logo
allArticlesConferencesPresentations

Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths

Conference:  BlackHat USA 2018

2018-08-08

Summary

Tools and considerations for analyzing and running Ethereum software
  • Running an Ethereum node requires significant storage and disk throughput
  • Tracing can be used to analyze contracts and identify vulnerabilities
  • Tools such as Ethersplay, Mythril, and Manticore can aid in analyzing Ethereum software
  • Considerations for running an Ethereum node include checking storage requirements and disk throughput
The speaker filled up a 500 gig SSD and a terabyte one before buying a 2 terabyte SSD to run an Ethereum node. They also noted that disk throughput is important and that syncing the blockchain doubled the total disk writes to their SSD. Tracing was used to identify a vulnerability in a contract involving an uninitialized variable being overwritten. Tools such as Ethersplay, Mythril, and Manticore were recommended for analyzing Ethereum software.

Abstract

In the blockchain, contracts may be lost but are never forgotten. Over 1,500,000 Ethereum smart contracts have been created on the blockchain but under 7,000 unique contracts have value today. An even smaller fraction of those have source code to analyze. Old contracts have been purged from the world computer's working memory but they can be reconstructed and analyzed. When a contract's purpose is fulfilled, the owner typically triggers a self-destruct switch that removes code and state. These steps are similar to what an attacker would do after hijacking a contract. Is it likely the self-destruct was intentional or performed by a trusted third party? Or was it a hack or fraud? By investigating the transactions leading up to the termination of a binary-only contract, we can determine if there was an attack. After identifying an attacker, we can find patterns that lead to a possible motive by carefully examining their other transactions. This presentation will introduce Ethereum smart contracts, explain how to reverse engineer binary-only contracts, describe common classes of vulnerabilities, and then show how to investigate attacks on contracts by demonstrating new tools that re-process blockchain ledger data, recreate contracts with state, and analyze suspect transactions using traces and heuristics.
Materials:
Slides
Tags:

Post a comment

Related work

The Ether Wars: Exploits, counter-exploits and honeypots on Ethereum

Conference:  Defcon 27
Authors:
2019-08-01

Attacking and Defending Blockchains: From Horror Stories to Secure Wallets

Conference:  BlackHat EU 2018
Authors:
2018-12-05

Constructing a Precise Dynamic Control-flow Graph for EVM based Smart Contracts

Conference:  Global AppSec Dublin 2023
Authors: Syue Siang Su
2023-02-16

About Directed Fuzzing and Use-After-Free: How to Find Complex & Silent Bugs?

Conference:  BlackHat USA 2020
Authors:
2020-08-06

Over-the-air remote code execution on the DEF CON 27 badge via Near Field Magnetic Inductance or World’s first NFMI exploitation, sorta or OTARCEDC27NFMIOMGWTFBBQ

Conference:  Defcon 29
Authors:
2021-08-01

A Vulnerable Tale About Burnout

Conference:  KubeCon + CloudNativeCon North America 2021
Authors: Julia Simon
2021-10-14