d3 arithmetic issues 3 arithm ithmetic tic iss ssue ues
play

D3: Arithmetic Issues #3: Arithm ithmetic tic Iss ssue ues - PowerPoint PPT Presentation

Feb 28, 2024 •304 likes •435 views

D3: Arithmetic Issues #3: Arithm ithmetic tic Iss ssue ues Integer overflow and integer underflow Unsigned vs signed integer confusion Turns many benign-seeming codepaths into vectors for theft or denial of service. Loss :

  1. D3: Arithmetic Issues

  2. #3: Arithm ithmetic tic Iss ssue ues  Integer overflow and integer underflow  Unsigned vs signed integer confusion  Turns many benign-seeming codepaths into vectors for theft or denial of service.  Loss : estimated at 150,000 ETH (~$30M USD at the time) Portland State University CS 410/510 Blockchain Development & Security

  3. Walkthr kthroug ough h sc scen enario ario  A contract 's withdraw() function allows you to retrieve ether donated to the contract as long as your balance remains positive after the operation.  An attacker attempts to withdraw more than his or her current balance.  The check in withdraw() function is done with unsigned (positive) integers, resulting in an always positive condition.  Attacker withdraws more than allowed and the resulting balance underflows and becomes orders of magnitude larger than it should be. Portland State University CS 410/510 Blockchain Development & Security

  4. Ex Example ple  April 22, 2018  https://peckshield.com/2018/04/22/batchOverflow/ Portland State University CS 410/510 Blockchain Development & Security

  5. Code e vul ulnerability nerability exa xample ple #1  Underflow Code Example function withdraw (uint _amount) { require(balances[msg.sender] - _amount >= 0); msg.sender.transfer(_amount); balances[msg.sender] -= _amount; }  Using uint makes require statement useless ( uint can never be < 0!  Attacker has 5 tokens and withdraws 6  Ends up with 2 255 -1 tokens instead in balance  What would make this code problematic? function popArrayOfThings () { require(arrayOfThings.length >= 0); arrayOfThings.length--; }  Brick a contract by setting the length of its array Portland State University CS 410/510 Blockchain Development & Security

  6. Code e vul ulnerability nerability exa xample ple #2  Overflow Code Example  Code seeks to send each address in _receivers , a certain _value amount of ETH from their account ( balances[msg.sender] )  Line 257, the amount local variable is calculated as the product of cnt (the number of receivers) and _value (the amount to send each receiver)  Line 258 ensures there are only 1-20 receivers  Line 259 ensures the amount in our balances is more than the amount  Line 261 updates our balances  Line 263 updates the balances for each of the _receivers  Any errors here? Portland State University CS 410/510 Blockchain Development & Security

  7.  Contract Exploit  Pass two _receivers into batchTransfer()  Pass 2 255 for _value (an arbitrary 256 bit integer)  What is the value of amount ?  Do the checks in lines 258-259 pass?  What is the effect of line 261?  What happens in line 263 to the balance of each of the two receivers?  Receivers get an extremely large _value added to their accounts without costing a dime in the attacker’s pocket! Portland State University CS 410/510 Blockchain Development & Security

  8. Rem emed ediation iation  Validation: validate all arithmetic operations contract Overflow { uint private sellerBalance = 0; function unsafe_add(uint value) returns (bool) { sellerBalance += value; // possible overflow } function safe_add(uint value) returns (bool ){ require(value + sellerBalance >= sellerBalance); sellerBalance += value; } } Portland State University CS 410/510 Blockchain Development & Security

  9.  Using SafeMath library (or an equivalent)  https://ethereumdev.io/safemath-protect-overflows/ library SafeMath { function mul(uint256 a, uint256 b) internal constant returns (uint256) { uint256 c = a * b; assert(a == 0 || c / a == b); return c; } function div(uint256 a, uint256 b) internal constant returns (uint256) { // Note: Solidity automatically throws when dividing by 0 uint256 c = a / b; return c; } function sub(uint256 a, uint256 b) internal constant returns (uint256) { assert(b <= a); return a - b; } function add(uint256 a, uint256 b) internal constant returns (uint256) { uint256 c = a + b; assert(c >= a); return c; } } Portland State University CS 410/510 Blockchain Development & Security

  10.  Replacing native opeartors with SafeMath in contracts contract MyContract { using SafeMath for uint256; uint256 result; function MyAdd(uint256 a, uint256 b) { result = 0; result = a.add(b); } } Portland State University CS 410/510 Blockchain Development & Security

  11. SI CTF Lab 3.3: D3_TokenSale

Recommend

R&amp; E R&amp; E I ssu ssue 1 1: Proj ec ect Approvals I ssu ssue 2 2: : RE Progr

R&amp; E R&amp; E I ssu ssue 1 1: Proj ec ect Approvals I ssu ssue 2 2: : RE Progr

R&amp; E R&amp; E I ssu ssue 1 1: Proj ec ect Approvals I ssu ssue 2 2: : RE Progr gram Budge dget I ssu ssue 3 3:R&amp; E L Legislat at ive Report March 15, 15, 2019 2019 Exhibit D 1 Locations of Recommended Projects

447 views • 22 slides
R&amp; E R&amp; E I ssu ssue 1 1: Cycle 3 Proj ect A Approvals s I ssue 2 e 2: R&amp; E

R&amp; E R&amp; E I ssu ssue 1 1: Cycle 3 Proj ect A Approvals s I ssue 2 e 2: R&amp; E

R&amp; E R&amp; E I ssu ssue 1 1: Cycle 3 Proj ect A Approvals s I ssue 2 e 2: R&amp; E Rules es Decem ber 6, 6, 2019 2019 Exhibit F 1 Sources of R&amp;E Funding Surcharges and fees: Resident annual angling license: $4

361 views • 15 slides
Consumer Law I ssue Spotting Identifying issues and options for low-income clients Melissa

Consumer Law I ssue Spotting Identifying issues and options for low-income clients Melissa

Consumer Law I ssue Spotting Identifying issues and options for low-income clients Melissa Linville William Ross The Legal Aid Society of Columbus LASC (614) 737-0155 (614)737-0141 mlinville@columbuslegalaid.org Wross@columbuslegalaid.org

240 views • 22 slides
H ow the D eontic I ssue in the M iners P uzzle D epends on an E pistemic I ssue Martin Aher 1

H ow the D eontic I ssue in the M iners P uzzle D epends on an E pistemic I ssue Martin Aher 1

T he S tandard P uzzle C onstructing the model E xplaining the semantics Q uestion dependency H ow the D eontic I ssue in the M iners P uzzle D epends on an E pistemic I ssue Martin Aher 1 Jeroen Groenendijk 2 1 Institute of Estonian and General

1.05k views • 58 slides
Standy/PowerON S d /P ON

Standy/PowerON S d /P ON

The Last Issue The Last Issue e e ast ssue ast ssue Power Consumption Issues Standy/PowerON S d /P ON Processing Power Consumption Wireless Multimedia System y

391 views • 12 slides
Emp mplo loyment yment an and H d Hum uman an Reso sourc urces s Iss ssue ues

Emp mplo loyment yment an and H d Hum uman an Reso sourc urces s Iss ssue ues

AMERICAN ASSOCIATION OF PORT AUTHORITIES Port Administration and Legal Issues Seminar New Orleans, Louisiana Emp mplo loyment yment an and H d Hum uman an Reso sourc urces s Iss ssue ues Gwendolyn C. Hager Port Of New Orleans

461 views • 15 slides
Digital Design Discussion: Arithmetic Binary Arithmetic Floating-Point Arithmetic Binary

Digital Design Discussion: Arithmetic Binary Arithmetic Floating-Point Arithmetic Binary

Principles Of Digital Design Discussion: Arithmetic Binary Arithmetic Floating-Point Arithmetic Binary Arithmetic Same basic methodology as decimal arithmetic Important to know number representation Unsigned Signed

704 views • 11 slides
Curre nt Co mplia nc e I ssue s in Pha rma c y Pra c tic e ME L I SSA RE I CHE RT ,

Curre nt Co mplia nc e I ssue s in Pha rma c y Pra c tic e ME L I SSA RE I CHE RT ,

10/8/2019 Curre nt Co mplia nc e I ssue s in Pha rma c y Pra c tic e ME L I SSA RE I CHE RT , PHARM.D. OK L AHOMA ST AT E BOARD OF PHARMACY, PHARMACI ST COMPL I ANCE OF F ICE R F ina nc ia l Disc lo sure a nd Re so

292 views • 18 slides
Analyse statique de programmes num eriques avec calculs flottants eme Rencontres Arithm 4 `

Analyse statique de programmes num eriques avec calculs flottants eme Rencontres Arithm 4 `

Analyse statique de programmes num eriques avec calculs flottants eme Rencontres Arithm 4 ` etique de lInformatique Math ematique Antoine Min e Ecole normale sup erieure 9 f evrier 2011 Perpignan 9/02/2011 Analyse

896 views • 70 slides
The Iss Th ssue ue The Currency of of Tim ime The Lan Land of of Aints an and Sc

The Iss Th ssue ue The Currency of of Tim ime The Lan Land of of Aints an and Sc

The Iss Th ssue ue The Currency of of Tim ime The Lan Land of of Aints an and Sc Scholars Suas must recruit 3,000 volunteers over Poor literacy levels amongst children in the next 3 years who must each give up Irelands

227 views • 10 slides
Bankruptc y I ssue : Appe llate Co urt Opinio n T hat Hig hlig hts F o rmatio n I ssue F

Bankruptc y I ssue : Appe llate Co urt Opinio n T hat Hig hlig hts F o rmatio n I ssue F

Case 18-60018 Document 63 Filed in TXSB on 12/04/18 Page 1 of 9 Bankruptc y I ssue : Appe llate Co urt Opinio n T hat Hig hlig hts F o rmatio n I ssue F ixable Case 18-60018 Document 63 Filed in TXSB on 12/04/18 Page 2 of 9

207 views • 9 slides
AME RI CAN CONSE RVAT I SM: T HE E VOL VI NG ROL E OF SOCI AL I SSUE S I N AME

AME RI CAN CONSE RVAT I SM: T HE E VOL VI NG ROL E OF SOCI AL I SSUE S I N AME

AME RI CAN CONSE RVAT I SM: T HE E VOL VI NG ROL E OF SOCI AL I SSUE S I N AME RI CAN POL I T I CS Justin Ro sta d Be midji Sta te Unive rsity RE SE ARCH T OPI C My re se a rc h q ue stio n: Are c o nse rva

417 views • 15 slides
Arithmetic for Computers October 31, 2008 Arithmetic for Computers ALU Arithmetic Logic Unit

Arithmetic for Computers October 31, 2008 Arithmetic for Computers ALU Arithmetic Logic Unit

Arithmetic for Computers October 31, 2008 Arithmetic for Computers ALU Arithmetic Logic Unit Performs most processor operations Control signal predicates addition subtraction logic operations shifting (w / or w / o sign extension) Figure:

205 views • 8 slides
CSI T 2 0 1 3 Rational Arithm etic w ith Floating Point Vaclav Skala University of West

CSI T 2 0 1 3 Rational Arithm etic w ith Floating Point Vaclav Skala University of West

CSI T 2 0 1 3 Rational Arithm etic w ith Floating Point Vaclav Skala University of West Bohemia, Plzen, Czech Republic VSB Technical University, Ostrava, Czech Republic http://www.VaclavSkala.eu Amman, Jordan 2013 Vaclav Skala

942 views • 48 slides
Ag T ruc king The Good, The Bad, and The Ugly I ssue s F a c ing the I ndustry F4A

Ag T ruc king The Good, The Bad, and The Ugly I ssue s F a c ing the I ndustry F4A

Ag T ruc king The Good, The Bad, and The Ugly I ssue s F a c ing the I ndustry F4A Pre-emption AB1513 CARB Driver Shortage / Driver Pay Dynamex / AB5 ELD Mandate Ac c o mplishme nts Air quality improved to

215 views • 9 slides
Predic'ng 'ssue-specific effects of rare gene'c variants Farhan Damani Biological Data Sciences

Predic'ng 'ssue-specific effects of rare gene'c variants Farhan Damani Biological Data Sciences

Predic'ng 'ssue-specific effects of rare gene'c variants Farhan Damani Biological Data Sciences 2016 Goal: develop a framework to predict 'ssue- specific regulatory effects of rare variants Rare variants are abundant and poten'ally

659 views • 38 slides
Arithmetic paper 4 Once you have completed the arithmetic paper, use the slides to help you to

Arithmetic paper 4 Once you have completed the arithmetic paper, use the slides to help you to

Arithmetic paper 4 Once you have completed the arithmetic paper, use the slides to help you to understand where you have made your mistakes. Are your scores improving each week? You will need to subtract 100 from the hundreds column. 800 -

461 views • 20 slides
Tissu ssue a arch chiv iving: r realit ity, rec ecommendations, a and nd bes best pr

Tissu ssue a arch chiv iving: r realit ity, rec ecommendations, a and nd bes best pr

Tissu ssue a arch chiv iving: r realit ity, rec ecommendations, a and nd bes best pr practices Pr Valrie Costes Martineau, Pathologist University Hospital of Montpellier, France Learning Objectives Review tissue block archiving

854 views • 66 slides
Cle a ring Clutte r, Cha ng ing L ive s L o ne line ss a nd Clutte r I ssue s in Olde r

Cle a ring Clutte r, Cha ng ing L ive s L o ne line ss a nd Clutte r I ssue s in Olde r

Cle a ring Clutte r, Cha ng ing L ive s L o ne line ss a nd Clutte r I ssue s in Olde r Adult Po pula tio ns L e a rning Ob je c tive s T o le a rn wha t c lutte r is a nd who it mo st a ffe c ts T o unde rsta nd ho w lo ne

636 views • 38 slides
OSH I ssue s fa c ing Physic ia ns a nd Nurse s: Burno ut a nd Oc c upa tio na l Stre ss CAMI

OSH I ssue s fa c ing Physic ia ns a nd Nurse s: Burno ut a nd Oc c upa tio na l Stre ss CAMI

11/20/2018 OSH I ssue s fa c ing Physic ia ns a nd Nurse s: Burno ut a nd Oc c upa tio na l Stre ss CAMI L L E NAPI E R, MD, MPH ME DI CAL DI RE CT OR, NY HOT E L T RADE &amp; COU NCI L ADJU NCT ASSI ST ANT PROF E

218 views • 11 slides
Expressions, and Arithmetic Chapters 4 1 2 Arithmetic Operator Precedence Just as in

Expressions, and Arithmetic Chapters 4 1 2 Arithmetic Operator Precedence Just as in

9/9/2012 For Next Time Read Chapter 4 Expressions, and Arithmetic Chapters 4 1 2 Arithmetic Operator Precedence Just as in normal mathematics: Operator Operation * and / are applied before + and + Addition Parentheses

152 views • 3 slides
Numerical reproducibility of high-performance computations using floating-point or interval

Numerical reproducibility of high-performance computations using floating-point or interval

Numerical reproducibility issues in floating-point arithmetic Numerical reproducibility issues in interval arithmetic Conclusions Numerical reproducibility of high-performance computations using floating-point or interval arithmetic Nathalie

695 views • 52 slides
Arithmetic paper 5 Once you have completed the arithmetic paper, use the slides to help you to

Arithmetic paper 5 Once you have completed the arithmetic paper, use the slides to help you to

Arithmetic paper 5 Once you have completed the arithmetic paper, use the slides to help you to understand where you have made your mistakes. Try to improve your score each week! You will need to add 100 to the hundreds column. 400 + 100 = 500

361 views • 19 slides
Chapt hapter er 3 3 Arithmetic for Computers 3.1 Introduction Arithmetic for Computers

Chapt hapter er 3 3 Arithmetic for Computers 3.1 Introduction Arithmetic for Computers

COMPUTER ORGANIZATION AND DESIGN 5 th Edition The Hardware/Software Interface Chapt hapter er 3 3 Arithmetic for Computers 3.1 Introduction Arithmetic for Computers Operations on integers Addition and subtraction

719 views • 57 slides

More recommend