Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific...
Transcript of Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific...
![Page 1: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/1.jpg)
ReplayAttacksonEthereumSmartContracts
ZhenxuanBai,YuweiZheng,KunzheChai SenhuaWang
![Page 2: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/2.jpg)
Aboutus
• 360TechnologyisaleadingInternetsecuritycompanyinChina.Ourcore
productsareanti-virussecuritysoftwareforPCandcellphones.
• UnicornTeam(https://unicorn.360.com/)wasbuiltin2014.Thisisagroup
thatfocusesonthesecurityissuesinmanykindsofwireless
telecommunicationsystems.Theteamalsoencouragememberstodoother
researchthattheyareinterestedin.
• HighlightedworksofUnicornTeaminclude:
– Low-costGPSspoofingresearch(DEFCON23)
– LTEredirectionattack(DEFCON24)
– Attackonpowerlinecommunication(BlackHatUSA2016)
![Page 3: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/3.jpg)
PPT www.1ppt.com/moban/PPT www.1ppt.com/sucai/PPT www.1ppt.com/beijing/PPT www.1ppt.com/tubiao/PPT www.1ppt.com/xiazai/PPT www.1ppt.com/powerpoint/
www.1ppt.com/ziliao/ www.1ppt.com/fanwen/www.1ppt.com/shiti/ www.1ppt.com/jiaoan/
PPT www.1ppt.cnPPT www.1ppt.com/kejian/www.1ppt.com/kejian/yuwen/ www.1ppt.com/kejian/shuxue/www.1ppt.com/kejian/yingyu/ www.1ppt.com/kejian/meishu/www.1ppt.com/kejian/kexue/ www.1ppt.com/kejian/wuli/www.1ppt.com/kejian/huaxue/ www.1ppt.com/kejian/shengwu/www.1ppt.com/kejian/dili/ www.1ppt.com/kejian/lishi/
Part1 Part2 Part3 Part4
TheMainIdea
BackGround DemonstrationSafetyProblem ReplayAttack
![Page 4: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/4.jpg)
Part1
Back Ground (Blockchain & smart contract & Ethereum)
![Page 5: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/5.jpg)
What is Blockchain?
Blockchain is:
ALarge-scalegloballydecentralizedcomputer
network
Asystemthatuserscaninteractwithbysending
transactions
—Transactionsareguaranteedby
ConsensusMechanism
![Page 6: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/6.jpg)
Advantages of Blockchain
• havingtheunifieddatabasewithrapidconsensus
• Withlarge-scalefault-tolerantmechanism
• Notrelyingontrust,notcontrolledbyanysingleadministratoror
organization(notforprivate/consortiumblockchain)
• Audit-able:externalobserverscanverifytransactionhistory.
• Automation:operatingwithouthumaninvolvement.
![Page 7: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/7.jpg)
What on-earth can Blockchain do?
Cryptocurrency: digital assets on the Blockchain
Therearetokensinthepublicblockchainsusedtolimittheratesofupdatingtransactions&powerthemaintenanceofBlockchain.
RecordRegistration(suchastheDomainNameSystembasedonBlockchain.Timestamptotrackhighvaluedata
FinancialContractsGeneralComputation
Non-monetary Characteristics
Support Functionalities
![Page 8: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/8.jpg)
Ethereum
About 2013, the public realized that Blockchain can be used in hundreds
of applications besides cryptocurrency, such as asset issuance,
crowdfunding, domain-name registration, ownership registration, market
forecasting, Internet of things, voting and so on.
![Page 9: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/9.jpg)
How to realize?
Smart contracts are pieces of code that live on the Blockchain and execute commands exactly how the were told to.
“smart contract" - a computer program running in a secure environment that automatically transfers digital assets according to previously arbitrary rules.
business people
Developer
Smart Contract
![Page 10: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/10.jpg)
How to build one?
■ Blockchain with built-in programming language
■ maximum abstraction and versatility
■ it is very ideal to process smart contracts
Ethereum
![Page 11: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/11.jpg)
Ethereum
EVM: It is the operating environment for smart contract in
the Ethereum. It is not only encapsulated by a sandbox, but
in fact it is completely isolated, that is, the code that runs
inside the EVM does not have access to the network, file
system, or other processes. Even smart contracts have
limited contact with other smart contracts.
Operating System
![Page 12: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/12.jpg)
Contract usage scenario
Hedging contracts, Savings Purse, Testamentary contract
Financial scenario
Online voting, De-centralized governance , Domain name registration
Non-financial scenario
![Page 13: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/13.jpg)
Part2
Related Safety Problem
![Page 14: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/14.jpg)
The Ecology of the Ethereum
On average, there are 100 thousand of new users join the
Ethereum ecosystem every day. The users are very
active, with an average daily transactions of more than 1
million times on Ethereum.
![Page 15: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/15.jpg)
The safety issue of the Ethereum
attackandtokensteal
exchange
probabletobehijacked
wallet
overflowattack
smart contract
main parts
![Page 16: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/16.jpg)
The security problem of smart contract
April2018,
BECcontract
May2018,
EDUcontract June2018,
SNCcontract
Directlyaffectsthemajor
exchanges,includingthe
issue,rechargeorcash
withdrawalofthetokens.
![Page 17: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/17.jpg)
Vulnerability in Smart Contracts
According to < Finding The Greedy , Prodigal , and Suicidal Contracts at Scale>, In March 2018, nearly 1 million smart contracts were analyzed , among which there are 34200 smart contracts can be easily attacked by hackers.
![Page 18: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/18.jpg)
How to lower the probability of loss ?
A complete and objective audit is required for smart contracts.
The emergency response can be made when the vulnerability was found in Smart Contracts
Reward can be provided when someone detect any bug .
![Page 19: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/19.jpg)
Replay attack on smart contract Part3
![Page 20: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/20.jpg)
What are we care about - Replay attack Replayattack:IfatransactionislegitimateononeBlockchain,itisalso
legitimateonanotherblockchain.
WhenyoutransferBTC1,yourBTC2/BTC3maybetransferredatthesametime.
![Page 21: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/21.jpg)
Our discovery
Manysmartcontractsadoptthesamewaytoverifythevalidityof
thesignature,anditispossibleforreplayattack.
![Page 22: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/22.jpg)
Our motivation
Weproposedthereplayattacksinthesmartcontracts,whichhopeto
attracttheuser’sattention.
Wedetectthevulnerabilityinsmartcontracts,whichhopetomake
themmoresecure.
Wehopetoenhancetheriskawarenessforcontractcreatorand
ensuretheinterestsofinvestors.
![Page 23: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/23.jpg)
� wefoundthereplayattackproblemexistsin52smartcontracts.
� We analyzed the smart contract example to verify the replay
attack.
� Weanalyzedthesourceandprocessofreplayattacktoexpound
thefeasibilityofreplayattackinprinciple.
� Weverifiedthereplayattackbasedonthesignature
vulnerability.
� Weproposeddefensestrategytopreventthisproblem.
Our Contribution
![Page 24: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/24.jpg)
• Judging whether the contract is accord with the ERC20 standard.
we set three scanning standards to discovery the smart contracts which have the VULNERABILITY.
require(totalsupply>0)
Vulnerability Scanning
![Page 25: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/25.jpg)
• Get the name of the contract to determine
whetherthenameisvalid.
Vulnerability Scanning
![Page 26: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/26.jpg)
• Filtersmartcontractsvulnerabletoreplayattack.
ScanningResult:52riskytargets
Vulnerability Scanning
![Page 27: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/27.jpg)
![Page 28: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/28.jpg)
● It has been confirmed(proved) that there are two smart
contractsallowproxytransactions..
● Ifthetwosmartcontractsuseasimilarmechanismandshare
thesametransactionformat.
● Whenatransactionhappensinonecontract,thistransaction
will be also legal in another contract, and the replay attack
willbesuccessfullyexecuted.
Why does the replay attack occur?
![Page 29: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/29.jpg)
The issue lies in this line: bytes32 h = keccak256(_from,_to,_value,_fee,nonce);
Example
![Page 30: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/30.jpg)
Attack Process
![Page 31: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/31.jpg)
● wechosetwoERC20smartcontracts,theUGTcontract
andtheMTCcontract.
● wecreatedtwoaccounts,AliceandBob● we deposit some tokens in the two accounts in UGT
contractsandMTCcontracts.
● atleastoneEthereumfullnode
Experiment condition
![Page 32: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/32.jpg)
Step one: transaction records on the Ethereum were
scannedtofindoutaccountswhichhadbothUGTtokens
andMTCtokens(weusetwoaccounts,AliceandBob).
Verification of the replay attack process
![Page 33: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/33.jpg)
Steptwo:BobinducedAlicetosendhim2UGTtokens.Thetransactioninputdata
isshownasbelow:
Function: transferProxy(address _from, address _to, uint256 _value, uint256
_feeUgt,uint8_v,bytes32_r,bytes32_s)
MethodID:0xeb502d45
Verification of the replay attack process
![Page 34: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/34.jpg)
Step three: Bob take out the input data of this transaction on theblockchain. The parameters “from, to, value, fee, v, r, s”were extracted
from [0]- [6] in step two. The following is the implementation of the
transferfunction.
Verification of the replay attack process
![Page 35: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/35.jpg)
Stepfour:Bobusetheinputdatainstep2toexecuteanothertransferinthe smart contract of MTC. The result of this transaction is shown as
below.
Verification of the replay attack process
![Page 36: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/36.jpg)
Stepfive:Bobgotnotonly2UGTtokensbutalso2MTCtokensfrom
Alice.Inthisprocess,thetransferof2MTCtokenswasnotauthorized
byAlice.
Verification of the replay attack process
![Page 37: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/37.jpg)
Part4Demonstration
![Page 38: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/38.jpg)
Select contract
Account setting
genesis.json
the UGT contract and the MTC contract
• AliceandBob
• Alice(thesender):0x8e65d5349ab0833cd76d336d380144294417249e
• Bob(thereceiver):0x5967613d024a1ed052c8f9687dc74897dc7968d6
• Bothownsometokensfortransferring.
UGTToken:0x43eE79e379e7b78D871100ed696e803E7893b644
MTCToken:0xdfdc0D82d96F8fd40ca0CFB4A288955bECEc2088
![Page 39: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/39.jpg)
Core code
![Page 40: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/40.jpg)
Demo
Demo
![Page 41: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/41.jpg)
ByApril27th,2018,loopholeofthisreplayattackriskexistsin52
Ethereumsmartcontracts.
accordingtothevulnerabilityofthereplayattack:
l High-risk group (10/52): no specific information is contained in the signature of
smartcontract,whichthesignaturecanbefullyreused.
l moderate-risk group (37/52): fixed string is contained in the signature of smart
contract,whichtheprobabilityofreusingthesignatureisstillhigh.
l Low -risk group (5/52): the address of the contract (1 in 5) or the address ofsender (4 in5) is contained in the signature of smart contract. There are strong
restrictions,butthereisstillownthepossibilityofreplayattacks.
Statistics and Analysis
![Page 42: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/42.jpg)
l Replayinthesamecontract(5/52)
MiracleTele RoyalForkToken FirstBlood KarmaToken KarmaToken2
l Cross-contractsreplay(45/52)Besides,wedivided these 45 contracts into 3 groups, for the specific prefix
dataused in thesignatures.Cross-contracts replaysmayhappenamongany
contractsaslongastheyareinasamegroup.
Accordingtofeasiblereplayattackapproaches:
Statistics and Analysis
![Page 43: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/43.jpg)
ü Group1 thespecificprefixdata1usedinthesignatures(28/52)
ARCCoin,BAF,ClaesCash ClaesCash2 CNF,CWC,DET,Developeo,
Envion,FiCoin,GoldCub JaroCoin metax,metax2 NODE,NODE2,NPLAY,
SIGMA, solomex, Solomon Exchange, Solomon Exchange2, Trump Full Term
Token,TrumpImpeachmentToken,X,ZEUSTOKEN ZEUSTOKEN2,cpay.
ü Group2 the specific prefix data 2 used in the signatures (7/52)
"\x19EthereumSignedMessage:\n32" Acore CLC CLOUT CNYToken,CNYTokenPlus,GigBit The4th
PillarToken,
Statistics and Analysis
Accordingtofeasiblereplayattackapproaches:
![Page 44: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/44.jpg)
ü Group3 nospecificprefixdatausedinthesignatures(10/52)
BlockchainCuties First(smt),GGToken M2CMeshNetwork M2C
Mesh Network2 MJ comeback, MJ comeback2, MTC Mesh Network,
SmartMeshToken,UGToken
l Replaybetweentestchainandmainchain(2/52)
MeshBoxMeshBox2
l Replaybetweendifferentmainchain(0/52)
Accordingtofeasiblereplayattackapproaches:
Statistics and Analysis
![Page 45: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/45.jpg)
Accordingtothetradingfrequencyofabove-mentioned
contracts
By9:00April30th,2018,
• 24contractswerefoundwhichhavethetransactionrecordswithinoneweek,Theproportionis46.15%ofthetotalnumberofcontracts.
• 9contractswerefoundwhichhavethetransactionrecordsfromone
weektoonemonth,Theproportionis17.31%ofthetotalnumberof
contracts.
Statistics and Analysis
![Page 46: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/46.jpg)
According to the trading frequency of above-mentioned
contractsBy9:00April30th,2018,
• 16 contractswere foundwhich have the transaction records beyondonemonth,Theproportionis30.77%ofthetotalnumberofcontracts.
• 3 contractsOnly have the records for deployment. The proportion is
5.77%ofthetotalnumberofcontracts.
According to the comprehensive analysis, 63.46% of the
contracttransactionsarestillactive.
Statistics and Analysis
![Page 47: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/47.jpg)
Ø Thedesignersofsmartcontractshouldalwaysconfirmthe
suitable range of digital signature when designing smart
contracts.
Ø Thesmartcontractsdeployedonpublicchainshouldaddin
the specific information of the public chain such as the
chainIDandthenameofthepublicchain.
Ø Theusersofsmartcontractsneedtopayattentiontonews
andreportsconcerningtheloopholedisclosures.
Countermeasures
![Page 48: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/48.jpg)
p The security problems of smart contracts have been
widelyconcerned.
p Aslongasthesignaturewasnot limitedbythesmart
contracts,thereispossibilityofreplayattack.
p We believe that loopholes on the Ethereum smart
contractshavenottotallycometolight.
Conclusion
![Page 49: Replay Attacks on Ethereum Smart Contracts CON/DEF CON 26/DEF CON... · ü Group3 no specific prefix data used in the signatures (10/52) BlockchainCuties First(smt), GG Token M2C](https://reader034.fdocuments.net/reader034/viewer/2022052015/602ceadffee16b4fce137097/html5/thumbnails/49.jpg)