2018年漫談以太坊公鏈安全.pdf

1、漫談以太坊公鏈安全About Me羅元琮(Edward)Director of Vulnerability Research at PeckShieldHas extensive experiences in OS kernel layer with deep knowledge in advanced vulnerability discovery and exploitationBefore joining PeckShield,I worked for Qihoo 360 as the team lead of C0RE Team,which was recognized by Goog

2、le as the top research team in 2017.I am now focusing on the security of blockchain infrastructureSubmitted several vulnerabilities to the Ethereum FoundationETHEREUM IN 20171,090 Dapps&700+Tokens100,000 New Users Per DayDaily Trading 1,000,000MARKET CAP IN 20181,845 CryptocurrenciesMarket Cap 200 B

3、illionGlobal GDP Rank:50thBlockchain Status QuoMt.Gox Hacks with Followed BankruptcyPoloniex Hacks with 12.3%BTC LostBitstamp Hacks with 19,000 BTC StolenCryptsy Hacks with 13,000 BTC and 300,000 LTC StolenBitfinex Hacks with 120,000 BTC Stolen of 75Million DollarsBithumb Hacks with 1 Billion Korean

4、 Yuan Loss and 30 Thousand User Info.LeakedNicehash Hacks with 4700 BTC Missing with 62 Million DollarsCoincheck Hacks with 530 Million Dollars StolenBitGrail Hacks with Stolen Nano Tokens of 170 Million DollarsMyetherwallet Suffer from DNS HijackingBEC,SMT Smart Contracts BugsEDU,BAIC Smart Contrac

5、ts Bugs2014/022014/032015/012016/012016/082017/062017/122018/012018/022018/042018/042018/052018/06Bithumb Hacks with$31 Million Dollars StolenSecurity IncidentsBlockchain EcosystemInfrastructureSmart ContractCryptocurrency ExchangeDAppsDigital WalletMining PoolBlockchain EcosystemInfrastructureSmart

6、 ContractCryptocurrency ExchangeDAppsDigital WalletMining PoolSecurity of Smart ContractsDisclosed by PeckShieldcodenameCVE-IDbatchOverflowCVE-2018-10299proxyOverflowCVE-2018-10376transferFlawCVE-2018-10468ownerAnyoneCVE-2018-10705multiOverflowCVE-2018-10706burnOverflowCVE-2018-11239ceoAnyoneCVE-201

7、8-11329allowAnyone1CVE-2018-11397allowAnyone2CVE-2018-11398tradeTrap1CVE-2018-12017tradeTrap2CVE-2018-12062tradeTrap3CVE-2018-12079Security of Smart ContractsBlockchain EcosystemInfrastructureSmart ContractCryptocurrency ExchangeDAppsDigital WalletMining PoolEthereum ClientsETHEREUM CLIENTSgeth(gola

8、ng)aleth(c+)Parity(Rust)by Parity TechnologiesMARKET SHAREgeth 2/3parity 1/3Attack Surfaces of a NodeNode Smart ContractOther Ethereum NodeOther EthereumNodeDAppWalletOther EthereumNodeWebEVM related issuesRPC interface issuesProtocol stack issuesEthereum Protocol Stack Encrypted Handshake/Authentic

9、ation Peer Persistence UDP Node Discovery Protocol Support arbitrary sub-protocols(aka capabilities)over the basic wire protocol Connection management Various Sub-protocolsRLPxVp2pETHLESWhisperEPoD:CVE-2018-12018 Encrypted Handshake/Authentication Peer Persistence UDP Node Discovery Protocol Support

10、 arbitrary sub-protocols(aka capabilities)over the basic wire protocol Connection management Various Sub-protocolsRLPxVp2pETHLESWhisperEPoD:CVE-2018-12018LIGHT ETHEREUM SUBPROTOCOLused by light clients,which only download block headers as they appear and fetch other parts of the on-demanddo not mine

11、 and therefore do not take part in the consensus processSeveral message handlers for different types of messagesStatusMsg,AnnounceMsg,GetBlockBodiesMsg,GetBlockHeadersMsgEPoD:CVE-2018-12018EPoD:CVE-2018-12018AttackerVictimgetBlockHeadersData Origin=some hashAmount=1Skip=-1(0 xfffff)Reverse=false1.Al

12、locate array for max#of blocksallocate(Skip+1):Zero-Size Array Allocated2.Query from returned arraySkipAccess array-1:Out-of-Bound ReadDEMOPossible ImpactsPOSSIBLE VICTIMSCryptocurrency exchangesMining poolsBootnodesExchangeExchangeExchangeAttackerMining poolMining poolBootnodeEPoD PatchEPoD2:CVE-20

13、18-12567EPoD2:CVE-2018-12567EPoD2:CVE-2018-12567AttackerVictimannounceData Hash=some hashNumber=-1(0 xfffff)Td=-1(0 xfffff)for n head.NumberAllocate fetcherTreeNodeAppend to n.childrenOut-of-memoryDEMOEPoD2 PatchFreether:CVE-2018-11673 Encrypted Handshake/Authentication Peer Persistence UDP Node Dis

14、covery Protocol Support arbitrary sub-protocols(aka capabilities)over the basic wire protocol Connection management Various Sub-protocolsRLPxVp2pETHLESWhisperFreether:CVE-2018-11673NODE DISCOVERY PROTOCOLAimed at discovering RLPx nodes to connect toUDP-based RPC protocol(kademlia-like)Defines 4 pack

15、et types:ping,pong,findnode and neighborsFreether:CVE-2018-11673Freether:CVE-2018-11673Freether:CVE-2018-11673AttackerVictimping Version=4From=your addrTo=target addrExpiration=-1(0 xfffff)1.Generate many key pairs2.Sign the ping packets with each private key3.Flood the victim with many ping packets

16、4.Each ping will consume a goroutine resource after 16 pending ping requestsDEMOFreether PatchConclusionBlockchian cant function without the fundamental componentsInfrastructure(nodes)Mining poolVulnerability could exist in any aspects of the blockchain ecosystemEPoD/EPoD2FreetherSome suggestionsSmart contract audit before going onlineSecurity response after going onlineCommunity/Bounty Program謝 謝！