Editor's note: This article is from Alpha Commune (ID: alphastartups), author: Alpha Commune, published with authorization.
1. Introduction
On August 6, 2018, Tencent Security released the "Blockchain Security Report for the First Half of 2018". The report shows that there are currently more than 1,600 encrypted digital currencies in the world. Security issues have cost more than $2.7 billion, and the amount lost due to blockchain security incidents is still rising. From IOTA "email door event", USDT "false recharge vulnerability", EOS "rainbow attack", to BEC and SMT "integer overflow attack vulnerability", BTG "51% computing power attack", etc., this series of events triggered Everyone's attention and thinking.
What are the main threats to blockchain security? Why is the security issue of smart contracts so important and attracts so many people's attention? How many security types are there for smart contracts? What are the current mainstream security monitoring methods? What is the most effective way? How can everyone get secure and bug-free smart contract code?
In response to this series of issues, Alpha Commune interviewed Guo Yu, the founder of SECBIT, to systematically introduce the security issues and mainstream solutions of the blockchain industry.
2. Six types of blockchain security
image description
Blockchain 2.0 Version Technical Architecture
The first layer, cryptography.Cryptography is the underlying supporting technology of the blockchain, including hash algorithms, digital signatures, random numbers, etc. If there are problems or loopholes in these cryptography techniques, the trust built on the entire blockchain based on this will collapse.
Although the current cryptography technology is quite mature, the possibility of huge loopholes is relatively small, but it still does not rule out that some projects have problems. On July 15, 2017, IOTA, known as "the world's first currency of the Internet of Things", received an email from DCI, an academic research group affiliated to the Massachusetts Institute of Technology, reminding the IOTA team that there is a weakness in IOTA's hash algorithm Curl-P, and DCI A successful attack on the system can be carried out to steal user funds. Although IOTA subsequently questioned and refuted DCI's email, so far, no user has had funds stolen because of this vulnerability, but this incident has aroused everyone's concerns about the security of IOTA and other projects in terms of cryptography technology. focus on.
The second layer is the generation, use and protection of the user's private key.The certificate for the user to participate in the blockchain is a pair of public and private keys. The premise for each person to interact through the blockchain is that he has a safe private key and can keep his own private key. Therefore, the generation, trial and protection of the private key Questions are very important.
In July this year, due to security risks in the private key generation tool of EOS, hackers found loopholes in the created private key and implemented a "rainbow" attack, resulting in the theft of account digital assets and the loss of tens of millions of digital assets.
The third layer, node system security vulnerabilities.This problem belongs to the category of traditional security. For example, blockchain nodes cannot have traditional security vulnerabilities such as buffer overflows. In addition, the implementation of blockchain nodes must be able to faithfully and correctly implement the consensus protocol of the blockchain; nodes cannot expose API interfaces that should not be exposed, so that hackers can obtain some key node information without hindrance. Both Ethereum and EOS have been exposed to serious security vulnerabilities. This part of security is also crucial.
The fourth layer is the underlying consensus protocol.Currently, the mainstream blockchain consensus protocols on the market include the following: POW, POS, DPOS, and PBFT. The underlying consensus protocol determines whether the entire structure of the blockchain is credible, and whether it can truly form a blockchain with consensus. There are not many consensus protocols that are truly proven safe, because the consensus protocol itself is not simple in theory or technical implementation. Consensus protocols that have been verified for a long time are relatively safe, such as Bitcoin's POW. Consensus protocols have an impossible triangle: security, decentralization, and efficiency, and these three can only achieve two at the same time. If you pursue efficiency, you must either sacrifice decentralization or sacrifice security.
The question of whether the consensus protocol of a blockchain system is safe is crucial.
image description
"51% computing power attack" in the American drama "Silicon Valley"
The fifth layer, smart contracts.A smart contract is a set of promises defined in digital form, including an agreement on which contract participants can implement these promises. Any participant can create a contract at the application layer, which is the so-called DAPP (Decentralized Application). This is also where the most security issues arise.
Smart contract security risks include three aspects:First, there are no loopholes.Are there common security holes in the contract code.Second, is it credible.A smart contract without loopholes may not be safe, and the contract must be fair and credible.Third, conform to certain norms and procedures.Since the creation of contracts requires the definition of commitments in digital form, if the contract creation process is not standardized enough, it is easy to leave huge hidden dangers.
At present, many smart contracts on the market have security vulnerabilities. For example, on June 3, SECBIT found 81 contracts with the same error on Ethereum. The transferFrom function in the ERC20 Token contract has a huge hidden danger. Once deployed If there is a problem later, it will cause irreparable losses; on June 6, SECBIT found that the ERC20 token contract FXE has loopholes in the implementation of business logic. Completely zero risk.
As a practitioner in the blockchain industry, a smart contract user or a cryptocurrency owner, you should learn the corresponding knowledge of cryptography and smart contract programming, and you must not copy and use codes involving financial security contracts and public and private keys at will. If malicious attackers openly spread codes with serious vulnerabilities on the Internet and induce organizations with insufficient technical development capabilities to use them, it will cause devastating blows and irreparable losses to users.
The sixth layer is the design of incentive mechanism.To complete collaboration in smart contracts, it is usually necessary to design corresponding economic incentive mechanisms. Economic incentives are a very breakthrough concept in blockchain technology. A truly healthy and vibrant blockchain ecosystem requires a good incentive mechanism. However, the design of economic incentives is not safe enough, and the ecology may not be built, such as typical Ponzi-like games. Everyone should be vigilant about this.
3. Three major issues of smart contracts
The six-layer blockchain security issues introduced above are all divided based on the corresponding technical levels. The lower the technology is, the more stable it is. For example, after the cryptography is selected from the beginning, it will not be easily changed.
Since smart contracts are relatively flexible and can be created by anyone, they are relatively prone to security issues.
Any user can create a contract based on consensus, just like every ordinary person can write a contract based on a certain law. This law is a consensus mechanism (platform), and this contract also has internal constraints. Use DAPP is like signing a contract, and all actions must be performed in accordance with the terms of the contract. Therefore, the security risks of smart contracts are directly related to the loss of users' property.
So far, SECBIT has discovered three major problems with smart contracts in the market:
First, security holes represented by integer overflow.Security vulnerabilities are usually accidentally introduced by the person who wrote the code. It may cause some functional parts of the contract to fail. In the worst case, it may lead to hacker attacks, users lose coins, and even hackers create a lot of coins out of thin air. For example, BEC, SMT, and EDU have been attacked by hackers due to integer overflow security vulnerabilities, resulting in zero currency value.
Second, smart contract authority control.Generally, an administrator will be set up in a smart contract, and the administrator generally has super authority. This type of contract has a relatively large security risk, because once the private key of the administrator is stolen, it is easy to cause huge losses. According to incomplete statistics from SECBIT, among the top 570 Token contracts, 342 contracts have functions that only administrators can call (Only Owner), and many contracts even have functions such as minting coins, burning coins, Freezing accounts, shutting down transfers and other excessive permissions.
On July 10 this year, the cryptocurrency trading platform Bancor claimed to have been attacked and lost Ethereum worth US$12.5 million, Bancor tokens worth US$10 million, and Pundix tokens worth US$1 million. After our analysis, we found that the theft of the Bancor platform was related to the BancorConverter contract. The attacker (hacker/insider) obtained the private key of the administrator account and used the administrator’s identity to steal the user’s Token, causing huge damage to the user. loss.
Third, normative issues.At present, there is no uniform specification for the implementation of many smart contracts. Smart contracts are multi-person collaboration in an interactive manner. If the contract is not standardized, it is easy to cause different people to misunderstand the behavior of the contract, resulting in a large number of security problems.
For example, the "false recharge" incidents that broke out one after another this year, including Ethereum tokens, USDT, etc., according to incomplete statistics conducted by an organization, show that 3,619 single-token contracts on the market have the risk of "fake recharge" vulnerabilities. There are many well-known tokens among them.
Under normal circumstances, if the transfer is unsuccessful during the recharge process, the account will not be recharged, and the account balance will still be 0. However, if there is a "false recharge" loophole in the contract, when the transfer is unsuccessful, the system will not display the recharge failure (value), and the exchange will misjudge the result as a successful recharge. If a hacker discovers this loophole, he will continue to make "false" recharges, and then withdraw the money, causing direct losses to the exchange.
4. The Importance of Formal Verification
At present, there are three main inspection methods for smart contract security issues in the market.The first is testing, the second is auditing, and the third is formal verification.The test requires the program to run automatically, through various possible inputs, to detect whether there are integer overflow vulnerabilities and other problems. However, this test is usually impossible to cover 100%, and there must be omissions. Auditing is to rely on the professional knowledge of experts to audit, but no matter how professional experts are, there may be omissions.The first two traditional methods cannot guarantee that there are no loopholes in the contract, but formal verification can do this.
Formal verification can solve three types of problems,The first category is safe and flawless:Through the method of mathematical reasoning, capture and cover all the behaviors of the contract, covering all possibilities, so as to ensure that the contract has no loopholes.The second category is credible: open and transparent.The creator of the contract not only needs to explain what he did, but also proves to everyone that the code does. This is currently only possible with formal verification.The third category is normative issues.The false recharge vulnerability mentioned above is because the ERC20 specification of Ethereum is very vague and incomplete. How can I write it completely? This requires that the specification of the contract cannot be described in natural language or text, but should be formalized and strictly defined in a mathematical logic language.
Formal verification has already had a large number of application cases in the industry, especially in the fields related to safety systems. For example, aerospace, high-speed rail, nuclear power and other industries have dedicated teams to provide formal verification services, and its functions and effects have long been obtained. Endorsed by security industry experts.
Currently, formal verification includes model checking and deductive reasoning. SECBIT has accumulated more than ten years of scientific research results and engineering experience in deductive reasoning, and its technology is relatively leading in the world.
Relatively authoritative and safe companies, such as Zeppelin and the Ethereum official website, have published problematic smart contract codes. If there is a more credible smart contract code base that does not rely on authority and is open to everyone, it will be a good solution to this problem. In this regard, SECBIT has done a lot of work, and is currently establishing the world's first credible open source smart contract code library, which is convenient for everyone to use for free.
