Highlights of DEFI security issues

The advent of blockchain technology has brought about changes in financial, personal data, shipping chains, cross-border remittances, and other traditional applications. In ~One of the hottest apps around.

According to the financial concept, the basis of DEFI is all tokens, and in general, the token types are classified according to token models such as the famous ERC20 and NFT (Non-homogeneous Token). ) model ERC721 etc. As the basis of DEFI, therefore, security concerns at the token level cannot be ignored.

Today, the technical team of Chengdu Lian'an will popularize the DEFI security problem to everyone. Token-level security issues:The first category is the problem of the token itself, and the second category is the security problem that arises in the interaction between the token and the DEFI.

#all.Token level issue

1. Teeb meem integer overflow

Why is digital overflow important? The main reason is that when this happens it can lead to more losses. Prior to 0.8.0 there was no overflow checking mechanism in EVM, especially for integer overflow issues in arithmetic, and after 0.8.0 Solidity introduced its own overflow checking mechanism , it is important not to have zero. There has been a problem in the past, but be aware that when using unverified keywords the interference numbers were not verified.

The integer overflow is usually split up and down, when the overflow occurrence is greater than the maximum overflow specified by the uint file type, going lower and starting the recalculation (usually 0). .

For example, the value of the value for uint8 is 0-255, and if the difference a with the data type uint8 gives the value 260, it changes to 0 (260-256) = 4 and the value of the previous one: 4. . Likewise, if the function difference is less than 0, you have an overflow problem. For example, if the difference b of type uint8 is given with b = 0-5, then the value of b is not -5 (type uint8 is an unsigned integer, so there is no integer well).) the value of b will be 256-5 = 251.

The figure below shows the multiTransfer function for a single token. When the function adds the input parameter token array, SafeMath is not used to check the passing numbers, so there is time for the client. of the set of TokensToTransfer to pass the small value on checks the balance and converts the large assets.

multiTtansfer function in the Ammbr contract

Changes change

Prior to version 0.8.0, it is recommended to tell the SafeMath library about safe operation of files, and when not used in version 0.8.0 or later, it is recommended to use tasks such as only have to check past results when using. unchecked.zoo.

2. Feature authorization error

Most license error errors are usually caused by negligence of the developer agreement. Many internal forces directly modify contract storage upon completion without complying with relevant assessments (eg change manager contract clearance, major call contract, etc.). Defining the visibility of this part of a feature to the public or to the outside creates a large security hole. The problem occurred with AVATerra Financial in October this year and the installation of a mint visibility modifier for the public, allowing all protesters to perform strike work.

AvaterraToken contract code

Changes change

Strict licensing is performed by sensitive tasks such as currency exchange and authorization, and business logic determines the visibility of these operations.

3. More energy

The manager has many contractual rights, the user has no control over ownership, and ownership is not stable. User assets can be reset at any time as long as the administrator has the right to modify and destroy the user's balance of needs, and if the administrator is not restricted, the tokens can be placed in several. The prices of tokens are falling sharply.

The figure below shows the function where the administrator can delete user tokens on demand, only the role decorator is used in the decorator, and the burnFrom function is rewritten so that the tokens of the specified account are corrupted.

High power BurnFrom function

Changes

Carefully review administrator policy resources and pay attention to the use of content that modifies user tokens and destroys user tokens in violation of the law. We recommend that you remove these passwords to protect the security of your device.

4. A void that arises on its own

This inconsistency is peculiar to the logic flaw, and when the user exchanges money for themselves, because many local exchanges are set up in the exchange, the exchanges overlap and discrepancies occur.

An example of this disadvantage is the Troncrashcoin token, and its exchange function is as follows.

1. Create new variables oldFromVal and oldToVal to keep the same balance

2. Create new updates newFromVal and newToVal store the new balance, namely oldFromVal _value and oldToVal _value.

3. Make newFromVal and newToVal equal to [_from] and equal to [_to]

The problem here is that the _to address is the same as the _from address, the previously decremented _value does not work by overwriting balance [_from] with the value of balance [_to], which for its problems. Exit _value However, there is no space to reduce _value.

Troncrashcoin _transfer function

Changes

After installation is complete, the operator should perform a full test of the project, ensure that all workplaces are operating normally, complete the measurement results of all callable operations and their input parameters, and ensure that the business logic meets the required requirements. . , and don't fall in love with the user. For example, evaluation of high frequencies, magnetic resonance imaging, and other special circumstances can determine whether a theory is satisfactory.

5. Items cannot be inspected properly.

If the demand for the product cannot be assessed during operation, the work may not meet the demand. If the coin is sent to address zero, the attacker can send any token to address zero. For example, some smart contracts have a fixed function that is used to freeze funds, but when exchanging tokens you should be careful with exchangeable tokens as they only identify back numbers and do not identify them. There is also a transferFrom to identify additional addresses. Blacklist validation has a similar problem.

Authorization to operate at address 0 has not been verified.

The change works for the refused change of address

The problem with NaughtCoin on ethernaut pulling a lot, for example, is that this ERC20 only restricts the switch to lockToken and does not turn on, so the attacker can request permission and send directly to withdraw the exit tokens via the standard erc20 interface.

NaughtCoin on Ethernaut kills a lot of things

Changes

All functions called by the user must recognize that they are not passed to them. Avoid excuses for using an incorrect parameter. Excessive non-compliance while using restricted functions will bypass the restriction or if there are other similar activities that may violate it.

6. Developer backdoor

Some executives ask a developer during development, in this case if the developer is leaving the back of the token, after the token that connects with the back end causes the project and users to crash. For example, the following is the backbone of the HJL token in the broadcast position, resulting in the flow of 1% more tokens to address 0xfa every time the token is issued, resulting in authenticity larger chips. beyond the declared value.

Outstanding Features of HJL Token

Changes

We recommend that you perform a series of tests before the tokens are uploaded and ensure that the hashes of the tokens are distributed in the same way as the hashes in the final audited version.

#B. Token issues in DEFI conferences

1. Different deflation token arbitrage exchanges

The deflationary token, represented by Safemoon, appeared on DEFI this year, and when users traded for these tokens, some tokens were destroyed, resulting in inconsistencies in the authenticity of revenue and expenditure. Therefore, if a DEFI project, like a bank, collects assets based on the number of exchanges, then the interaction with these tokens will lead to inconsistencies such as the actual asset of the project and its cost, which is easily accessible. by attackers like SafeDollar attacks.

The SafeDollar phenomenon is that when an attacker uses PLX tokens to exchange funds, the actual amount received is less than the amount deposited, and there is skepticism in the SdoRewardPool loan agreement and the Chinese Spirits proceeds. Manage the number of loan tokens in the SdoRewardPool contract library and then manage the rewards. Calculate and profit.

SdoRewardPool deposit agreement

Here we use the model which describes the computational value of gift A = the number of newly created SAO gift tokens / the number of PLX loan tokens in the library. Due to inconsistencies in the SdoRewardPool contract for the update of the gift and the special procedure in which the number of PLX token loans exchanged will not be the same for the number of recipients, the Chinese gift A has increased significantly. He then used another pre-strike contract to get the most out of the loan fees and get the most out of the SAO tokens.

Changes

Especially for the liquids industry, it is recommended to apply the currency changes before and after the contract modification based on the exchange rate received in the actual contract rather than when the instrument was passed through the user. Since today's profits have their own operating costs or they start to disappear, attackers can use them to make huge losses in order to avoid the difference between real money and money. real money.

2.Specification of Teeb meem token interface

When DEFI interacts with tokens, it conforms to the Collaboration Token Interface Specification, and if the token usage does not conform to the Interface Specification Specification, the logic of the code can make a difference. during the interaction. For example, a well-known USDT (USDT) number does not meet the ERC20 standard in some string codes, and the return value is not a standard in the USDT code between TRON and ETH. In Ethereum's USDT contract, the swap function returns, but since it was not announced when the bond was announced, subsequent recovery did not take place.

Convert Numbers to Large Ethereum USDT Contract

In addition, in TRON's USDT, the exchange position of the main contract receives the change of the parent contract. However, even if the parent contract job yielded a return value, the main contract job will definitely return incorrectly because the work is worth nothing in return.

Main contract transfer code TRON usdt

TRON usdt subcontract change code

Therefore, the USDT contract on these two channels does not comply with the ERC20 standard, and if DEFI does not pay attention to this issue, the funds will be included in the contract.

Changes change

When performing a token exchange, you must ensure that the named token exchange agreement meets the ERC20 standard. We are using SafeERC20 as a transition to a non-refundable exchange, but the conversion to TRON USDT does not meet its own TRC20 specification, so operations will be rescheduled. You need to enter a special function called SafeTransfer Disabled.

Three.ERC721, ERC777, ERC1155

Possibility of returning

The negative re-entry is easy to recognize, and of course, there is also the risk of re-entry tokens. A similar example is the SafeTransferFrom function of ERC1155, which calls the _doSafeTransferAcceptanceCheck function. However, in _doSafeTransferAcceptanceCheck, the onERC1155Received method called in case the target address is contractual, has a negative effect.

SafeTransferFrom is a function of the ERC1155

_DoSafeTransferAcceptanceCheck function in ERC1155

For example, in the contract below, a cancellation reduction is placed after safeTransferFrom. If the contract is not properly configured on ERC1155 to receive a re-entry, all tokens in the contract may be reversed more often.

Dangerous DEFI code

Contract

Changes change

Reentrancy vulnerabilities can be avoided by using verify-validate-interactive mode, and changes can be modified with official openzeppelin ReentrancyGuard. There is a risk of re-entry by filtering if there is an important function (balance correction, etc.) before an external call.

4. License is unrestricted

When a user interacts with a DEFI token, some DEFI operators may request unauthorized authorization directly from the user, but this is very nasty behavior. If there are complaints and problems in the front-end of the DEFI project or in the project, the user's security number is not guaranteed, so generally DEFI projects are optimized for users who choose optional values ​​to avoid unnecessary loss. symbolic assets. Well.

The UNICats Project Extraction Solution has the right to restrict. After depositing Uniswap (UNI) tokens, users can receive MEOW tokens provided by organizations affiliated with the mining industry. However, to participate in mining, the first end must provide users without permission. Users can redeem UNI tokens for the project and can also withdraw gifts and pledges, but parties can change the tokens at any time using the return contract. Therefore, users should pay attention to account authentication protection when joining DEFI. Users receive the wallet as soon as UniCats is authorized, but since authorization is usually a DEFI operation, users ignore the terms, which are usually limited to contracts.

Unlimited authentication notifications from MetaMask

Once the user receives the mining gift and redeems the pledge, they are already removed from the project, by which time it is usually easier to rest. Since the permission has not been revoked, the project contract has a backdoor that can be requested by the project party, and administrators can move users' UNIs by release. Then the party plan ran out with the deletion causing huge loss to the majority of users.

The backdoor is used by the contracting party of the UniCats project

Another example is the Degen Money project. The Degen Money project has developed a front-end in two trade agreements without leaving the secret door in a smart contract. Participants in Degen Money run the risk of stealing users' money. The first rule concerns contractual obligations, the second for malicious sites allows the attacker to use TransferFrom to withdraw money from the second address. The user invalidly withdraws the tokens from the contract and must revoke the authorization to prevent theft from occurring.

There are some websites that can provide query services to help users avoid similar situation. This allows users to understand the authorization information in a timely manner and avoid the risk of theft.

Changes

Authorization being a function of tokens, it is recommended that users pay attention to the security of their devices and not blindly trust the project part. Use the query website regularly to see if there is a risk of over-approval, then eliminate the time if found. Here is the address authentication request platform.

Binance Chain's official blockchain verification queries:

https://bscscan.com/tokenapprovalchecker

Ethereum Chain blockchain official authentication request:

https://etherscan.io/tokenapprovalchecker

Tools in the chain:

https://mycointool.com/ApprovalChecker