MatthewJiang-Rustle - 2023RustChinaCon.pdf

1、第三屆中國Rust開發者大會Rustle:the first static analyzer for smart contracts in RustMatthew JiangDirector of Security Team BlockSecMotivationBackgroundDesign123Capability UsabilityConclusion456OutlineMotivationWhy do we develop Rustle?Emerging chains with Rust as smart contracts language MotivationLimitations

2、 of manual auditTime-consumingExpensiveSkilled auditorsError-proneMotivationMotivationCurrent tools:Dont support contracts in RustBackgroundLLVM IRDesignC;C+RustGoFront-endClangRustcGollvmLLVM IRBack-endx86ARMBPFWASMLLVM Pass:rich APIs to analysis the LLVM IR BackgroundNearBlockchains with smart con

3、tracts in RustRustWebAssemblySolanaRustBPFThough they are compiled into bytecode in different formats,we can analyze the logic on the LLVM IRRich experience in auditing smart contracts in RustBackgroundDesignWorkflowDesignCompileSmart ContractsLLVMIRLLVM PassExtractedPatternsPattern MatchAnalysisRes

4、ultsDesign#private pub fn callback_withdraw(&mut self,amount:U128)match env:promise_result(0)PromiseResult:NotReady=unreachable!(),PromiseResult:Successful(_)=self.balance-=amount.0;PromiseResult:Failed=;pub fn withdraw(&mut self,amount:U128)-Promise assert!(self.balance=amount.into(),insufficient b

5、alance);ext_ft_core:ext(self.token_id.clone().with_attached_deposit(1).with_static_gas(GAS_FOR_FT_TRANSFER_CALL).ft_transfer_call(self.depositor.clone(),amount,None,.to_string().then(ext_self:ext(env:current_account_id().with_static_gas(GAS_FOR_FT_RESOLVE_TRANSFER).with_attached_deposit(0).callback_

6、withdraw(amount),)ExampleReentrancy point,hand over control flow to external contractself.balance hasnt been modified upon second entranceft_transfer_call()Reentrancy AttackState changeDesignpub fn callback_withdraw(&mut self,amount:U128)match env:promise_result(0)PromiseResult:NotReady=unreachable!

7、(),PromiseResult:Successful(_)=self.balance-=amount.0;PromiseResult:Failed=;call void _ZN8near_sdk11environment3env14promise_result17hdbc39eb9958e6bdcE(ptr sret(%near_sdk:types:vm_types:PromiseResult)%_21,i64 0)#9,!dbg!4685%_22=load i32,ptr%_21,align 4,!dbg!4685,!range!2246,!noundef!35switch i32%_22

8、,label%bb9 i32 0,label%bb10i32 1,label%bb11i32 2,label%bb13,!dbg!4686bb10:;call core:panicking:paniccall void _ZN4core9panicking5panic17h364c37174a08a6a4E(ptr align 1 alloc438,i32 40,ptr align 4 alloc440)#10,!dbg!4687unreachable,!dbg!4687bb11:%6=load i128,ptr%self,align 8,!dbg!4688%_25.0=sub i128%6,

9、%amount,!dbg!4688%_25.1=icmp ult i128%6,%amount,!dbg!4688%7=call i1 llvm.expect.i1(i1%_25.1,i1 false),!dbg!4688br i1%7,label%panic,label%bb12,!dbg!4688bb13:;call core:ptr:drop_in_placecall void _ZN4core3ptr61drop_in_place$LT$near_sdk.types.vm_types.PromiseResult$GT$17hc8d1a50a856c2b05E(ptr%_21)#9,!d

10、bg!4689ret void,!dbg!4690bb12:store i128%_25.0,ptr%self,align 8,!dbg!4688br label%bb13,!dbg!4691NotReadySuccessfulFailedAdvantages Support different chains with smart contracts in Rust Support to add new detectors for extension Support different platforms/OSsDesignCapability Being able to locate 30

11、different types of vulnerabilities Being able to find real world vulnerabilitiesRich DetectorsEach detector can locate one specific type of security issuesRustle currently supports 30 different detectorsFor the complete list,refer to https:/ caseCapabilityRustles Result:SPL-LendingIncorrect rounding

12、rounding can be manipulatedAssume collateral_amount is 3,self.0 is 2,then liquidity_amout will be round(3/2)=2the returned collateral_amount will be round(2*2)=4 3,you can get more than you collateralizedReal caseNearX-$830KSelf-transferCapability(both ft_transferand ft_transfer_call invoke internal

13、_neax_transfer)Rustles Result:sender_acc and receiver_acc can be the sameReal caseCapabilityRustles Result:Wormhole-$321MLack of owner-checksecp_ix can be controlled with a fake accs.instruction_accUsabilityWith complex technology stack,Rustle is easy to useEasy to useEasy to set up:run a few comman

14、ds to installEasy to launch:./Rustle hEasy to deploy:Linux,macOS,DockerLaunch Rustle with a single command in multiple platformsUsabilityCLI,CSV,Notion,and etc.UsabilityResults in different formatsExtend Rustle to support locating new vulnerabilitiesWrite an LLVM pass as detector pluginAdd compiling

15、 option in MakefileSpecify severity in RustleComplete documentation and samples is preferredWelcome to ContributeUsabilityConclusion Rustle is the first static analyzer for smart contracts in Rust and has been integrated into our workflow Rustle supports checking various types of security vulnerabilities and can identify them in the wild Rustle is highly scalable and can be easily extended to support new features Rustle is open source(https:/ powered by BlockSec(https:/ you！Q&A Email: Website:https:/ Medium:https:/