Hey👋
Here I am again with another blockchain security article.
The ethereum blockchain brought the concept of smart contracts, in which the programmer are allowed to interact with the data stored in blockchain by the means of programmable script. The security of these smart contracts is very important, once these smart contracts handle important data, such as digital assets, tokens, etc.
In this article I’ll give you an introduction to smart contract security auditing, you will learn about the security best pratices for smart contracts, and how to audit these contracts. If you don’t know what are blockchain, smart contracts and stuff, just read this article: Introduction to Blockchain Security
What is a smart contract security audit?
A smart contract security audit is a process that helps to find vulnerabilities inside a smart contract by examining it in depth, generally the audits follow a four-step process:
- Smart contracts are provided to the audit team for initial analysis.
- The audit teams checks the code and presents its findings to the project.
- The project team makes changes based on the issues found by auditors.
- The audit team releases its final report.
8 phases of auditing process (how to audit a smart contract)
Now I’m going to approach this subject from the auditors’ perspective, understand the smart contract security audit phases and learn how a researcher can audit a smart contract.
1. Read specifications and documentations
First of all, you have to read the specs and docs to understand how is the contract or project supposed to work, because that way you will know if you have found a considerable vulnerability.
2. Run manual tests
Interact with the contract as a normal user, trying to understand in depth how the contract works and the possibilities of the contract. This is normally done using tesnets, such as Goerli, Kovan, Rinkeby, etc.
3. Run fast scanning tools
Use some tools to do a fast scanning in the smart contract, checking the common vulnerabilities, and checking if the smart contract is following the development best practices. For this, you can use tools like Slither.
4. Manual analysis
In this phase, you have to analyze a smart contract in depth in order to find vulnerabilities using support tools like Surya and Solidity Visual Developer, which provide a better view of the smart contract, identifying and presenting in a graphic and visual way the relationships, internal and external calls, variables, etc.
5. Run slow scanning tools
Slower tools are the ones that analyze the contract as deeply as possible, being able to analyze EVM bytecode, binaries, fuzzing the contract, generate entries and thus test various things in the contract automatically. Discover some tools:
- Echidna: The only available fuzzer for Ethereum software. Uses property testing to generate malicious inputs that break smart contracts.
- Manticore: symbolic execution tool for the analysis of smart contracts and binaries.
- Mythril: The Swiss army knife for smart contract security.
- MythX: a professional-grade cloud service that uses symbolic analysis and input fuzzing to detect common security bugs and verify the correctness of smart contract code.
6. Discuss and repeat steps as needed
Discuss the vulnerabilities found with the auditing team and redo necessary steps to confirm the existence of vulnerabilities if necessary.
7. Write a PoC
Write a proof-of-concept for each vulnerability facilitates the project team to reproduce and verify each vulnerability, and thus to fix it. You can write proof of concepts using Foundry, it is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust. I plan to write an article about Foundry, and use foundry in future articles.
8. Write report
In this phase you have to write a detailed report about your findings and the impact of them. Here is an example of what a report should look like.
Use this repo to generate reports from markdown: https://github.com/spearbit-audits/report-template
Most known smart contract vulnerabilites
Now that you know how the audit process takes place, learn about some known vulnerabilities and attacks in smart contracts:
Reentrancy
This vulnerability occurs when a contract sends ether to an unknown address. An attacker can construct a contract at an external address that contains malicious code in the fallback function, when a contract sends ether to the malicious address the malicious code is invoked.
Unsafe DELEGATECALL
As a result of the context-preserving nature of DELEGATECALL, building vulnerability-free custom libraries is not as easy as one might think. The code in libraries themselves can be secure and vulnerability-free, however, when run in the context of another application new vulnerabilities can arise.
Private state variable
When you declare state variable as private, that mens that other contracts cannot access that data, but since everything on the blockchain is public declared, it’s possible to access that data just reading the memory slot where the variable is on the blockchain.
This was yet another article, thanks for getting here and I would be very happy if you would clap this article and follow me here on Medium to get notifications about upcoming articles.
I was already forgetting, I need your help! I was wondering if you would like me to write write-ups of the CTFs and smart contract hacking challenges I’ve been doing and post here on medium? comment saying your opinion. Goodbye ❤!