During the last day with the help of the community, we have overcomed a list of all the main bugs with smart contracts on Ethereum so far, including the DAO as well as various flights and losses of token 100-10000 smaller.
This list (original source here) is as follows:
We can classify the list by categories of bugs:
- Variable denomination mixtures / function: Fireponzi, Rubixi
- Public data that should not have been public: the RNG Public seed casino, RPS TRICHABLE
- Renentère (a call B call a): the Dao token, Maker’s Eth-Backed
- Sends the failure due to 2,300 gas limits: king of ether
- Arrays / loops and gas limits: government
- Theoretical weaknesses of play much more subtle where at the limit, people debate even if they are or not bugs: Dao
Many solutions have been offered to the safety of smart contracts, ranging from better development environments to better programming languages to formal verification and symbolic execution, and researchers have began to develop such tools. My personal opinion on the subject is that an important main conclusion is as follows: Progress in the safety of intelligent contracts will necessarily be in layers, increasing and necessarily depend on the defense in depth. There will Be other bugs, and we will learn from other lessons; there Don’t go Be a single magic technology that solves everything.
The reason for this fundamental conclusion is as follows. All the flight or intelligent contract loss instances – in fact, The very definition Theft or loss of intelligent contracts, it is fundamentally differences between implementation and intention. If, in a given case, the implementation and intention are the same thing, then any “theft” body is in fact a donation, and any example of “loss” is voluntary, economically equivalent to a donation proportional to the community of the ETH token holder by deflation. This leads to the next challenge: The intention is fundamentally complex.
The philosophy behind this fact was the best formalized by the Association’s research community, where the names of “is called”Value complexity” And “fragility of value“. The thesis is simple: we, as human beings, have very many values and very complex values - so complex that we are not able to express them fully, and any attempt to inevitably contain an overdated angle case. A supentil IA to cure cancer, and it will obtain 99.99% of the way through moderately complex adjustments in molecular biology, but He will soon go to what he can remove this up to 100% by triggering human extinction thanks to a nuclear war and / or a biological pandem.
In intelligent contractual land, the situation is similar. We think we appreciate things like “equity”, but it is difficult to define what equity even means. Maybe you want to say things like “it should not be possible for someone to fly 10,000 eTh to a DAO”, but what happens if, for a given withdrawal transaction, the DAO has really approved the transfer because the recipient has provided precious service? But then, if the transfer has been approved, how do we know that the mechanism to decide that this was not fooled by a theoretical vulnerability of the game? What is theoretical vulnerability of the game? What about “separation”? In the case of a blockchain-based market, what about the foreground? If a given contract specifies a “owner” which can receive costs, what happens if the possibility for anyone to become the owner is really part of the rules, to add to the pleasure?
All this is not a strike against experts in formal verification, theory of types, strange and other programming languages; The smartest know and already appreciate these problems. However, this shows that there is a fundamental obstacle to what can be accomplished, and “equity” is not something that can be manifested mathematically in a theorem – in some cases, all the allegations of equity is so long and complex that you must ask yourself if all the claims itself could have a bug.
Towards an attenuation path
That said, there are many areas where the divergence between intention and implementation can be considerably reduced. A category consists in trying to take common models and to code them in hard: for example, the Bug Rubixi could have been avoided by making owner a keyword that could only be initialized to match Msg.sender in the manufacturer and possibly transferred to a transfer function. Another category is to try to create as many standardized intermediate level components as possible; For example, we may want to discourage each casino from the creation of their own generator of random numbers, and instead direct people to Randao (or something like My proposal Randao ++once implemented).
A larger category of solutions, however, implies mitigating the specific and non -intuitive quirks of the EVM execution environment. These include: the gas limit (responsible for government loss, as well as losses due to consumption too much gas during the acceptance of a shipment), profitability (responsible for the DAO contract and the ETH manufacturer) and the line of calls. The call battery limit, for example, can be attenuated through This EIPwhich essentially elect it from consideration by substituting its objective with a change in gas mechanics. Recentment could be prohibited squarely (i.e. a single execution body of each contract authorized at one point), but this would probably introduce new forms of non-interest, so a better solution is probably necessary.
The gas limit, however, does not disappear; Consequently, the only solutions are likely to be within the development environment itself. Compilers must launch a warning if a contract consumes no less than 2,300 gases if it is called without data; They should also launch a warning if a function does not end prudent in a safe quantity of gas. The names of variables can be colored (for example, RGB based on the first three bytes of the owner of the name), or perhaps a heuristic warning could be given if two names of variables are too close to each other.
In addition, there are coding models that are more dangerous than others, and although they are not prohibited, they must be clearly highlighted, forcing developers to justify their use. A particularly involved example is as follows. There are two types of call operations that are clearly safe. The first is a shipment which contains 2300 gases (provided that we accept the standard according to which it is the recipient’s responsibility not to consume more than 2,300 gases in the case of empty data). The second is a call to a contract in which you trust and which is itself already determined to be sure (note that this definition prohibits reversal because you must then prove that A is sure before proving that A is sure).
It turns out that many contracts can be covered by this definition. However, not everyone can; An exception is the idea of an “decentralized general use” exchange contract where anyone can place orders offering to exchange a given quantity of assets A for a given quantity of assets B, where A and B are arbitrary ERC20 Compatible chips. We could conclude a special use contract for some assets, and thus fall under the exemption of “Callee of trust”, but having a generic seems to be a very precious idea. But in this case, the exchange should call transfer And transfer of Unknown contracts and, yes, give them enough gas to run and possibly make a return call to try to exploit the exchange. In this case, the compiler may want to throw a clear warning unless a “mutex lock” is used to prevent the contract from being accessible again during these calls.
A third category of solutions is deep defense. An example, to avoid losses (but not thefts), is to encourage all contracts which are not intended to be permanent to have an expiration date, after which the owner can take arbitrary measures on behalf of the contract; In this way, losses would only be possible if (i) the contract hides, and simultaneously (ii) the owner is missing or dishonest. Trusted “owners” can emerge to mitigate (II). Flights could be attenuated by adding waiting periods. The DAO problem was greatly attenuated because the child DAO was locked up for 28 days. A functionality proposed in the makedao consists in creating a delay before any change of governance becomes active, allowing holders of unhappy tokens of the change time to sell their tokens; It is also a good approach.
Formal verification can be superimposed on top. A simple use case is a means of proving termination, considerably attenuating the problems linked to the gas. Another use case proves specific properties – for example, “if all participants end, they can withdraw their money in all cases”, or “if you send your tokens to this contract, you are guaranteed to obtain the amount of token B that you want or to reimburse yourself entirely”. Or “this contract is part of a limited solidity subset which makes strengthening problems, gas problems and calls” impossible.
A final note is that, although all concerns have been accidental bugs, malicious bugs are an additional concern. To what extent can we really be confident that decentralized Makerdao exchange has no flaw that allows them to withdraw all funds? Some of us in the community can know the Makerdao team and consider them as kind people, but the total objective of the safety model for smart contracts is to provide guarantees strong enough to survive even if it is not the case, so that entities that are not well connected and established to people to make them automatic security. Consequently, all controls or protruding facts should not only exist at the development environment level, they should also exist at the level of block explorers and other tools where independent observers can check the source code.
The specific action measures that can be taken by the community are:
- Take the project to create a higher development environment, as well as an explorer of blocks / higher source code, which includes some of these features
- Standardization of as many components as possible
- Take the experimentation project with various intelligent contract programming languages, as well as formal verification and symbolic execution tools
- Discuss coding standards, EIP, solidity changes, etc. which can alleviate the risk of accidental or deliberate errors
- If you are developing an intelligent contract application of several million dollars, plan to reach out to security researchers and work with them on the use of your project as a test for various verification tools
Note that, as indicated in a previous blog article, devugrants and other subsidies are available for a large part of the above.
