Ocular Coin minted and security audited

From July 17th to July 22nd, Chain Intelligence assessed the security of Ocular’s token distribution contract, located on the Ethereum blockchain at the address 0xa868f1f6c89250a8d7f9bb97a45940930b795809​[1]​. The contract was written in Solidity and was analyzed using both manual code review techniques and vulnerability discovery through symbolic evaluation.

The Ocular contract was built using well-tested ERC20 distribution code templates and makes use of secure libraries such as SafeMath, thus ensuring that no unauthorized administrative actions can be executed and that no common attacks such as integer under/overflow can be performed.

No vulnerabilities were found in the Ocular contract; the goals of the assessment and the analytic methods that were used to come to this conclusion are detailed below.

Scope and Goals

The scope of this assessment was limited to the single contract at the address above. Specifically, we aimed to answer the following questions:

• Do there exist methods for unauthorized agents to arbitrarily transfer tokens between addresses?
• Do there exist methods for unauthorized agents to gain ownership of the Ocular contract or otherwise trigger emergency stop protocols?
• Do there exist methods for unauthorized agents to arbitrarily mint new ERC20 tokens?
• Attacks on the blockchain as a whole, such as 51% attacks and selfish mining, were out of scope and were not examined as part of this assessment.

Methodology

Manual Analysis

Each function and contract within Ocular’s code was manually reviewed for traditional security vulnerabilities such as race conditions, possible denial of service, integer overflow and underflow, as well as blockchain-specific vulnerabilities such as re-entrancy, transaction ordering dependence, timestamp dependence, unchecked call returns, and various other minor liabilities.

The Ocular contract is comprised of one library (SafeMath) and nine contracts. SafeMath is an industry standard library for avoiding integer overflows and underflows via checking assertions and thus the Ocular contract is not vulnerable to any such exploits.

We attempted several common exploits on the contract, such as the ERC20 short address attack​[2]​ and known race-condition exploits in ERC20 ‘transferFrom’ methods​[3],​ but Ocular’s contract had the proper mitigation factors to stop these exploits (see contract code lines 81–86, 164 for examples). Moreover, each contract either has no state changes within, or does not have state changes before transfers and is thus not vulnerable to re-entrancy, the top decentralized application vulnerability according to the Decentralized Application Security Project​[4].​

Symbolic Evaluation

The Ocular contract bytecode was disassembled, organized into its basic blocks, and analyzed symbolically using proprietary Chain Intelligence tools. These tools checked heuristically for several common decentralized application bugs, including re-entrancy, access control, integer overflow and underflow, unchecked low-level calls, false entropy, timestamp dependence, and transaction ordering dependence.

Additionally, our tools generated a control flow graph which was then analyzed manually for possible combinations of path-conditions that may be exploitable. The methods employed for discovery were taken from both private Chain Intelligence research, academic publications such as “Making Smart Contracts Smarter”​[5]​ and “Finding The Greedy, Prodigal, and Suicidal Contracts at Scale”​[6]​ from the National University of Singapore, and other publicly released research[​ 7]​.

Assessment Summary

The Ocular contract was found to be completely free of security issues and no issues for remediation were identified. Ocular’s contract development team followed Solidity best practices and were clearly educated on common ERC20 vulnerabilities such as the short address and race condition attacks mentioned in our methods.

Our symbolic evaluation engine covered 100% of the Ocular code and found zero possible vulnerabilities, confirming the results of our manual testing.

References

1. Ocular Smart Contract, as viewed on Etherscan:
2. https://etherscan.io/address/0xa868f1f6c89250a8d7f9bb97a45940930b795809
3. Peter Vessenes. “The ERC20 Short Address Attack Explained.” 6 Apr. 2017,
4. https://vessenes.com/the-erc20-short-address-attack-explained/
5. Vladimirov, Mikhail. “ERC20 API: An Attack Vector on Approve/TransferFrom Methods.” 29 Nov. 2016, ​https://docs.google.com/document/d/1YLPtQxZu1UAvO9cZ1O2RPXBbT0mooh4DYKjA_jp-RLM
6. NCC Group. “Decentralized Application Security Project Top 10.” DASP, ​https://dasp.co/
7. Luu, et al. “Making Smart Contracts Smarter.” Oct 2016, ​https://eprint.iacr.org/2016/633.pdf
8. Nikolic, et al. “Finding The Greedy, Prodigal, and Suicidal Contracts at Scale.”
9. [1402.1128] 14 Mar. 2018, ​https://arxiv.org/abs/1802.06038
10. Manning, Adrian. “Solidity Security: Comprehensive List of Known Attack Vectors and
11. Common Anti-Patterns.” Sigma Prime, 30 May 2018,
12. https://blog.sigmaprime.io/solidity-security.html