1. 智能合约存在大量安全隐患
2010年8月,比特币发生了一次整数溢出漏洞(CVE-2010-5139),使得攻击者产生了2笔输出92233720368.5427个比特币的交易,远超中本聪设定的2100万上限。 2018年4月,以太坊上的智能合约也接连发生2起整数溢出漏洞(CVE-2018-10299,CVE-2018-10376),攻击者凭空增发了大量的token,使得投资者的资产被严重稀释。
为了分析当前最流行的以太坊智能合约的安全性,SECBIT实验室安全团队深度扫描检测了当前正在运行的23357个智能合约源代码,通过AI智能合约安全审计模型扫描,实验室安全专家发现其中大量合约代码存在着不同程度的安全隐患。
根据扫描结果显示,这23,357个智能合约源代码中,智能合约总共出现了405882个不符合安全开发规范的项,平均每个合约有超过17个规范违反项,尽管这些点不会立即导致智能合约出现安全漏洞,但是对于保护巨量数字资产的代码,这些问题都有可能成为黑客的分析和攻击方向,作为项目方的开发人员,不能忽视这些隐患,并保持清晰的思路,尽可能严格按照安全开发规范要求进行开发,这样才能避开潜在的攻击威胁。
扫描结果显示,低级别(Low)的安全问题有26,821个,主要有未指明版本号以及高GAS消耗等问题。未指明版本号可能会在将来新版本编译器上遇到不兼容问题。SECBIT实验室的安全专家建议开发者在开发过程中,为用户调用函数节约GAS,以避免在网络拥堵时让用户负担过多手续费。
另外中级(Medium)安全问题有7,202个,主要有整数溢出、除法、依赖时间戳、区块哈希的运算。整数溢出问题在BEC、SMT的Token发行合约上已经展现出了危害性,在此不再赘述。EVM目前不支持浮点数,除法运算在EVM上表现为向下取整,开发者在智能合约上应当尽量避免,以免发生潜在的安全隐患。另外如果将时间戳、区块哈希作为随机数来源,有一定被矿工操纵的风险,开发者应该注意设计安全的交互协议。
扫描结果中高危(high)安全问题有572个,主要集中在代码重入、短地址攻击、强制转账、使用合约余额来做判断、高地址脏数据、tx-origin的误用上。以太坊历史上曾发生过一次震惊世界的攻击——the DAOHack,这也是代码重入漏洞展示威力的一次标志性事件。这些问题都有重演类似严重安全事件的可能。
2. 以太坊智能合约信息现状
除了上文提到的使攻击者受益的一类安全问题,还有一些类似Parity多重签名钱包的问题,尽管没有一方可以获益,但是用户却遭受了巨额的损失。
为了解到当前智能合约的发展现状,SECBIT实验室安全团队监控扫描了以太坊上所有历史数据,并统计分析了自创世区块以来,以太坊上所有创建的智能合约信息。
图中横轴表示日期,纵轴表示当日智能合约创建数量
如图所示,以太坊智能合约每日创建数量总体呈现上升趋势,并且合约代码的复杂程度也随之增高 。
据Amberdata网站监控统计,目前以太坊上每小时交易所涉及的金额已经达到1.6亿美元,每天可达40亿美金,其中53.5%的交易涉及智能合约。随着智能合约数量的进一步增多,DApp的广泛应用,其管理的数字资产数量提升,面临的安全威胁也随之增长,由于智能合约难以通过传统的升级、打补丁等方式填补漏洞,通常只能在开发期间或合约部署前进行完备的安全检查。然而由于一般开发人员的安全意识仍然不够,可能在开发时无法意识到自己引入了安全隐患,这极有可能给智能合约带来相当大程度的安全隐患。每一个暴露在开放网络上的智能合约都有可能成为专业黑客团队的金矿和攻击目标。
3. 引入第三方代码安全审计至关重要
不同于传统的闭源软件,区块链上的智能合约代码是完全公开透明、并且开源的,因此引入代码安全审计是不可缺少的重要安全举措,通过第三方专业的审计这才能保证在合约在虚拟机、语言、业务逻辑等多方面的稳定可靠,并具备抵御攻击能力。作为管理巨量数字资产的智能合约,透过专业的第三方团队来进行安全审计是保障资产安全的负责任的措施。
据SECBIT智能合约安全审计平台实时追踪,现今以太坊上已经部署的合约数量已经达到6,081,658个(统计截止到块高度为5,460,050),而真正经过第三方安全审计的智能合约数量可能还不足1%,未来随着智能合约数量的进一步爆发式增长,如果智能合约依然未经安全审计而上链运行,区块链安全乌云仍将无法退去。
如需深入了解智能合约安全开发与安全审计的细节,请与SECBIT实验室联系:info@secbit.io
SECBIT实验室 由一群热爱区块链技术的极客组建,专注于可信智能合约与安全共识协议研究。实验室成员遍布在全球多个国家,专业领域涉及区块链底层架构、智能合约语言、形式化验证、密码学与安全协议、编译与分析技术、博弈论与加密经济学等诸多学科。SECBIT实验室目前着重于研究区块链智能合约的安全问题,助力区块链团队提高智能合约的可靠性与安全性,开展构建智能合约安全框架的理论探索与技术研发,参与共建共识、可信、有序的区块链经济体。
(本文由币须说深度合作伙伴SECBIT研究室提供)
___________英文原版_____________
In August 2010, Bitcoin had an integer overflow vulnerability (CVE-2010-5139), which caused the attacker to generate 2 transactions of 92233720368.54277039 Bitcoins, far exceeding the upper limit of 21 million set by Nakamoto Satoshi.
In April 2018, there were two consecutive integer breaches in the smart contract on Ethereum (CVE-2018-10299, CVE-2018-10376). The attacker issued a large number of tokens out of thin air, causing the investor’s assets to be heavily diluted.
In order to analyze the security of the most popular Ethereum smart contracts, the SECBIT laboratory security team in-depth scan detected the currently running 23,357 smart contract source code. Through the AI smart contract security audit model scan, laboratory security experts found a lot of them. There are different degrees of security risks in the contract code.
According to the scan results, among the 23,357 smart contract source codes, there were a total of 405,882 non-compliant security development items in smart contracts, with an average of more than 17 specification violations per contract, although these points would not immediately lead to smart contracts. There are security vulnerabilities, but for the protection of huge amounts of digital assets code, these problems may become the analysis and attack direction of hackers. As a project developer, you cannot ignore these hidden dangers, and maintain a clear idea, in strict accordance with the security The development specification requires development so that potential attack threats can be avoided.
The scan results showed that there were26,821 low-level security issues, including unspecified version numbers and high GAS consumption. Unspecified version numbers may encounter incompatibility issues in future new version compilers. Security experts at SECBIT Labs advise developers to save GAS for user calls in the development process to avoid overloading users with network congestion.
In addition, there are 7,202 medium security issues, including integer overflow, division, dependent timestamp, and block hash operations. The issue of integer overflow has already shown harm on the Token issue contract of BEC and SMT, and will not be repeated here. EVM currently does not support floating-point numbers, and division operations are rounded down on the EVM. Developers should avoid using smart contracts to avoid potential security risks. In addition, if the timestamp and block hash are used as sources of random numbers, there is a certain risk that the miner will manipulate it. Developers should pay attention to designing a secure interactive protocol.
There are 572 high-security issues in the scan results, mainly focusing on code reentry, short address attacks, forced transfers, use of contract balances for judgment, high-address dirty data, and tx-origin misuse. In Ethereum’s history, there has been an attack that has shocked the world—the DAO Hack. This is also a symbolic event of code reentrance.
All these issues have the potential to repeat similar serious security incidents.
In addition to the type of security issues mentioned above that benefit the attacker, there are some problems similar to the Parity multi-signature wallet. Although none of the parties can benefit, the user suffers huge losses.
In order to understand the current status of the development of smart contracts, the SECBIT laboratory security team has monitored and scanned all Ethereum historical data, and has statistically analyzed information on smart contracts created on Ethereum since the creation .
As shown in the figure, the daily creationvolume of Ethereum smart contracts shows an overall upward trend, and the complexity of the contract code also increases.
According to Amberdata website monitoringstatistics, the current hourly price of Ethereata's transactions has reached 160 million U.S. dollars, up to 4 billion U.S. dollars per day, 53.5% of which involve smart contracts. With the further increase in the number of smart contracts, the widespread use of DApp has led to an increase in the number of digital assets it manages and the security threats it faces. With smart contracts, it is difficult to fill loopholes through traditional upgrades and patching. Complete security checks during development or before contract deployment.
However, because the general developer'ssafety awareness is still not enough, it may not be realized at the time of development that he has introduced a security risk, which is very likely to bring a considerable degree of security risks to smart contracts. Every smart contract exposed on an open network can potentially become a goldmine and attack target for professional hacking teams.
Unlike traditional closed source software,the smart contract code on the blockchain is completely open, transparent, and open source. Therefore, the introduction of code security auditing is an indispensable and important security measure. Through a third-party professional audit, this can ensure that the Virtual machines, languages, business logic, and other aspects are stable and reliable, and have the ability to resist attacks. As a smart contract for managing massive digital assets, conducting security audits through professional third-party teams is a responsible measure to ensure the security of assets.
According to the real-time tracking of the SECBIT smart contract security audit platform, the number of contracts already deployed on Ethereum has reached 6,081,658 (statistics block size is 5,460,050), and the number of smart contracts actually undergoing third-party security audit may be less than 1%. In the future, with the further explosive growth in the number of smart contracts, if smart contracts are still running without security audits, the blockchain security cloud will not be able to recede.
For further details on smart contract security development and security audits, please contact SECBIT Labs at info@secbit.io.
________________________________________
SECBIT Labs is formed by a group of geeks who love blockchain technology and focuses on the study of trusted smart contracts and security consensus protocols. Lab members are located in many countries around the world. The areas of expertise include blockchain infrastructure, smart contract language, formal verification, cryptography and security protocols, compilation and analysis technologies, game theory andencryption economics, and many other disciplines. SECBIT Labs currently focuses on the research on the security of blockchain smart contracts, helps blockchain teams improve the reliability and security of smart contracts, conducts theoretical exploration and technology research and development on building smart contract security frameworks, and participates in consensus building. A faithful and orderly blockchain economy.
