Blockd Build: Active Smart Contract Security
Blockd Build is Blockd’s active smart contract security.
With Build, we use the Blockd Protocol to frontrun pending hacks before they do any damage to a smart contract. To do this we store a “kill switch” transaction that is pre-signed by the owner of a contract (in our demo’s case, a temporary pause), then we customize a Blockd defense for each company’s smart contracts.
This defense checks for malicious activity in any vector that may be at risk, such as a reserve balance being lowered by a substantial amount or the owner of the contract changing without a legitimate call, then intervenes in any hacks that may happen — all without ever knowing there was a vulnerability and without any special privileges over the contract.
This trigger actually protects not only against a possible bug in the smart contract but also malicious Oraclize activity.
To go through aspects of Blockd Build, we’ll be talking about a very vulnerable demonstration contract system we’ve created. This Blockd Build defense is made to demonstrate protection on smart contract systems (such as a large amount of multisig wallets) in addition to individual contracts. There are many vulnerable contracts and, no matter which a hack may occur on, the entire contract system can be paused by calling a central contract.
These contracts are very vulnerable: they have a transferOwner function that does not require an owner to call it, a withdraw function that does not check whether a user has the balance to withdraw, and an Oraclize callback that does not check whether Oraclize is calling. These contracts are in a similar form to a smart contract wallet system where they are all identical, but they can all be paused at once through a central contract.
This contract has no reason to ever be interacted with by another contract, so our first trigger will be an alert if any other contract calls our demonstration contract. This alert will not enact a pause as it is not surely going to do damage, but it will tell developers there are likely malicious actors looking into their contract.
The second trigger will be for owner transfers. With this, we trace the pending transaction and check if the owner is going to be changed. If it is, we check whether the transaction was sent by the current owner of the contract. If not, we immediately pause the contract because this is a sure sign of a hack. Remember, this may not work for every contract that has an owner as — in the case of smart contract wallets, for example — the owner may sign a transaction that is then sent by an intermediary. Each Build system is customized for the specific needs of each smart contract.
The third trigger will be for withdrawals. Here we use the pending transaction trace to check if Ether is going to be withdrawn from the contract and, if so, check if the user’s balance would allow that. If more is going to be withdrawn than should be allowed, Blockd Build immediately pauses the contract before the transaction can get through.
The fourth and last trigger for this small demo looks at Oraclize callbacks. This trigger actually protects not only against a possible bug in the smart contract but also malicious Oraclize activity. For this, we check the transaction input if the Oraclize callback is being called, then we call the API that Oraclize should have gotten information from. If these values differ, we immediately send the stored pause transaction.
…every contract is different
These triggers are just a few examples of what we can protect against using Blockd Build. They were chosen to be a set of very clear, basic vulnerabilities that cover a good amount of ground. More specific triggers such as alerts when a contract calls within its constructor, alerts if a large number of calls take place in a block, shutdown if a transaction with more gas than should ever be used on your contract takes place, and many more are all possible and each Blockd Build defense will cover as wide of a variety of hacks that could affect the protected contract as possible.
In addition to this, the “kill switch” functionality — in the demo’s case a pause function — can be changed for each contract system. A pause may work for some, but, again, every contract is different and one may be able to withdraw all funds from a contract while another may not be able to do more than send a full set of alerts to draw attention to it as soon as possible.
…active smart contract security is an absolute necessity
As demonstrated by the recent DeFi hacks, this system is crucial for the Ethereum ecosystem: no matter how carefully vetted your contracts are, they are always at risk — and when your contracts are at risk, your company often is as well. At Blockd, we’re working on making Ethereum and the blockchain ecosystem as safe as possible, and, to do this, active smart contract security is an absolute necessity.
Visit https://blockd.co for more information on Blockd Build, our other product, Blockd Basic, and more details on each. If you would like to talk about getting protected by Blockd Build, send us an e-mail at Contact@blockd.co.
