Ethereum Based Smart Contract Vulnerabilities (Samreen & Alalfi, 2021)

# Ethereum Based Smart Contract Vulnerabilities (Samreen & Alalfi, 2021) #### Background Most of the vulnerabilities are classified as NA concerning NIST-BF classification. This is because most of these vulnerabilities are specific to developmental methodlogy of a Solidity based Ethereum Smart Contract and they do not match with the ones outlined in NIST. Public Blockchains 1.0 is used for predominantly in the finance industry for digital payments and currency transfers. Public Blockchains 2.0 is used in the e-commerce industry and i includes Ethereum Smart Contracts Private Blockchains 3.0 are used in government, health, science industries and are considered private because of that #### Reentrancy A reentrancy attack can drain smart contracts of its ethere and aid in the intrusion into the contract code. 1. When an external call function to another untrustworthy contract is made and attacker gains control of this untrustworthy contract, they can make a recursive call back to the original function 2. Thereby repeating transactions that would have otherwise not run and ending a consumption of all the gas. 3. Famous reentry --> the DAO attack ##### DAO ATTACK in 4 STEPS 1. The Attacker initiates a tx by calling withdraw function of Victim 2. THe Victim transfers the money and calls the fallback function of the Attacker 3. The fallback function recursively calls the withdraw function again, i.e. Reentrancy 4. Within an iteration bound, extra ether will be transferred multiple times to the Attacker. ##### VICTIM CONTRACT ``` pragma solidity ^0.8.0; contract Victim { bool etherTransferred = false; //Attacker calls the withdraw() function to initiate attack function withdraw() { //Victim transfers ethere with invokes the fallback function of the attacker if(etherTransferred || !msg.sender.call.value(1) ()) throw; etherTransferred = true; }} contract Attacker { uint count = 0; function() payable{ if(++ count < 10) Victim(msg.sender).withdraw() }} ``` #### HOW TO PREVENT REENTRANCY * Put any logic that performs external calls to unknown addresses at the last operation in a program's execution * Use Mutex by adding a state variable which locks the contract during coding execution, preventing re-entrant function calls #### MUTEX PATTERN (mutual exclusion pattern) for a contract mutex code found here [https://forum.ethereum.org/discussion/7883/secure-pattern-contract-wide-re-entry-protection-with-a-mutex-modifier] It is dated from 2016 so there may be other alternatives out there ``` pragma solidity ^0.8.0; contract MutexProtected { //mutex contract on all state mutating external/public functions for protecting against reentrancy and solar storm attacks modifier is Mutexed() { if(mutex) throw; //exclusion already set else mutex = true; //set exclusion and continue with function code delete mutex; //release contract from exclusion return; // functions require single exit and return paramters } bool mutex; //the exclusion state variable } ```