Ethereum Smart Contract Vulnerabilities and Security Detection

I. Security Status of Smart Contracts

When a vulnerability in smart contract security is exposed, it also plummets the coin market. Hackers can easily exploit the holes to make unlimited issues and free transfer of virtual currencies. According to the Blockchain Industry Security Analysis Report from the Baimaohui Security Institute, problems related to smart contract security have led to a loss of $1.24 billion USD, accounting for 43.3% of the total loss.

Frequent smart contract security breaches have cast huge doubts regarding Ethereum, greatly affecting the development and popularity of blockchain technology in the early stage.

This article shall analyze the current smart contract vulnerabilities in detail, and offer a brief review of current detection methods for smart contract vulnerabilities, as well as recommendations for security coding.

II. Key Analysis of Smart Contract Vulnerabilities

1) Integer Overflow

The Ethereum Virtual Machine (EVM) uses stack to simulate memory space, but the management and protection mechanism for the stack is not perfect. For contract computing, the stack should be rigorously monitored to avoid overflow. In particular, transfer functions should be meticulously examined. The currently known SMT, BEC, EDU and BAI smart contracts all have problems with integer overflow in the transfer logic system, resulting in unlimited issues or unrestricted transfers of tokens.

Case 1: SMT Vulnerability

Contract Address:

0x55F93985431Fc9304077687a35A1BA103dC1e081

Analysis:

Vulnerability in the contract exists in transferProxy, a transfer function anyone can access. The address of both parties, the commission, and amount of transfer can be specified by the parameters entered.

The parameter test performed by the function is shown in the red box above: Check whether the balance (balances[_from]) of the transferring party's (_from) account is sufficient for the amount to be transferred (_value) and the service fee (_feeSmt). If insufficient, the transfer fails, the function clears through revert() and returns to the previous pre-transfer status. Otherwise, the transfer completes.

In the test, since the transfer amount (_value) and surcharge (_feeSmt) are both entered by the user, the perpetrator enters a large amount (_value) and makes the sum of _value and _feeSmt exceed the maximum uint256 to generate an integer overflow. Meanwhile, a very small number is entered on the right side of that to ensure it can pass through the process and keep the real target transfer (_value) at a significant amount.

By manipulating the transfer amount and service fee, perpetrators can acquire a huge sum of SMT virtual currencies for nothing.

Real Case Study:

The perpetrator initiated an integer overflow by accessing the transferProxy function and entering 8ff...f, 700...0 to successfully steal 6.5 SMT1060 currency.

Case 2: Meitu BEC Vulnerability

Contract Address:

0xC5d105E63711398aF9bbff092d4B6769C82F793D

Here is the test result from RatingToken:

Analysis:

A joint effort of Meitu and BEC, the vulnerability for this contract is in the batchTransfer function. It allows anyone to make a quick transfer in batch from any address on the _receivers list. The function first checks the balance of the target account (the transferree in batches). The transfer is permitted only if the balance (balances[msg.sender]) is greater than the batch transfer (uint256(cnt) * value) requested. However, this does not check overflow on uint256(cnt)*_value, thus if the multiplication causes an overflow, the perpetrator can transfer copious BEC coins out of an account with insufficient balance.

After the vulnerability was publicized, BEC coins that had soared 4,000% in value at their height instantly dropped to zero for a catastrophic loss.

Real Case Study:

The perpetrator enters 800...0 and 000...02 for multiplication overflow, generating nearly 5.7 BEC1060 coins.

From the two cases above, we see that overflow vulnerabilities of smart contracts can be easily exploited by perpetrators with catastrophic impact. Therefore, we recommend examining the overflow problem thoroughly when coding smart contracts and using the safeMath secured computing kit.

2) Transaction Sequence Dependency

This vulnerability was brought up by Loi Luu, et al. from the National University of Singapore. They pointed out that during the execution stage of smart contracts, initiating a different function sequence may generate different output, resulting in logic vulnerability. Based on the cases they provided, we analyzed the loophole:

The function implemented by this contract currently allowed a user to receive pay from a contract drafter after completing Puzzle().

We set the pay to user (Line 26) for the transaction at Tx(User_getReward). The drafter can modify that amount (Line 19) to Tx(Owner_updateReward).

Two scenarios: The user first accesses the transaction Tx(User_getReward) then inputs Tx(Owner_updateReward). The user should get paid the original amount (R  0) agreed upon. However, the drafter can deceive the user by making the user perform a tedious series of calculations first and increasing the fee Tx(Owner_updateReward) for changing the pay, drastically reducing the final payout before the user gets paid Tx(User_getReward). With this, a drafter can defraud a user with unreasonable pay.

Given the analysis above, we can see that coding of smart contracts is open, released in advance and immutable. However, the security holes are extremely difficult to detect, and users are susceptible to fraud and great losses.

III. Testing Smart Contract for Vulnerabilities

As a large data-rating agency, RatingToken, has officially launched vulnerability-detection function for smart contracts online, the very first such offering for coin users in China. RatingToken inspects the contract addresses and codes of all listed projects, then performs machine learning-based model screening, GAN, and standardized verifications to identify high-risk items with contract vulnerabilities and fraudulent addresses.

Currently the website is capable of detecting the following vulnerabilities: Overflow, external access, unusual behavior, glitches and logic circuit. The website provides one-click smart contract scan, enabling users to easily access the vulnerability report of a smart contract and lower investment risk.