Examples: BITFRONT, LINE BITMAX, LINK, LINE NFT … › LINE uses CosmWasm smart contract written in Rust. › CosmWasm is a smart contracting platform built for the Cosmos ecosystem[1]. › Cosmos is an ecosystem of blockchains that can scale and interoperate with each other[2]. [1] https://docs.cosmwasm.com/docs/1.0/ [2] https://v1.cosmos.network/intro
Examples: BITFRONT, LINE BITMAX, LINK, LINE NFT … › LINE uses CosmWasm smart contract written in Rust. › CosmWasm is a smart contracting platform built for the Cosmos ecosystem[1]. › Cosmos is an ecosystem of blockchains that can scale and interoperate with each other[2]. › CosmWasm smart contract runs the WebAssembly virtual machine. cf. Ethereum smart contract [1] https://docs.cosmwasm.com/docs/1.0/ [2] https://v1.cosmos.network/intro
which support a smart contract. › It takes 4th place as a result of sorting by market cap which is about $4,000,159,801. (2022.10.31) Reference: https://cryptoslate.com/cryptos/smart-contracts/
vulnerabilities in Ethereum smart contracts. › One of the state-of-the-art tools is Smartian[1][2] which is a grey-box concolic fuzzer for finding bugs in Ethereum smart contracts using static and dynamic data-flow analysis. › The result said data-flow analyses are important to find bugs in smart contracts. [1] J.Choi, D.Kim, S.Kim, G.Grieco, A.Groce, and S.K.Cha, “Smartian: Enhancing smart contract fuzzing with static and dynamic data-flow analyses,” in Proceedings of the 36th IEEE/ACM Internatiional Conference on Automated Software Engineering (ASE), 2021. [2] https://github.com/SoftSec-KAIST/Smartian
1; ... } f(uint x) { state = ...; ... } State variable (persistent) User </> state Smart Contract › Smart contract defines functions that a user can call. › Each function can read or write persistent state variables.
1; ... } f(uint x) { state = ...; ... } Call State variable (persistent) User </> state Smart Contract › Smart contract defines functions that a user can call. › Each function can read or write persistent state variables.
contracts are discovered. › It’s important to find such bugs in the CosmWasm smart contracts as we expect the use of them to increase. › However, there is no open-sourced tool in order to find bugs in the CosmWasm smart contracts. Need to Make Testing Tool!
a vulnerable module can be problematic especially if there are publicly discovered bugs and issues that affect the current module. Reference: https://github.com/CosmWasm/cosmwasm/commit/c1edd61a96f57072cb8675734c91649c40751a85
a vulnerable module can be problematic especially if there are publicly discovered bugs and issues that affect the current module. Reference: https://github.com/CosmWasm/cosmwasm/commit/c1edd61a96f57072cb8675734c91649c40751a85
might wish to only access certain addresses, or not to access certain addresses. › If there is a problem in address check, a smart contract can allow unwanted addresses to access it. › ex: An attacker can receive all money in a smart contract.
might wish to only access certain addresses, or not to access certain addresses. › If there is a problem in address check, a smart contract can allow unwanted addresses to access it. › ex: An attacker can receive all money in a smart contract. › For example, using previous vulnerability, if there is a blocklist that all addresses are lowercase, the use of an uppercase address can bypass the blocklist. User </> Smart Contract Source code Blocklist - user - … “User” and “user” are same person ! Can Access
or underflow occurs, a panic!() occur. › In the case of Ethereum smart contract, when integer overflow/underflow occurs, the value is also overflowed/underflowed without error.
or underflow occurs, a panic!() occur. › In the case of Ethereum smart contract, when integer overflow/underflow occurs, the value is also overflowed/underflowed without error. › When you try integer type conversion using into() or try_into(), type conversion error can occur.
or underflow occurs, a panic!() occur. › In the case of Ethereum smart contract, when integer overflow/underflow occurs, the value is also overflowed/underflowed without error. › When you try integer type conversion using into() or try_into(), type conversion error can occur. Reference: https://github.com/LoTerra/loterra-staking-contract/blob/main/src/math.rs u128 u256
random inputs. › Simple but effective technique to find vulnerabilities. › Employed by major software companies (e.g., Google and Microsoft) Inputs Program Crash Mutate
contract. › There is no tool to instrument the data-flow for CosmWasm smart contract as far as we know. › Tracking data-flow for state is important to bugs in smart contracts[1]. [1] J.Choi, D.Kim, S.Kim, G.Grieco, A.Groce, and S.K.Cha, “Smartian: Enhancing smart contract fuzzing with static and dynamic data-flow analyses,” in Proceedings of the 36th IEEE/ACM Internatiional Conference on Automated Software Engineering (ASE), 2021.
contract. › There is no tool to instrument the data-flow for CosmWasm smart contract as far as we know. › Tracking data-flow for state is important to bugs in smart contracts[1]. › We should do black-box fuzzing. › How can we do efficiently? [1] J.Choi, D.Kim, S.Kim, G.Grieco, A.Groce, and S.K.Cha, “Smartian: Enhancing smart contract fuzzing with static and dynamic data-flow analyses,” in Proceedings of the 36th IEEE/ACM Internatiional Conference on Automated Software Engineering (ASE), 2021. Inputs </> Smart Contract ?
state. › Case of pseudo code in previous slide: › SetX(value) › SetX(value) -> SetY() › SetX(value) -> SetY() -> Foo(value) › Try fuzzing more by marking the sequence of messages that change the state.
…, …, “instantiate”: { … }, “execute”: { … }, “query”: { … }, … “responses”: { … }, } 0101.. Smart Contract Bytecode › When a source code of smart contract is compiled, bytecode and schema are generated. › A schema file includes type of each function and type of each parameter of function. Compile...
additional type information is stored. › In some cases, we need to refer to the other type stored in “definitions” for getting an exact type. Uint128 Coin amount “amount”: { “$ref”: “#/definitions/Coin” }, “definitions”: { “Coin”: { “amount”: { “$ref”: “#/definitions/Uint128” }, “denom”: { “type”: “string” }, }, “Uint128”: { “type”: “string” }, … }
additional type information is stored. › In some cases, we need to refer to the other type stored in “definitions” for getting an exact type. › We use topological sort to determine which type to parse first. Uint128 Coin amount “amount”: { “$ref”: “#/definitions/Coin” }, “definitions”: { “Coin”: { “amount”: { “$ref”: “#/definitions/Uint128” }, “denom”: { “type”: “string” }, }, “Uint128”: { “type”: “string” }, … }
N Worker 1 Worker 2 Worker N Context 1 Context 2 Context N › Our fuzzer works in parallel mode as default. › The sequence of transactions which is a seed are executed on one worker. › The result is stored in shared memory. STATE.x = 30 STATE.x = 10 … value = STATE.x // 10
variable indirectly, we send two query messages per transaction: One is before the transaction and the other is after the transaction. › We can find out which persistent state is updated in the transaction.
variable indirectly, we send two query messages per transaction: One is before the transaction and the other is after the transaction. › We can find out which persistent state is updated in the transaction. Transaction 1 Transaction 3 Transaction 2 Query 0 Query 1 Query 2 We can know initialized state. Find out updated states.
which occurs during execution time. › Gas depletion due to lack of gas. › Panic including assertion failure, integer overflow. › Out of bound error when accessing an array that exceeds its size. › … › We currently support to detect only runtime errors.
techverse_2022
tjmtrhs
lycorptech_jp
narirou
ham0215
ymotongpoo
shift_evolve
kentaro
ohbarye
nayuts
.png){kind=icon}
pharma_x_tech
yuya4
morganepeng
honnibal
garrettdimon
addyosmani
philnash
smashingmag
sergeychernyshev
paigeccino
phodgson
akosma
colly
lara
![#ContactInfo E-mail: [email protected] GitHub: kimdora](https://files.speakerdeck.com/presentations/080710914bda4eb89b5d400bd6ef5c2b/slide_61.jpg){kind=link}
