/exploiting-smart-contract-vulnerabilities

Repository for "Exploiting smart contract vulnerabilities" bachelor thesis at School of Electrical Engineering, University of Belgrade. Paper (in Serbian) with 5 examples of vulnerable smart contracts and exploitation of them.

Primary LanguageTeXGNU General Public License v3.0GPL-3.0

Exploiting Smart Contract Vulnerabilities

Ethereum Solidity

Repository for "Exploiting smart contract vulnerabilities" bachelor thesis at School of Electrical Engineering, University of Belgrade.

The paper is written in Serbian (Eksploatacija_propusta_u_pametnim_ugovorima.pdf) and there are 5 exmples of vulnerable smart contracts and how to exploit them with instructions in English. Everything is implemented in Solidity.

Examples

  1. NFT Auction

    • Implementation of auction that has reentrancy vulnerability
    • Inspired by DAO hack
  2. Hyperinflation

    • Smart contract that has half implementation of ERC20 contract with overflow vulnerability
    • Exploitation of this vulnerability leads to hyperinflation of token
    • Inspired by BEC (BeutyChain) hack
  3. Ether chest

    • Smart contract that enables users to lock their Eth for some time
    • To exploit this contract attacker needs to combine reentracny, overflow and underflow vulnerabilities
  4. King of Ether

    • Famous king of ether game with additional protection (checks if caller is smart contract and if it is stops function call)
    • Example of Denial of Service (DOS) attack
  5. Giveaway

    • Contract that is giving away 10 Ethers, but you need to give 1 eth to enter the giveaway
    • Attacks combines unexpected ether vulnerability and bad usage of delegatecall

Instructions for running each example is in readme inside each example directories in src directory.

Recommendations for developing safe smart contracts

  • Use Checks-Effects-Interactions pattern
  • Use pull over push pattern
  • Implement circuit breakers
  • Use formal verification
  • Use modifiers only for checks
  • Do not use kill and selfdestruct
  • Keep the code small and modular
  • Use events to track activities in smart contract
  • Use well known libraries like the ones from OpenZeppelin
  • Don't forget that all data is public on blockchain
    • use commitment schemes with separate phases: first commit using the hash of the values and in a later phase revealing the values
  • Limit the maximum number of Eth that contract can accept (if possible)

More useful recommendations here

Smart contract security tools

  • Slither - Static Analyzer for Solidity

  • Mythril - Security analysis tool for EVM bytecode

  • Manticore - Symbolic execution tool

  • Oyente - An Analysis Tool for Smart Contracts

  • Echidna - Ethereum smart contract fuzzer

Contributing

If you see any mistake or have improvement idea, feel free to open an issue and PR, or contact the author.

License

License: GPL v3