Smart Contracts Security Statement

Social Kapital
2 min readJun 18, 2016

--

I could have started this statement by explaining how Social Kapital smart contracts mitigate the stack depth and recursive calling attacks. Although, I would do this at some point in this statement, a good place to start is to explain our smart contract security architecture.

Because we are not as smart as we think we are, because there are always bugs in software stacks, our smart contracts security architecture was designed with the following principles in mind.

  1. Limit the attack surface to the barest minimum
  2. Keep the code simple
  3. Implement successful attack counter measures

All the DAO’s monetary assets (Ether, Florin & Newton) is stored in the SOKAP TREASURY ONE contract. There are only two possible ways to take ether, florin(shares), newton(reward token) out of this contract and that is by voting and during the purchase/exchange of shares for ether.

Voting

To vote, there has to be an active proposal. Only high ranking community members with scarce authority tokens (a password surrogate) can create proposals. Assuming an attacker or attackers acquire authority tokens and manage to rig the voting process (unlikely but possible), the treasury contract only pays out voting originated instructions to four(4) multi signature wallets controlled by committees. One more thing, authority tokens cannot be moved by holders and can be retrieved.

Buying & Selling Shares

The treasury contract can only issue florins and payout ether on the instructions of one ethereum address. That address is the SOKAP SHARE ONE contract.

Buying Shares

The user buys shares(FLO) by sending ether to the share one contract’s fallback function. Share one sends FLO to the user and sends the ether to the treasury one contract. Send is used in this operation hence a stack depth attack is a real possibility. Before we look at mitigation, lets understand what the attacker wants to gain.

The attacker in this case would want to receive FLO and get the sent ether back. However share one sends the ether (line 117) to the treasury one contract. If for some reason (clever attack) the ether cannot be sent to treasury one, the transaction throws. If again, for some unknown reason at this point, an attack is successful, share buying can be suspended by committee or vote.

Selling Shares

Exchanging FLO for ether is the most dangerous attack entry point that we see. It is also the entry point used to attack theDAO. When used normally, the seller calls the SALE function (line 129) by inputting the amount of FLO to be exchanged for ether. To mitigate a recursive calling attack, we have ordered the transaction is such a manner that the FLO has to be BANKED first (line 148) before ether is sent to the caller (line 150).

If the FLO cannot be banked, the transaction will throw. To protect genuine function callers, the transaction will also throw if sending the ether to the caller fails. If for some clever reason an attack is successful, FLO exchange can be suspended by committee or vote.

Sirus Knight is the Co-Funder of Social Kapital

--

--