Are blockchains really safe? Assessing the security of consensus schema
An exploited vulnerabiliy in the Parity Multi-sig library wallet
Nowadays blockchain and cryptocurrency-based wallets are becoming more and more popular for security guarantees. Despite their success, a number of attacks have been carried out due to vulnerabilities in the implementations of blockchain technology. Ethereum, a blockchain-based distributed computing platform, recently has been targeted by a number of hacking teams.
Last July 19th 2017 a huge attack occurred. A vulnerability in the Parity Ethereum wallet client was exploited to stole more than 150,000 Ether (worth close to US $32M).
The hack was possible due to a flaw in the Parity’s multi-sig contract.
Multi-sig (“multiple-signature”) wallets are accounts of Ethereum operating under the control of multiple users with their own keys. Cryptocurrency founds can be moved out of a wallet if a majority of the accounts sign transactions with their keys.
As soon as the Parity’s team discovered the attack they fixed the multi-sig wallets library contract, a special smart contract deployed on Ethereum that works as a library providing functions for other contracts, by proposing a new version of the contract on July 20th.
However there was another vulnerability in that relase related to the ownership of the library contract. Indeed, since the library contract was itself a contract it had the same functionalities and requirements of a wallet like
(i) the initialisation for the ownership (ii) the self-distruction function designed for retiring the wallet.
The re-deployed fixed library contract was left uninitialised leaving to anyone the possibility to call theinitWalletfunction to take the ownership of the library.
On Monday November 6th 2017 02:33:47 PM UTC an anonymous user identified the uninitialised owner in the contract deployed in July and chose to initialise it by injecting this transaction:
thereby setting themselves as the owner of the library contract. Subsequently, the user destructed this component by calling the kill function.
This function basically destroys the contract, clears its storage and code, sending remaining funds to the owner (which is zero, since the library contract holds no funds). This operation maks all multi-sig contracts deployed on the library unusable and funds frozen since their logic (any state-modifying function) was inside the library.
All dependent multi-sig wallets that were deployed after 20th July functionally now look as follows:
contract Wallet {
function () payable {
Deposit(...)
}
}
This means that currently no funds can be moved out of the multi-sig wallets.
This action blocked funds in 587 wallets holding a total amount of 513,774.16 Ether (close to US $230 million).
Actually Parity Technologies have not jet unfrozen the affected founds and in their blog post they wrote:
We deeply regret the situation and we are working hard on several Ethereum improvement proposals(EIPs), both contributing to previously existing ones and suggesting new ones that have the potential to unblock funds. These improvement proposals will also address general cases of blocked funds.
There is no timeline for when such an improvement proposal could be implemented; we will follow the will of the community and go through the regular EIP process like any other protocol improvement. Parity Technologies will handle much of the development work around these proposals and work constructively with the Ethereum Foundation team and the community towards further protocol layer development. We are committed to the continued development of Ethereum.
Actually the Parity Technologies team have removed the possibility to deploy multi-sig wallets until they have the correct security and operations procedures in place. Finally they outline future works to address operational security issues and underline their interest in collaborations with research teams focused on tooling, language research, and testing.
Assessing the security of blockchain consensus schema
Along this topic, as Cyber Security Group of the University of Southampton, we investigated the Proof-of-Authority (PoA), a new approach to achieve consensus in a private setting, against the well-known PBFT.
We compared security aspects of Aura and Clique, i.e. two different PoA implementations employed respectively in Parity and Geth Ethereum clients. We performed an analysis based on the CAP Theorem to assess safety and liveness guarantees.
Below the link to the paper:
From our analysis we found out a possible attack to Aura:
a desynchronisation of the physical clock of a set of peers may lead to a fork, i.e. a consistency issue between the ledger replicas that make the value stored to the blockchain unreliable.
As Internet by definition cannot guarantee accurate synchronisation, we summed up that the curent implementation of Parity makes it uneployable in a real Internet-based blockchain.
The review of the attack to Parity is mainly based on this blogpost https://paritytech.io/blog/security-is-a-process-a-postmortem-on-the-parity-multi-sig-library-self-destruct.html
