Defensive Security in Smart Contracts

Your basic guide to understanding why those audits are so darn expensive!

Photo by FLY:D on Unsplash

Defensive security is an approach that is used to exploit reliabilities to detect vulnerabilities in smart contracts

There are two types of cybersecurity, defensive & offensive. The difference is not in knowledge but in a change in perspective. In this article, we are going to explore the process of auditing smart contract security in an defensive fashion

What is a Penetration Test?

Also know as a “Pen-test”, In the context of decentralised systems & smart contracts, It is the process of evaluating systems, applications, smart contracts, dApps with the intent of identifying vulnerabilities from the perspective of an unprivileged or anonymous user to determine potential impacts legally and under contract. it's the job of the pen-tester commissioned by the subject project to test for bugs & vulnerabilities. Identifying the weaknesses of a smart contract is key for a hacker to exploit the contract. Pen-testers try to break into stuff before the bad guys do..

What is the difference between a Pen-tester and a Hacker?

• Pen-testers have prior approval from senior management
• Hackers have approvals from themselves.
• Pen-tester use social engineering attacks to raise awareness where hackers use it to trick users into sharing sensitive information that helps them do malicious acts

Types of code scans

Static Analysis

A preliminary layer of analysis where the codebase is examined without running on a test-net blockchain. The analysis must be done just after deployment and before dynamic analysis. The process provides an understanding of the code structure and can help to ensure that the code adheres to known smart contract standards.

Pros

• Find issues with the code before it is ready for integration and further dynamic testing
• it allows a faster turnaround of bug-fixes
• it can find weaknesses in the code at the exact location

Cons:

• Static analysis is an incomplete security tool and is not fully comprehensive.
• Only known attacks and issues can be scanned.

Dynamic Analysis

The process of testing smart contracts in a run-time environment, in other words, deploying the smart contract codebase on a blockchain and using dummy data to interact with the different functions within the contract. Most of the dynamic tools use symbolic analysis, unit testing, formal verification, and fuzzers to secure the smart contract

Fuzzing

Formal verification

verifying the correctness of the smart contract in a mathematical way,

Audit Methodology

Blackbox Testing

Blackbox testing is a way to test a system with no access to information about the system being tested. The tester has no knowledge of the system, the source code, or the system architecture. since this approach most attackers will take, BlackBox testing replicates the method a hacker would use to try to exploit the system

Pros:

• it's performed from an outsider's perspective, no the system designer's perspective
• it's reproducible
• it's efficient on larger systems

Cons

• Challenging to design
• Results can be overestimated
• Incapable of testing all software properties

Whitebox Testing

White box testing is also known as clear box testing or structural testing. This method of testing software checks the internal structure of an application. The tester has full knowledge of the system and access to the source code and architecture

Pros

• All independent paths of every module are checked
• Verified all logical decisions along with their values
• it checks syntax and uncovers typographical errors

Cons

• Testing is more difficult to design
• Requires specialised knowledge and tools
• It's more expensive

GreyBox Testing

Grey-box testing combines elements of black box and white box testing. It stimulates an attack by a hacker who has gained access to the network infrastructure documents. The tester has some knowledge of the system being tested, which is usually limited to design documents and architecture diagrams.

Pros:

• testing is performed from the user's perspective not the designer's
• there is no need to provide internal information about the program's operations and functions

Cons:

• There's limited ability to go over source code and test coverage
• Cannot test every possible input stream due to time constraints.

Reporting & Risk Assessment

After the completion of the smart contract audit, the findings need to be adequately documented in a comprehensive report. This report should include the identified vulnerabilities, their severity, potential impacts, and recommended mitigation measures. A well-prepared report can serve as a valuable tool for developers to understand, evaluate and rectify the vulnerabilities within the smart contract.

Some key elements of an effective smart contract audit report include:

1. Executive Summary: This section provides an overview of the audit, including the purpose of the audit, the scope, and a summary of the key findings.
2. Detailed Findings: This part delves into the specific vulnerabilities identified during the audit. Each vulnerability should be clearly explained, with information about its potential impact and severity.
3. Recommendations: Each vulnerability should come with a set of mitigation strategies. These are steps that developers can take to rectify or manage the risk associated with each vulnerability.
4. Appendices: This section can include additional details such as screenshots, code snippets, and references to further explain the findings or recommendations.

Risk Assessment

Risk assessment is an integral part of the audit process, helping developers and stakeholders understand the potential impacts of the vulnerabilities identified.

The risk associated with each vulnerability is typically determined based on two factors:

1. Impact: How severe would the consequences be if the vulnerability was exploited? The higher the potential damage, the higher the impact.
2. Likelihood: How likely is it that the vulnerability would be exploited? This could depend on factors like the complexity of the exploit or the potential reward for the attacker.

The combination of these two factors gives a vulnerability its risk rating, which helps prioritise which vulnerabilities should be addressed first.

Preventing Smart Contract Vulnerabilities

Preventing smart contract vulnerabilities is better than having to deal with them after deployment. Here are some proactive measures:

1. Coding Standards: Adhering to best practices in Solidity programming can reduce common coding mistakes that lead to vulnerabilities.
2. Regular Audits: Regular audits during the development lifecycle can help catch vulnerabilities early.
3. Using Proven Libraries: Using well-tested libraries can help reduce the risk of coding errors.
4. Testing: Thorough testing can identify vulnerabilities before deployment.
5. Learning from Past Mistakes: Many smart contract vulnerabilities are not new. Learning from past incidents can help avoid repeating the same mistakes

Auditing Tools

1. Mythril: This is a security analysis tool for Ethereum smart contracts. It uses concolic analysis, taint analysis, and control flow checking to detect a variety of security vulnerabilities.
2. Slither: Developed by Trail of Bits, Slither is a static analysis framework for Ethereum smart contracts. It can detect a variety of issues in smart contracts including reentrancy, suicide, and out-of-gas vulnerabilities.
3. Oyente: Oyente is another tool for smart contract analysis. It can check smart contracts for security vulnerabilities, bugs, and efficiency issues.
4. Securify: This is a comprehensive security scanner for Ethereum smart contracts. It offers a formal verification-based analysis to find and report security vulnerabilities.
5. Truffle Suite: Truffle is a development environment, testing framework, and asset pipeline for Ethereum, providing developers with tools for smart contract creation, compilation, deployment, and testing.

Proven Libraries

1. OpenZeppelin: OpenZeppelin offers a collection of reusable smart contracts for Ethereum and other blockchains. It’s widely regarded as a standard for secure smart contract development.
2. Consensys Diligence: ConsenSys offers a library of smart contracts along with a lot of other resources like best practices and a discussion forum.
3. DappSys: DappSys is a collection of Solidity libraries which are designed to be secure, simple, and flexible. They are widely used in the Ethereum ecosystem.

Remember that even with these tools and libraries, manual review of the codebase is critical. The human mind is currently unmatched in detecting logic errors or understanding the wider implications of the smart contract functionality. Automated tools are an addition, not a substitute, to a thorough audit process.