Erik's Security Blog Practicing Constant Vigilance

Reentrancy, reexamined

Reentrancy is a buzzword in web3 security that everyone seems to talk about, but acquiring the knowledge to discuss it intimately can be slightly difficult.

Explanation (with diagram)

Reentrancy is only an issue if there is a call to an external contract that allows the user to gain control of code execution. this is somewhat similar to vulnerabilities that can lead to code execution in traditional security, like a buffer overflow. Ether transfers, as well as callbacks in tokens like ERC721, ERC777, and ERC1155 are common reentrancy targets. Other reentrancy cases include where you see address.functioncall() where address is specified by user input. This allows the user to choose the external contract to call (see line 224 of Gauge.sol).

I don’t know if that article explains it best, but you could look at reentrancy findings in public audit reports and cross reference them with the source code to get a better idea of real world situations where it’s a problem.

Everyone uses ETH transfer example

This samczsun video is good about discussing the unsafe external calls: https://youtu.be/95_RmIAqRy0?t=349

Good example of non-standard re-entrancy vuln: https://github.com/code-423n4/2022-01-sandclock-findings/issues/32 Also: https://github.com/code-423n4/2022-01-sandclock-findings/issues/3 Another: https://youtu.be/95_RmIAqRy0?t=1016 ^Need to be thinking 1. Can a malicious input be provided to external callback to allow attacker-controlled code execution? 2. Even if malicious input cannot be provided, does an existing trusted input (e.g. ERC721, ERC777) enable a callback hook?

Reentrancy “types”

  1. Reentry to the same function (similar to a loop, but some state variable changes are skipped)
  2. Reentry to a different function (CREAM hack)

Real world examples

code4rena examples: https://github.com/code-423n4/2022-01-timeswap-findings/issues/6 https://github.com/code-423n4/2022-04-jpegd-findings/issues/81 https://github.com/code-423n4/2022-05-rubicon-findings/issues/350 https://github.com/code-423n4/2021-08-notional-findings/issues/10

Tokens with callbacks

Can ERC20 have a callback?

ERC777 quirk

https://twitter.com/danielvf/status/1514611664091422721?cxt=HHwWgoCprZTS_YQqAAAA

https://media.dedaub.com/latent-bugs-in-billion-plus-dollar-code-c2e67a25b689

Comparison to Slither

Under the hood:

Concluding Remarks

Comparing gas estimations

Many tools exist to estimate the gas consumed by a contract or piece of code. The question is, do all of these tools provide the same gas estimates when given the same code? Or are there differences?

Hardhat

Truffle

http://pitchandrolls.com/2020/01/13/solidity-how-to-estimate-gas-costs/

Remix

Brownie

Using Ethereum Browser Tools

A list to reference/review: https://github.com/OffcierCia/DeFi-Developer-Road-Map#transaction-visualization-scoring–tracking

  1. https://etherscan.deth.net/
  2. https://dashboard.tenderly.co
  3. https://etherscan.io
  4. https://ethtx.info/
  5. https://contract-library.com
  6. https://twitter.com/alfalfaleeks

https://remix.ethereum.org/ https://playground.ethers.org/ https://github.com/scaffold-eth/scaffold-eth

Web-based Decompilers

  1. https://ethervm.io/decompile
  2. https://etherscan.io/bytecode-decompiler
  3. https://eveem.org/ Honorary mention: Binary ninja plugin from Trail of Bits https://github.com/crytic/ethersplay

Data https://ethtective.com/ https://dune.xyz/

Tornado cash analyzer https://github.com/TutelaLabs/tutela-app

login to any Dapp in read-only mode https://apoorvlathey.com/impersonator/

https://shouldiusespotpriceasmyoracle.com/

Analytics & monitoring

  • https://nansen.ai/
  • https://www.breadcrumbs.app/
  • https://bloxy.info/
  • https://app.hal.xyz/auth/signin

Common Fork Problems

Compound

  • Compound is known to have broken check-effect-interaction patterns, but compound handles this by only listing vetted tokens
    • https://twitter.com/Hacxyk/status/1520370424680304640?cxt=HHwWgMCioZK2uJkqAAAA
    • https://twitter.com/danielvf/status/1509524569836691459?s=21
    • https://www.comp.xyz/t/reentrancy-protection-currently-broken/2573

vote escrow (ve) tokens

  • Solidly has a bug where frequent deposits and withdrawals increase rewards received https://github.com/belbix/solidly/issues/1
  • veCRV makes assumptions that 1. snapshot voting based on ERC20 token balance is used (erc20-balance-of snapshot strategy) 2. tokens cannot be withdrawn early after depositing

Mythril: Automated security analysis

Mythril is a security analysis tool that can be used to detect security issues in contracts. Unlike Slither, Mythril uses solc (not crytic-compile) and analyses the EVM bytecode. This feature allows it to run without the original source code, if such a need arises.

Where’s the Documentation

I found the readthedocs mythril documentation to have less detail than the CLI help messages. It’s easy enough to access the help messages using myth --help or myth a --help to learn about the different flags and arguments that can be provided.

Comparison to Slither

Under the hood:

Concluding Remarks