Skip to content

Latest commit

 

History

History
152 lines (128 loc) · 11.4 KB

Security.md

File metadata and controls

152 lines (128 loc) · 11.4 KB

Smart contract security

Education / best practices

Solana-specific

See SolanaProgramming/Security

Bughunting challenges:

Real-life vulnerabilities

Summaries

Notable issues and incidents, explained

This is only a sampling! We'd recommend that smart contract devs review all major exploits (the rekt leaderboard is a great starting point) to learn from previous failures.

Re-entrancy

Re-entrancy is a famous and common issue where the attacker can unexpectedly recursively call a function multiple times, to get the contract's state variables into an unexpected state.

Oracle attacks

Some AMMs provide on-chain oracle functions (i.e. to compute asset prices from the current state of their pools). Unfortunately, this could allow an attacker to manipulate the state of a pool (especially using a flash loan), then do something else on a different protocol which depends on that oracle price. Developers of protocols that depend on on-chain oracles for pricing should be especially cognizant of this.

Other interesting economic attacks

  • bZx 2020 exploit (Feb 2020)
    • lending protocol bZx allowed fancier functionality than a typical lending protocol, specifically allowing a user to put on a leveraged equity/debt position by routing to an AMM
    • a missing check caused the protocol to be fooled into taking a negative-value position while moving an AMM price way out of line
    • attacker made money by arbing the AMM back into line outside of the lending protocol, while abandoning the negative-value vault
    • another great description of this issue
    • another great description
  • Spartan Protocol LP share value calc issue (May 2021)
    • mechanical flaw in calculation of LP share value in a synthetic asset protocol

Bridge attacks

Bridges are complex because they involve multiple chains, and interaction with a third party. Also, from the perspective of a single chain, transfers to that chain just involve unlocking tokens (or minting claim tokens) from the bridge contract.

Missing checks

Uninitialized proxy

The proxy upgrade pattern is a very popular mechanism for making code upgradeable by moving business logic to an implementation contract while maintaining state on a proxy contract. The proxy contract maintains a (switchable) pointer to the implementation and delegatecalls to the implementation contract for business logic.

Unauthorized access

Frontend attacks

  • BadgerDAO Cloudflare exploit (Dec 2021)
    • frontend attack arising from Cloudflare bug which allowed attackers to preregister API keys by email address without email verification
    • attacker used access to inject malicious scripts that prompted users to authorize tokens via MetaMask.

Logic bugs

Arguably all bugs are logic bugs, but some seem like pure logic issues...

  • Compound overdistribution of governance token (Sep 2021)
  • Popsicle Finance exploit
    • bug in computing users' share of fees when LP shares are transferred
    • notable in that bug had been repeatedly exploited in other contracts, but was missed by creators and auditors
  • MonoX hack (Nov 2021)
    • vAMM protocol for trading synthetics
    • when user swaps A for B, vAMM updates price of A to be lower than before, then updates price of B to be higher than before
    • MonoX didn't prevent corner case where A == B, so user could use this to increase price of B
    • attacker used this repeatedly to pump internal price of MONO token, then swap MONO into a lot of real value
  • Opyn bug (Aug 2020)
    • bug stemming from special case for ETH transfers

Other