Malicious backdoors in Ethereum Proxies

A detailed explanation on how the Proxy pattern for smart contract upgradeability can be exploited.

Patricio Palladino
Jun 1, 2018 · 5 min read
Image for post
Image for post

Solidity function calls’ internals

Image for post
Image for post
A simple smart contract written in Solidity

The Proxy Pattern revisited

Much has been written about the Proxy Pattern, its different variations and their trade-offs. Regardless of the proxy pattern you choose, its core functionality will be the same: it forwards² all messages it receives to the current implementation of the contract.

Image for post
Image for post
A proxy contract implementation

Proxy selector clashing

Being a clever Ethereum dev, you may have realized that any function in the Proxy contract whose selector matches with one in the implementation contract will be called directly, completely skipping the implementation code.

Exploitability

The Proxy pattern is the current approach being used across the Ethereum ecosystem to make smart contracts upgradeable, and the selector clashing attack allows any project using it — or an attacker who’s obtained access to the upgrading mechanism — to deploy code that conceals malicious functionality.

Proposed solution

Before we found this vulnerability, Francisco Giordano from Zeppelin was already working on Transparent Proxies. It is an improved technique intended to let implementation contracts use the same function names as the Proxy without the possibility of a selector clash. This eliminates the attack.

Exercise for the reader

For those who want to dig deeper in how this vulnerability can be exploited, we put together a small exercise. Your task is to try to steal the ropsten-ETH in this contract, and figure out what’s happening. Keep in mind that it is a Proxy contract, so you should take a look at its implementation too.

Notes

  1. Messages are how accounts communicate with each other. When you send a transaction, you are sending a message to another account. They are usually called internal transactions when the sender is a contract.
  2. Messages are not actually forwarded like in a traditional proxy. What’s happening is that we execute the implementation’s code as if it were the proxy’s via a delegatecall.

Get a high-quality smart contract audit from Nomic Labs.

Nomic Labs

We design, build and audit decentralized systems.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store