Beginner’s Guide to Smart Contracts Security (1) — Using online tools to do security audit
Overview & Incentive
This tutorial will walk you through the common smart contract vulnerabilities, how to analyze it , and how to fix it using a simple graphical interface. This is written for the general public so no prerequisite is required! :)
The reason I started this series is that I want to reduce the barrier for developers/non-developers to get familiar with this topic and thus reduce unnecessary security loss or being hacked easily in the future.
Start Analyzing!
All you need to get started is a Chrome browser:)
- First, navigate to this website: https://oyente.melonport.com/
This is an online smart contract compiler + a security analysis tool called Oyente which gives you real time information of the contract status and points out what vulnerabilities you have and where is it. I chose this tool as it can be used within the browser and has nice community and credibility.(20 contributor and 413 stars on Github)
Below is a screenshot on how the website looks like. Simply paste your smart contract code in the middle section and click “Analyze”.
2. Copy & paste the following code to the browser and click “Analyze”
Here I use the vulnerability “Reentrancy Attack” as an example(to be explained below). The well-know DAO attack also suffered from this. Below is the smart contract example from Ethernaut.
pragma solidity ^0.4.17; contract Reentrance {
mapping(address => uint) public balances;
function donate(address _to) public payable {
balances[_to] += msg.value;
}
function balanceOf(address _who) public view returns (uint balance) {
return balances[_who];
}
function withdraw(uint _amount) public {
if(balances[msg.sender] >= _amount) {
if(msg.sender.call.value(_amount)()) {
_amount;
}
balances[msg.sender] -= _amount;
}
} function() public payable {}
}
3. You’ll see the analysis result in just a few seconds!
4. Click “Details” to know exactly at which line is the vulnerability
In the yellow box, we can tell that there are two problems in total and it is at line 15. However, noted that this is just a quick check without 100% guarantee the contract will not have other vulnerabilities.
5. Vulnerability Explanation
Here we focus on the re-entrancy vulnerability. There are two issues here that result in this vulnerability. First, in the withdraw() function, balances are cleared to zero AFTER sending the money out to the executor of this function. This means that balances may not be zeroed properly afterwards. (What if line 15 is being executed indefinitely?)
Second, the call function at line 15 may trigger the fallback function if the executor is also a smart contract given enough gas. That is, the attacker can run the withdraw() function within its fallback function and thus result in an infinite loop draining the original contract’s balances.
6. Quick Fix the vulnerability
Since the fallback function’s code cannot be properly executed if the gas provided is insufficient, one possible fix is to change line 15 to the following to limit the gas to 1000. With this gas amount, only events logging will be able to execute.
if(msg.sender.call.value(_amount).gas(1000)()) {7. Click “Analyze” again and see that we’ve solved the problem!
Wrap-up
Now you know how to analyze smart contracts, what is Reentrancy Attack, and how to avoid it.
I may also write a tutorial on how a hacker can perform this attack or introduce other vulnerabilities. Feel free to comment below if you have any suggestions on future topics!!
Thank you :)
