12 August 2021

Security Explained: Smart Contract Vulnerabilities

When it comes to the blockchain, you must be sure your security is flawless. Once you’ve been added to the chain, that’s it. Vulnerabilities present are there to stay.

We’ve talked about the blockchain and smart contracts before, and we believe that they need to remain in the focus for the security industry. Blockchain is only growing in use and cryptocurrency is only getting more valuable and popular. And with use, attention increases. Both positive and negative.

We wanted to discuss some specific vulnerabilities that are only possible in smart contracts on the blockchain.

Smart Contract Security

To lay out the basics of security related to smart contracts, they have to be a full code level dive. When we test smart contracts, a white box test is mandatory. You can learn more about white, grey, and black box testing here.

A white box test is a full source code review. While many organizations are reluctant to share any such information, this level of transparency is absolutely necessary. The implementation of smart contract is full and final, any vulnerabilities or exploitable aspects will be there permanently. We need that level of access so that our engineers can test and identify vulnerabilities on a code level.

Below, we’ll explain four commonly found vulnerabilities that are unique to smart contracts and the blockchain. Afterwards, hopefully, this white box access will make sense given the potential dangers.

Integer Arithmetic Errors

This refers to errors known as integer overflow and underflow.

Effectively, in programming, all numbers have values. These are called integers. And these numbers are stored, in this case we’ll just say in a ‘box’. And every box has a certain size, a limit.

However, computers are only binary. They are yes and no. So, if a number inside a box is modified beyond what it is capable of, it will default to a very low number or high number depending on its size. An overflow and underflow, respectively.

Now, typically this might not cause any problems but on the blockchain in smart contracts, it is problematic. Many smart contracts deal in financials. Cause an overflow in a large cryptocurrency vault, and now it’s nearly empty. Or underflow a small number of crypto to be much higher than its original value, allowing an attacker to potentially drain the contract.

A developer is responsible for ensuring that the mathematic operation checks for the correct size. What is contained within the box is a variable, and it is up to the developer to ensure there is a condition for the variable to be checked. If this is not accounted for, there can be serious consequences. There are libraries available, such as SafeMath, for developers to use so that they don’t make these mistakes.

Re-Entrancy

On the blockchain, everything has an address. Including smart contracts.

Whenever transactions occur, say sending money, you send it to an address. Therefore, you never know if you’re talking to another person or a smart contract. A person won’t cause any cascade errors of repeating requests because they just accept whatever transaction is occurring.

A smart contract, however, is executed sequentially. Let’s say your smart contract operates the transfer of currency. Someone requests the withdrawal, the cryptocurrency is passed, and then once that is done, the balance updates. The issue in this scenario is the balance may only update once the total funds are withdrawn.

Therefore, using a re-entrancy attack and our own malicious smart contract, we could request another withdrawal before any update occurs. As there would still be transactions ongoing, there wouldn’t be any update of balance.

We would then have a cryptocurrency fund on a loop of withdrawal. And because addresses could potentially be home to multiple users’ currency – we could potentially drain multiple users’ funds at once.

Block Gas Limitations

On the blockchain, every transaction incurs a ‘gas’ fee. It is a payment to the person who is doing the mining, which is required for every interaction. The fee is usually a minimum set by the creator of the blockchain and is negotiable. If you want priority, pay more, and you’re likely to be picked up faster.

More complex transactions will naturally cost more as well. And there is an upper limit to gas payments. This is to ensure the blockchain network is not stuck on a single transaction for too long.

So, let’s say you have a ‘Gifting Smart Contract’ prepared. Anyone who pitches in will be given some cryptocurrency once a limit is hit. At that limit, the contract is then called by the owner to send out all the currency as a gift to every eligible person. A hundred people enter, the limit is hit, and the smart contract splits the crypto into equal chunks and sends it out.

And for that transaction, you’ll need to pay gas. Probably a hefty enough fee.

But let’s say now you do it again, but it gains huge popularity. And you don’t have a hundred entries, but a million. We mentioned gas fees have an upper limit. Once that limit is hit, if you’re beyond it, the transaction fails. It’ll crash. Now, a million people’s crypto is sitting in a smart contract and can never be retrieved because that gas fee can never be paid.

This error can turn into a denial-of-service attack if the wrong people get involved.

Frontrunning

Our final vulnerability relates to the gas fee as well. As we said, all transactions have a gas fee, and you can pay optional, higher fees, for higher priority.

Let’s say a sensitive transaction is occurring on the blockchain through a smart contract. Some NFT or a very important financial transaction. And to secure the transaction, there is a unique key that the creator has.

Once anyone engages in that transaction, the transaction occurs, and the creator uses the key to continue. However, we’re on the blockchain. Nothing is private. Once done, the key is public because the miners need all the data to process it.

So, a malicious actor puts forward a higher gas fee before the transaction is completed. They are much more likely to be picked up by miners and can easily gain access to the smart contract with the access key before the actual owner can. And now that NFT or money is gone.

 

These are just a few of the common vulnerabilities found in smart contracts. There is a plethora of issues, from the transparency of the blockchain to even simple logic errors. We hope you learned something from this article and that you traverse the blockchain as safely as you can.

If you’d like to learn more about our security work, you can find more on our website. We have a page for blockchain security, as well as a portfolio of our past clients. For any other inquiries, we’d love to hear from you.