Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Dynamic Link: Smart Contract Interaction Method...

Dynamic Link: Smart Contract Interaction Method Developed by LINE

Ryo Takase (loloicci) (LINE / Blockchain Engineering Team / Software Engineer)

https://tech-verse.me/ja/sessions/79
https://tech-verse.me/en/sessions/79
https://tech-verse.me/ko/sessions/79

Tech-Verse2022

November 17, 2022
Tweet

More Decks by Tech-Verse2022

Other Decks in Technology

Transcript

  1. Topics Smart Contracts Interaction, Re-entrancy Attacks, NFS contracts - Stolen

    much of ETH and cause of a hard-fork - The DAO Attack is caused by re-entrancy - How to block re-entrancy in CosmWasm and LINE Blockchain The DAO Attack / Re-entrancy NFT Contracts - How NFT contracts are implemented Dynamic Link - Smart contracts interaction method developed by LINE - Taking advantages of WASM - Comparison between other chains (Ethereum, CosmWasm)
  2. Agenda - Basic Knowledge - Blockchain - Smart Contract -

    Interaction of Smart Contract - Desirable Features for Interactions - Blocking Re-entrancy - Interface Validation/Detection - Traditional Interaction Methods - Etheream: External Call - CosmWasm: Submessages / Reply - Dynamic Link: Method Developed by LINE
  3. Agenda - Basic Knowledge - Blockchain - Smart Contract -

    Interaction of Smart Contract - Desirable Features for Interactions - Blocking Re-entrancy - Interface Validation/Detection - Traditional Interaction Methods - Etheream: External Call - CosmWasm: Submessages / Reply - Dynamic Link: Method Developed by LINE
  4. Blockchain Blockchain is a distributed ledger technology contains glowing list

    of records named block - Blockchain is a list of records - Example of records - “Alice sent 10LN to Bob” - “It is rain in Tokyo on 2022/11/13” - “Alice will pay 42LN to Bob if it will be rain in Tokyo on 2022/11/30” Records
  5. Smart Contract Add your logic to blockchain as a function

    - Smart Contract’s code is recorded in a block - Users can call them - Results are recorded in chain - Able to use other chain features - Smart Contract enables to add new logics to chain - Insurance Contract - Licence Register
  6. Call Smart Contract How users or smart contracts call another

    smart contract - When users or contracts call another contract, - Instantiating a VM - With the storage of the callee - Executed with input from the entry point of the code - code parses the message - code executes some logic VM VM Storage call Code
  7. Contract Example: Avatar License Shop Avatar license shop as a

    NFT contract - Map of Avatar to license owners are recorded in the storage - Users can read or write info via exported functions in code - “listOwnedBy(who)” - “ownerOf(id)” - “buy(id)” - “transferFrom(who, who, id)” - These licenses are one of NFTs Avatar Shop foo : Alice bar : Bobr Code ownerOf(bar) buy(foo) transferFrom(Alice, Bob, foo) Bob succeed succeed listOwnedBy(Bob) [bar] Alice
  8. Alice’s p-foo ↕ Bob’s 1LN Alice: a-foo p-foo p-bar Bob:

    a-bar b-foo b-bar Interaction Example: Agent Each smart contracts can interact with other contracts - Agent: a contract which is agent for translation of licenses - Example functions - Listing one’s license (uses “listOwnedBy”) - Mediating trades of licenses (uses “transferFrom”) a-foo: Alice a-bar: Bobr Avatar Shop Paint Shop Banner Shop Agent Alice Bob p-foo: Alice p-bar: Alice b-foo: Bobr b-bar: Bobr
  9. Agenda - Basic Knowledge - Blockchain - Smart Contract -

    Interaction of Smart Contract - Desirable Features for Interactions - Interface Validation/Detection - Blocking Re-entrancy - Traditional Interaction Methods - Etheream: External Call - CosmWasm: Submessages / Reply - Dynamic Link: Method Developed by LINE
  10. Blocking Re-entrancy Re-entrancy is a vulnerability of smart contract and

    attacking using it 100LN Balance Mallory can receive 1LN pay_to(Mallory) pay 1LN to Mallory then delete Mallory can receive 1LN Mallory can receive 1LN If the storage has Mallory when_I_am_paid call pay_to(Mallory) pay call pay call pay before commit! … Agent - Re-entrancy vulnerability is the cause of “The DAO Attack” - Caused by inadequacy of lock for the storage - Before delete “Mallory can receive 1LN” - Mallory can withdraw from their balance multiple times - Can withdraw ALL balances
  11. Interface Validation / Detection Enable to judge whether the contract

    supporting specified interface - Function to validate that the contract supports specified interface - Agent wants to know which is the shop contract - Shop publishes its interface - Agent asks shops whether it has the “License Shop Interface” Agent listOwnd whoOwns buy Avatar Shop License Shop Interface transferFrom listOwnd whoOwns buy Paint Shop License Shop Interface transferFrom Call functions Is it a license shop? Yes, it has License Shop Interface
  12. Agenda - Basic Knowledge - Blockchain - Smart Contract -

    Interaction of Smart Contract - Desirable Features for Interactions - Blocking Re-entrancy - Interface Validation/Detection - Traditional Interaction Methods - Etheream: External Call - CosmWasm: Submessages / Reply - Dynamic Link: Method Developed by LINE
  13. Review: Call Smart Contract How users or smart contracts call

    another smart contract VM VM Storage call Code - When users or contracts call another contract, - Instantiating a VM - With the storage of the callee - Executed with input from the entry point of the code - code parses the message - code executes some logic
  14. Entry points of VMs Difference of entry points CosmWasm’s VM

    has multiple entry points Execute is given the read/write access. Query is given the read access. Ethereum’s VM has only 1 entry point The entry point dispatches input to each functions. Operations for writing are restricted by VM on the context. Ethereum Binary fn readOnly fn readWrite Dispatch CosmWasm Json Message execute migrate… reply… fn write1 fn write2 Dispatch query fn read1 fn read2 Dispatch Instantiate…
  15. Execute another contract How to call another contract Calling with

    return submsgs, callback to reply Function returns “submessages” which are command to execute another contract’s function. The result is taken in the callback named “reply”. As like calling external library In source code, calling another contract as an external library. fn foo() { let res = callee.bar() do_something… } fn bar() { do_something… return result } Ethereum caller callee fn execute(msg) { do_something… let res = query(callee, msg) return submsg } fn reply(result) { do_something… return final_result fn query(msg) { do_something… return result } fn execute(msg) { do_something… return result } CosmWasm caller callee
  16. Re-entrancy Ethereum is valuable to re-entrancy attack / CosmWasm is

    secure to re-entrancy attack Secure to re-entrancy attack After the first call’s changes have been committed, reply call is occurred. Valuable to re-entrancy attack Before the first call’s changes have been committed, re-entrancy call is occurred. Contract1 Contract2 call call re-entrance Contract1 Contract2 sub message reply Ethereum CosmWasm call sub message reply
  17. Interface Validation / Detection Both of Ethereum VM and CosmWasm

    VM have no interface detection function, but Ethereum community has some protocols - A protocol and contract which is like a DB of map of contracts to interfaces - Developer implement the function to record its interfaces to DB Ethereum ERC1820 - Pseudo-introspection Registry Contract CosmWasm - There are no functions or protocols for interface validation / detection Ethereum ERC165 - Standard Interface Detection - A community based protocol and an interface for contracts publish interfaces it has - Developer implements the function to answer whither the contract has the specified interface
  18. Ethereum: External Call Good Develop Experimence Blocking Re-entrancy ! No

    VM supports, Able to deploy vulnerable contract (There are some supporting tools to security checks) Interface Detection " Community based ERCs ! No VM supports, informations are contracts’ self-report Develop Experience " Calling other contracts as it is an external library like common programming languages
  19. CosmWasm: Submessages / Reply Good feature for blocking re-entrancy Blocking

    Re-entrancy " System blocks re- entrancy attack Interface Detection ! There are no supports -> improve with dynamic link Develop Experience " Each entry point has minimum authority. Able to communicate with other modules of CosmosSDK. ! Submessages and reply is a specialized way and a little complex -> improve with dynamic link
  20. Agenda - Basic Knowledge - Blockchain - Smart Contract -

    Interaction of Smart Contract - Desirable Features for Interactions - Blocking Re-entrancy - Interface Validation/Detection - Traditional Interaction Methods - Etheream: External Call - CosmWasm: Submessages / Reply - Dynamic Link: Method Developed by LINE
  21. Dynamic Link Imports as APIs, Exports as entry points -

    Key idea: a VM is a module - Imports are converted to external APIs of VM - Exports are converted to entry points of VM - Enable to call other contracts’ function as like external library - When callee contract is called, chain system instantiate callee VM and calls its entry point caller VM Import callee.bar fn foo () { let res = callee.bar() do_something… } callee VM export bar external API entry point chain system
  22. Interface Validation / Avoid Re-entrancy Dynamic Link has good features

    System Blocks the re-entrancy System blocks calling the same contract multiple times in one callstack. System supports interface validation VM can check the interfaces of a contract by checking WASM header. Developers do not need to implement interface publishing functions. VM export foo(…) export bar(…) check_export foo(…), bar(…) caller callee Block
  23. Dynamic Call Dynamic call inherits strong points of typical methods

    and taking WASM’s advantages in interface validation Blocking Re-entrancy " Re-entrancy is Blocked by chain # The way is a little add-hock Interface Validation Using WASM header’s information - " Always collect and always usable - " Developers do not need to implement something Develop Experience " Simple usage like Ethereum’s external call
  24. Conclusion LINE developed the dynamic link taking advantage of using

    WASM as contracts - WASM enables explicitly interface publishing - Simple interface validation Taking advantage of WASM Join our develop - LINE/CosmWasm is an OSS - Dynamic link has still add-hock restriction to avoid re-entrancy LINE developed the dynamic link: a new contract interaction method - Expansion of CosmWasm and improving developer experience - As simple usage as Ethereum’s external call - Blocking Re-entrancy by system