $x[o]$ can be found at $keccak(0x3)+o$.
  104. An attacker can use this information to overwrite any storage slot by finding an appropriate offset value.
  105. \end{frame}
  106. \begin{frame}[fragile]
  107. \frametitle{Why this works}
  108. \includegraphics[width=\textwidth]{storage}
  109. \end{frame}
  110. \subsection[Examples]{Examples}
  111. \begin{frame}[fragile]
  112. \frametitle{Unchecked Array Write}
  113. \begin{lstlisting}[language=Solidity]
  114. pragma solidity 0.4.25;
  115. contract MyContract {
  116. address private owner;
  117. uint[] private arr;
  118. constructor() public {
  119. arr = new uint[](0);
  120. owner = msg.sender;
  121. }
  122. function write(unit index, uint value) {
  123. arr[index] = value;
  124. }
  125. }
  126. \end{lstlisting}
  127. \end{frame}
  128. \begin{frame}[fragile]
  129. \frametitle{Incorrect Array Length Check}
  130. \begin{lstlisting}[language=Solidity, basicstyle=\tiny\ttfamily, numberstyle=\tiny]
  131. pragma solidity 0.4.25;
  132. contract MyContract {
  133. uint[] private arr;
  134. constructor() public {
  135. arr = new uint[](0);
  136. }
  137. function push(value) {
  138. arr[arr.length] = value;
  139. arr.length++;
  140. }
  141. function pop() {
  142. require(arr.length >= 0);
  143. arr.length--;
  144. }
  145. function update(unit index, uint value) {
  146. require(index < arr.length);
  147. arr[index] = value;
  148. }
  149. }
  150. \end{lstlisting}
  151. \end{frame}
  152. \begin{frame}[fragile]
  153. \frametitle{Unchecked Assembly}
  154. \begin{lstlisting}[language=Solidity, basicstyle=\tiny\ttfamily, numberstyle=\tiny, breaklines=true]
  155. pragma solidity 0.4.25;
  156. contract MyContract {
  157. address private owner;
  158. mapping(address => bool) public managers;
  159. constructor() public {
  160. owner = msg.sender;
  161. setNextUserRole(msg.sender);
  162. }
  163. function setNextManager(address next) internal {
  164. uint256 slot;
  165. assembly {
  166. slot := managers.slot
  167. sstore(slot, next)
  168. }
  169. bytes32 location = keccak256(abi.encode(160, uint256(slot)));
  170. assembly {
  171. sstore(location, true)
  172. }
  173. }
  174. function registerUser(address user) {
  175. require(msg.sender == owner);
  176. setNextManager(user);
  177. }
  178. }
  179. \end{lstlisting}
  180. \end{frame}
  181. \section{Detecting and Exploiting}
  182. \subsection[Detecting SWC-124]{Detecting SWC-124}
  183. \begin{frame}[fragile]
  184. \frametitle{SWC-124: Detection Heuristics 1}
  185. Any contract without dynamic arrays (or mappings with integer keys) or raw assembly including a SSTORE instruction can immediately be considered non-vulnerable.
  186. \end{frame}
  187. \begin{frame}[fragile]
  188. \frametitle{SWC-124: Detection Heuristics 2}
  189. If heuristic 1 does not hold, we can then apply a second heuristic: checking the solidity compiler version, specified at the top of the contract. Solidity version 0.8.0+ introduced integer under- and overflow protection, which are enabled per default and require extra work to be disabled.
  190. \end{frame}
  191. \begin{frame}[fragile]
  192. \frametitle{SWC-124: Detection Heuristics 2.1}
  193. If the version of the contract is higher than 0.8.0, we examine whether unchecked arithmetic has been used for modifying the arrays. If this is not the case, which it is not most of the time, we can then determine that the contract is non-vulnerable. Applying this heuristic, we found a contract that could have been vulnerable had it been compiled with a lower solidity version.
  194. \begin{block}{Note on assembly}
  195. Due to the nature of the examples given, we could not find reliable heuristics for unchecked assembly.
  196. \end{block}
  197. \end{frame}
  198. \begin{frame}[fragile]
  199. \frametitle{SWC-124: Detection Tools}
  200. \begin{itemize}
  201. \item existing static analysis tools were useless - most of them had no support for SWC-124
  202. \item \texttt{solc-select} - for changing solidity compiler versions
  203. \item \texttt{slither} - for printing contract variable layout
  204. \end{itemize}
  205. \end{frame}
  206. \begin{frame}[fragile]
  207. \texttt{\$ slither Bethorde.sol --print variable-order}
  208. \includegraphics[width=\textwidth]{slither}
  209. \end{frame}
  210. \subsection[Exploiting SWC-124]{Exploiting SWC-124}
  211. % TODO: Exploitation is trivial, should we just go back and explain or should we go into memory layout? Can we handle it in time?
  212. \begin{frame}[fragile]
  213. \frametitle{Vulnerable Examples}
  214. Using the previously mentioned heuristics, we could not find a vulnerable contract from the dataset.
  215. \end{frame}
  216. \section{Future Work}
  217. \begin{frame}[fragile]
  218. \frametitle{Future Work}
  219. \begin{itemize}
  220. \item add heuristics to static analysis tool like \texttt{slither} or \texttt{mythril}
  221. \item develop additional vulnerable and non-vulnerable contracts and test against heuristics
  222. \item train a model against the resulting dataset
  223. \item fine-tune heuristics
  224. \end{itemize}
  225. \end{frame}
  226. \section{Conclusion}
  227. \begin{frame}[fragile]
  228. Questions?
  229. \end{frame}
  230. \end{document}