d9 off chain attacks short address attack unnamed
play

D9: Off-chain attacks Short-address attack Unnamed exchange uses - PowerPoint PPT Presentation

Feb 06, 2023 •598 likes •996 views

D9: Off-chain attacks Short-address attack Unnamed exchange uses insecure marshalling between web API and programming language (Web3/Solidity) and underlying execution environment (Ethereum Virtual Machine) Portland State University CS

  1. D9: Off-chain attacks

  2. Short-address attack

  3.  Unnamed exchange uses insecure marshalling between web API and programming language (Web3/Solidity) and underlying execution environment (Ethereum Virtual Machine) Portland State University CS 410/510 Blockchain Development & Security

  4. Wal alkthr kthrough ough  Web API front-end of DApp calls into a trading function in the smart contract that takes a recipient address and an amount sendCoin(address _to, uint256 _amount) function sendCoin ( address to , uint amount ) returns ( bool sufficient ) { if ( balances [ msg . sender ] < amount ) return false; balances [ msg . sender ] -= amount ; balances [ to ] += amount ; Transfer ( msg . sender , to , amount ); return true; }  sendCoin has a 4-byte keccak hash of 0x90b98a11 and interaction with it uses padded arguments  Bob has a wallet address ending with 0x00 ( 0x3bdde1e9fbaef2579dd63e2abbf0be445ab93f 00 ) Asks Alice to transfer him 2 tokens, but maliciously gives her his address  truncated to remove the trailing byte (of 2 zeroes). Portland State University CS 410/510 Blockchain Development & Security

  5.  Bob 0x3bdde1e9fbaef2579dd63e2abbf0be445ab93f 00 asks Alice to send him 2 ETH via sendCoin(address,uint) call ( 0x90b98a11 )  If Bob was not malicious, sends through web form the 20-byte address above and the integer 2.  Alice generates msg.data of… 0x90b98a11 0000000000000000000000003bdde1e9fbaef2579dd63e2abbf0be445ab93f00 0000000000000000000000000000000000000000000000000000000000000002  Notice 20-byte address padded out to 32-bytes in msg.data with exactly 12 bytes because interface assumes it will *always* be given a 20-byte address Portland State University CS 410/510 Blockchain Development & Security

  6.  Malicious Bob instead sends 0x3bdde1e9fbaef2579dd63e2abbf0be445ab93f not 0x3bdde1e9fbaef2579dd63e2abbf0be445ab93f00  Alice, using the improper marshalling code sends contract 0x90b98a11 0000000000000000000000003bdde1e9fbaef2579dd63e2abbf0be445ab93f00 00000000000000000000000000000000000000000000000000000000000002 not 0x90b98a11 0000000000000000000000003bdde1e9fbaef2579dd63e2abbf0be445ab93f00 0000000000000000000000000000000000000000000000000000000000000002  Missing byte of an address pulled from subsequent arguments  EVM appends a byte of 00 at the end of msg.data since one byte is missing 0x90b98a11 0000000000000000000000003bdde1e9fbaef2579dd63e2abbf0be445ab93f00 0000000000000000000000000000000000000000000000000000000000000200  Results in Bob receiving 0x200 (512) ETH! Portland State University CS 410/510 Blockchain Development & Security

  7. Rem emed ediation iation  Validate input  Check address lengths provided by user  Generate transaction data sent to contract function, but check against user input before execution  Only use checksummed addresses  Done in-band with Bitcoin (appended to end of address)  Now done for Ethereum addresses via EIP55 standard  See EthSum  Use vetted implementations for marshalling user addresses into transactions  e.g. web3.js  Change EVM to throw on data underflows (rather than pad)?  Use Solidity versions > 0.5  Short address attack checks no longer needed and are being removed Portland State University CS 410/510 Blockchain Development & Security

  8. Server vulnerabilities

  9. Compl plex x so softw tware are run uns s all l blockc ckchains hains  Too large to formally verify full node, all contracts are vulnerable from underneath  e.g. formally verified contracts can *still* be subverted if security assumptions of infrastructure running them are broken  Miner exploits the network’s mining algorithm implementation to obtain $1.1M (20M XVG) Portland State University CS 410/510 Blockchain Development & Security

  10. Rem emed ediation iation  Memory-safe languages  geth (Go Ethereum), parity, lighthouse (Rust Ethereum)  Formally specified virtual machines and languages  Cardano (KEVM, IELE)  Formal verification of EVM  Formal verification of smart contracts Portland State University CS 410/510 Blockchain Development & Security

  11. Supply-chain attacks

  12. Pois ison on so softw tware are us used ed  Attack web3.js front-end code  Attack Javascript packages wallets use  Example (11/2018)  EventStream, a highly popular JavaScript library used in wallets  Downloaded 2 million times per week, but not maintained from 2012-2018  Original owner transfers project ownership to a volunteer to maintain  (Malicious) new owner adds a dependency to flatmap-stream a little- known library that had no downloads on NPM  Malicious code added to flatmap-stream to enable Bitcoins to be stolen from wallets using EventStream Portland State University CS 410/510 Blockchain Development & Security

  13. Rem emed ediation iation  Monitor and validate your software supply chain  Reduce dependencies  Philosophical question: To patch or not to patch?  Similar to WannaCry vs CCleaner  Patch if you can trust the source (fix vulnerabilities)  Don't patch if you can't trust the source (avoid supply-chain attacks)  Increasingly, in a pip and npm world, you might not want to! Portland State University CS 410/510 Blockchain Development & Security

  14. Attacks on exchanges, hot-wallets

  15. Mt. t. Go Gox x (2014) 4)  Founded in 2010  Handled 70% of all BTC transactions at its peak in "hot" wallets  e.g. Mt. Gox stores private keys for wallets, connected to the Internet to perform transactions on behalf of its users  Service compromised in 2011  Attackers break into computer of an auditor of Mt. Gox  Change BTC pricing to a penny  Compromised again in 2014 (causing bankruptcy)  Obtained the private keys of Mt.Gox clients to generate transactions  At the time, all crypto assets were kept in hot wallets  Total value consisted of a massive $460 million worth of Bitcoin at the time ($17 billion at 2019 levels) Portland State University CS 410/510 Blockchain Development & Security

  16. Coinc inchec eck k (1/2 /2018) 8) "The company did own up to a security lapse that allowed the thief to seize such a large sum: It kept customer assets in what’s known as a hot wallet, which is connected to external networks." Portland State University CS 410/510 Blockchain Development & Security

  17. Bi Binance nance (5/2 /2019) 9)  From earlier discussion on 'reorg'  7 th largest crypto exchange in 5/2019  https://coinmarketcap.com/exchanges/binance/  Attack against high-value users to obtain account credentials on exchange  7,000 BTC stolen (~$40 million)  2FA codes and API tokens stolen  CEO of Binance – "The hackers used a variety of techniques, including phishing, viruses and other attacks …It appears that hackers were able to compromise several high-net-worth accounts, whose bitcoin was kept in Binance’s so-called hot wallet — which, unlike cold wallets, are connected to the internet — and filch those funds in a single transaction."  "The bad news is, if your bitcoin was in Binance’s hot wallet, it now belongs to bad guys." Portland State University CS 410/510 Blockchain Development & Security

  18. Rem emed ediation iation  Use hardware wallets  Exchanges now support transactions that must be signed by a hardware wallet the user carries  Single-point of failure (loss of wallet means loss of all $ associated with it)  Use hardware tokens to authenticate hot wallets  Binance CEO on 5/10/2019 after $40M heist  "The company plans to give away 1,000 YubiKeys when the feature goes live"  U2F, FIDO2 security keys with better security than traditional 2FA  See poster outside of Rebecca's cubicle  Use cold wallet storage  Use exchanges that keep a majority of customer deposits in cold wallets  Keys kept offline (e.g. in a bank vault)  Use multi-signature wallets  Require multiple sign-offs before funds can be moved  Adversary must compromise multiple wallets to transact Portland State University CS 410/510 Blockchain Development & Security

  19. Weak or leaked keys

  20. Impr proper oper us use e of crypt pto o in walle allets ts  Software that doesn't appropriately manage random nonces used in digital signatures allowing cryptanalysis to reveal private key  Wallets generating cryptographic signatures on Bitcoin, Ethereum, and Ripple with flaw allowing attackers to calculate private keys and, consequently, steal any crypto in that wallet.  Hundreds of Bitcoin private keys and dozens of Ethereum, Ripple, SSH, and HTTPS private keys vulnerable to this unique form of cryptanalytic attack  https://eprint.iacr.org/2019/023.pdf Portland State University CS 410/510 Blockchain Development & Security

  21. Impr proper oper key ge generati eration on  Key generation algorithm configured with insufficient entropy (allows private keys to be easily guessed)  Note: flaw still exists with ECDSA used in Bitcoin Portland State University CS 410/510 Blockchain Development & Security

  22. Fake e key ge generati eration on si sites es  IOTA wallets (2018)  Phishing site masquerading as a legitimate site for generating unique cryptographic seeds for IOTA wallets  Stores seeds instead to cashout wallets that used it Portland State University CS 410/510 Blockchain Development & Security

Recommend

s c a l e When Hardware Attacks Hardwear.io 27 September 2019 1 Attack exploitation space:

s c a l e When Hardware Attacks Hardwear.io 27 September 2019 1 Attack exploitation space:

s c a l e When Hardware Attacks Hardwear.io 27 September 2019 1 Attack exploitation space: time vs distance Remote key brute software protocol force relay attack side Fast Slow mitm channel Hardware attacks require: Hardware

360 views • 24 slides
Protocol Attacks What is a protocol attack? How does it work? Different types of

Protocol Attacks What is a protocol attack? How does it work? Different types of

Outline : Part 1 Introduction Protocol Attacks What is a protocol attack? How does it work? Different types of protocol attack By Sushant Rewaskar Introduction: Types of attacks What is a protocol attack? Buffer overflow

518 views • 13 slides
Low-Memory Attacks against 2-Round Even-Mansour using the 3-XOR Problem Gatan Leurent,

Low-Memory Attacks against 2-Round Even-Mansour using the 3-XOR Problem Gatan Leurent,

Introduction First attack Clamping attacks Low-Data Attack Conclusion Low-Memory Attacks against 2-Round Even-Mansour using the 3-XOR Problem Gatan Leurent, Ferdinand Sibleyras Inria, France Crypto 2019 1 / 23 Introduction First attack

733 views • 58 slides
Cross-Site Scripting Attack (XSS) Outline The Cross-Site Scripting attack Reflected

Cross-Site Scripting Attack (XSS) Outline The Cross-Site Scripting attack Reflected

Cross-Site Scripting Attack (XSS) Outline The Cross-Site Scripting attack Reflected XSS Persistent XSS Damage done by XSS attacks XSS attacks to befriend with others XSS attacks to change other peoples

3.65k views • 37 slides
Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN

Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN

Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack 2 TCP Protocol Transmission Control Protocol (TCP) is a core protocol

598 views • 47 slides
Anatomy of a Data Theft Attack For Sacramento ISACA January 2016 Mike Landeck Cyber Security

Anatomy of a Data Theft Attack For Sacramento ISACA January 2016 Mike Landeck Cyber Security

Anatomy of a Data Theft Attack For Sacramento ISACA January 2016 Mike Landeck Cyber Security Consultant Agenda 1. USB Attacks 2. QR Code Attacks 3. Advanced Phishing Attacks 4. Malvertising 5. Watering Hole Attacks 6. How Simple Browser

1.32k views • 33 slides
Early DoS and Worms Examples of recent worms and DoS attacks Slammer Worm Shaft DoS attack

Early DoS and Worms Examples of recent worms and DoS attacks Slammer Worm Shaft DoS attack

Outline Introduction to worms Potential damage that *could* be caused (theoretical) Early DoS and Worms Examples of recent worms and DoS attacks Slammer Worm Shaft DoS attack Ben Wilde Mstream DoS attack 7 February, 2005

718 views • 14 slides
Attack Class: Address Spoofing L. Todd Heberlein 23 Oct 1996 Net Squared Inc. todd@NetSQ.com

Attack Class: Address Spoofing L. Todd Heberlein 23 Oct 1996 Net Squared Inc. todd@NetSQ.com

Attack Class: Address Spoofing L. Todd Heberlein 23 Oct 1996 Net Squared Inc. todd@NetSQ.com Overview of Talk l Introduction l Background material l Attack class l Example attack l Popular questions l Extensions UCD Vulnerabilities Group l

759 views • 24 slides
CPU Side-Channel Attacks the Meltdown Attack Heechul Yun 1 This Week: Hardware Security

CPU Side-Channel Attacks the Meltdown Attack Heechul Yun 1 This Week: Hardware Security

CPU Side-Channel Attacks the Meltdown Attack Heechul Yun 1 This Week: Hardware Security Introduction Meltdown Papers Spectre Attacks: Exploiting Speculative Execution, IEEE Security and Privacy (S&amp;P), 2019 (Dustin)

726 views • 44 slides
Better stroke &amp; heart attack care Heart Attack &amp; Chest Pain What are we proposing?

Better stroke &amp; heart attack care Heart Attack &amp; Chest Pain What are we proposing?

Better stroke &amp; heart attack care Heart Attack &amp; Chest Pain What are we proposing? Better care for heart attacks, suspected heart attacks and unstable angina (chest pain) Rapid access to the treatment thats best for them How may

165 views • 15 slides
Unnamed B/D What is it? Do I need it? How do I get it? How much does it cost? Medicare What

Unnamed B/D What is it? Do I need it? How do I get it? How much does it cost? Medicare What

Unnamed B/D What is it? Do I need it? How do I get it? How much does it cost? Medicare What will it cover? Putting the parts together What do my healthcare choices look like? Go relax What is Medicare? Federal Health Insurance Not

606 views • 39 slides
Mars Attacks! Revisited. Differential Attack 12 Rounds of the MARS Core and Defeating the Complex

Mars Attacks! Revisited. Differential Attack 12 Rounds of the MARS Core and Defeating the Complex

MARS Distinguisher and Subkey Recovery Recovery of the secret key Attack Analysis Conclusion Mars Attacks! Revisited. Differential Attack 12 Rounds of the MARS Core and Defeating the Complex MARS Key Schedule INDOCRYPT11 Michael Gorski,

1.16k views • 48 slides
Obfuscated Circuits with Capabilities and Performance Beyond the SAT Attacks Conference on

Obfuscated Circuits with Capabilities and Performance Beyond the SAT Attacks Conference on

SMT Attack : Next Generation Attack on Obfuscated Circuits with Capabilities and Performance Beyond the SAT Attacks Conference on Cryptographic Hardware and Embedded Systems 2019 ( CHES 2019 ) Kimia Zamiri Azar , Hadi Mardani Kamali, Houman

701 views • 69 slides
Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the

Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the

Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU), memory, bandwidth, and disk space.

1.55k views • 28 slides
s c a l e Marc Witteman Croatian Summer school 2017 Attack exploitation space: time vs distance

s c a l e Marc Witteman Croatian Summer school 2017 Attack exploitation space: time vs distance

When Hardware Attacks s c a l e Marc Witteman Croatian Summer school 2017 Attack exploitation space: time vs distance Remote key brute software protocol force relay attack side Fast Slow mitm channel Hardware attacks require:

688 views • 25 slides
Short introduction to the CHAIN-REDS Project Federico Ruggieri INFN/GARR Joint CHAIN-REDS /

Short introduction to the CHAIN-REDS Project Federico Ruggieri INFN/GARR Joint CHAIN-REDS /

Co-ordination &amp; Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Short introduction to the CHAIN-REDS Project Federico Ruggieri INFN/GARR Joint CHAIN-REDS / eI4Africa Workshop 13 November 2013 Kigali,

745 views • 15 slides
Weaponizing Wireless Networks: An Attack Tool for Launching Attacks against Sensor Networks

Weaponizing Wireless Networks: An Attack Tool for Launching Attacks against Sensor Networks

Weaponizing Wireless Networks: An Attack Tool for Launching Attacks against Sensor Networks Thanassis Giannetsos and Tassos Dimitriou Athens Information Technology Algorithms &amp; Security (agia@ait.edu.gr) Black Hat Spain, 2010 Barcelona

700 views • 46 slides
Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15 000 Messages Graham Steel joint work with R. Bardou, R. Focardi, Y. Kawamoto, L. Simionato, J.-K. Tsay CRYPTO August 2012 BLUF (Bottom Line Up

602 views • 19 slides
Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15 000 Messages Graham Steel joint work with R. Bardou, R. Focardi, Y. Kawamoto, L. Simionato, J. Kai-Tsay CRYPTO August 2012 BLUF (Bottom Line Up

584 views • 42 slides
On Invariant Attacks Gregor Leander Ruhr University Bochum Germany 1 FSE 2019 1 Based on work in

On Invariant Attacks Gregor Leander Ruhr University Bochum Germany 1 FSE 2019 1 Based on work in

Intro Invariant Subspace Attack Non-linear Invariant Attack How to prevent those attacks On Invariant Attacks Gregor Leander Ruhr University Bochum Germany 1 FSE 2019 1 Based on work in collaboration with: Christof Beierle, Anne Canteaut,

1.41k views • 120 slides
Short Chain Fatty Acids Elizabeth Redmond, PhD, MMSc, RD Chair-Elect Dietitians in Integrative

Short Chain Fatty Acids Elizabeth Redmond, PhD, MMSc, RD Chair-Elect Dietitians in Integrative

Assessing Gut Issues: Short Chain Fatty Acids Elizabeth Redmond, PhD, MMSc, RD Chair-Elect Dietitians in Integrative and Functional Medicine DPG Education Specialist, Metametrix Laboratory, Georgia Short Chain Fatty Acids (SFCA) This session

738 views • 49 slides
On the Need of Randomness in Fault Attack Countermeasures Application to AES Victor LOMNE 1 ,

On the Need of Randomness in Fault Attack Countermeasures Application to AES Victor LOMNE 1 ,

Physical Attacks New Attacks on Classical Countermeasures Extended Countermeasures On the Need of Randomness in Fault Attack Countermeasures Application to AES Victor LOMNE 1 , Thomas ROCHE 1 , Adrian THILLARD 1 1 ANSSI (French Network and

358 views • 25 slides
Filtering Based Techniques DDOS Attacks: Target CPU / Bandwidth for DDOS Mitigation

Filtering Based Techniques DDOS Attacks: Target CPU / Bandwidth for DDOS Mitigation

Introduction: Filtering Based Techniques DDOS Attacks: Target CPU / Bandwidth for DDOS Mitigation Attacker signals slaves to launch an attack on a specific target address (victim). Slaves then respond by Comp290: Network

275 views • 9 slides
Challenges in evaluating costs Three typical attack problems of known lattice attacks Define R =

Challenges in evaluating costs Three typical attack problems of known lattice attacks Define R =

1 2 Challenges in evaluating costs Three typical attack problems of known lattice attacks Define R = Z [ x ] = ( x 761 x 1); Daniel J. Bernstein small = all coeffs in { 1 ; 0 ; 1 } ; Tanja Lange w = 286; q = 4591. Attacker

1.73k views • 140 slides

More recommend