Abuse unlimited authorization -- is your address safe?

01

DeFi A fire 、Compound It's hot , The industry seems to be involved in this ecological , innovation 、 revolution , The day of ending centralization seems to be coming soon .

Predicting machine 、 Smart contract wallet 、 Decentralized lending 、 Decentralized trading 、 De centralization blah blah......

Many practitioners in the blockchain industry began to think optimistically DeFi The golden building has been basically completed .

02

however , stay DeFi On a clear sky , But there are still some disturbing dark clouds floating .

2020 year 4 month 18 Japan ,Uniswap Expose smart contract vulnerabilities , The loophole was exploited to steal hundreds of thousands of dollars of assets ;

2020 year 4 month 19 Japan ,Lendf.me Because of the same vulnerability , By a programmer （ Non hacker ） Stole tens of millions of dollars of assets ;

These two events , In the industry caused a storm , In especial Lendf.me Stolen , It has triggered a broader discussion ：

“ Who should bear the responsibility ？”

“ It seems that after decentralization, it is difficult to tell who to turn to when there is a problem ？”

“ Don't DeFi After that , Is it all the user's responsibility to lose money ？”

Fortunately, , For stealing Lendf.me I'm just an ordinary programmer , Not a professional hacker —— He doesn't know how to better hide his whereabouts . Because it leaked IP, And further positioned , In the end, the programmer can only voluntarily return the assets to avoid legal punishment .

In this matter ,Lendf.me The project parties and users can be said to be extremely lucky , They escaped the risk of huge asset losses and lengthy legal proceedings , From an industry perspective , It must be a good thing to find it . But good things are good things , Shrouded in DeFi The ecological dark clouds have not yet dissipated ,DeFi Is your future safe ？

03

About smart contract security , There have been many accidents in history , This dark cloud has always been there , This is also the risk and challenge that the industry needs to face all the time .

But what we want to talk to you today is another dark cloud , In terms of security , Another dark cloud is much less complex , But its impact is broader —— It affects almost every participant DeFi Users of .

The impact is obviously very serious , But it has been ignored by users and practitioners in the industry . This dark cloud is like the sword of Damocles , Hang on DeFi The top of , Whether you ignore it or not , It's always there , Looking at you quietly , Waiting for the chance to swallow you .

As the first article after the establishment of bitpie security laboratory , We will systematically explain this dark cloud to you , It will also include a complete smart contract case to demonstrate the asset security risks that this dark cloud may cause to ordinary users . Believe that through this article , Users can clearly realize , When you go to participate in Ethereum DeFi When it comes to Ecology , There are not so many risks you can inadvertently take , There are risks , Can be big enough to have no upper limit .

Before the formal discussion , Let me ask you a question first ：

Suppose you have 100 10000 etheric versions USDT, Now you decide to move to a centralized exchange 1 ten thousand . If something goes wrong （ For example, the exchange is attacked by hackers or the owner of the exchange runs away and so on ）, What is your upper risk limit ？

The answer is simple , Risk is just what you deposit 1 ten thousand USDT. The rest 99 Everything is in your wallet , Neither hackers nor exchange owners can take the money , All they can steal is that 1 ten thousand .

Okay , Now the same scene goes to DeFi in ：

Or suppose you have 100 ten thousand USDT, Now you decide to go to a decentralized DeFi In the contract 1 ten thousand , If something goes wrong （ The same is DeFi Intelligent contract / The project party is hacked or DeFi Boss running ）, What is your upper risk limit ？

still 1 Wan? ？ wrong ！ Your current risk ceiling is likely to become 100 ten thousand USDT, Even if the rest 99 ten thousand USDT Mingming is still lying quietly in your wallet , You can even take these very carefully USDT Keep it in a safe place and never touch the net 、 Absolutely safe hardware, the same in the cold wallet , Your millions of assets are likely to disappear in an instant ,BOOM！

Why is this so ？ The reason lies in the most basic authorization model of Ethereum Ecology .

When you access a smart contract , Smart contracts may be for “ Can more easily manipulate your assets ” Purpose , Apply to you for authorization , What does this authorization call look like ？

Now let's look for an authorization transaction from the chain ：

https://etherscan.io/tx/0x419d17e216cda75dd9635a752e9aedb8f43ed4bfe31a6f75ed8923779c73eb6e

The deal is simple , In fact, that is 【0x3693】 This address is authorized to 【Uniswap V2: Router 2】 Contract unlimited use of all their own USDT The power of .

What are the benefits of doing so ？

After completing the authorization operation ,Uniswap You can easily operate your assets , There are fewer subsequent calls , Fewer visits . Some contracts can even help you exchange money , in other words , Let you be without ETH In the case of a miner's fee , You can still invoke this contract .

The advantage of this authorization method is actually convenience （ Mainly for the convenience of the project party ）, So convenient that you don't even have to open your wallet , Can also help you transfer money .

“ what ？ You can transfer money without opening your wallet ？ Who can transfer my money ？”

That's the problem , As long as you authorize , The contract can be signed without your permission , Control all your assets . remember , It has nothing to do with how your private key is kept , Even if you keep your private key in your hardware wallet , Put it in the fridge and freeze it , The contract can still wipe out your money .

Okay , Now it's estimated that someone will say , Although the contract can transfer my money , But if the smart contract code is open source , And have been audited by a third party , There is no code to transfer my money , Is it safe for me ？

In fact, the security related to contract authorization has little to do with whether it is open source and whether it has been audited by a third party , Now? DeFi Most of the ecology （ Basically all ） Complex smart contracts , Can upgrade the code , in other words , Today's code may not be able to transfer your money , But tomorrow Owner Do evil and update the code , You can wipe out your money .

（ Here's a special note , After the contract code is upgraded, the contract address will change , So if Owner If you want to transfer your money , You need to authorize again , But considering all DeFi The authorization operation in the project and various wallet software is completed with one click , therefore , Regardless of the contract Owner Changed several versions of the code , In fact, users will not pay attention to . therefore , For ordinary users, they still face the same risk .）

After reading the sample of authorization transaction , Let's now look at the sample code of a contract ：

https://github.com/bitpie-wallet/erc20-approve-issue-demo/blob/master/contracts/ExchangeDemo.sol

In this example , We simulated a smart contract vulnerability , Suppose the contract developer accidentally ExchangeDemo The contract transfer Method access control permission is set to public. under these circumstances , As long as you authorize the contract , Even if you haven't done any transfer operation on the contract , Everyone else can just transfer everything from your wallet Token, It's that simple .

Of course , Contract loopholes in real situations can be complex , Specific manifestations are also diverse , But what we want to explain here is that if you accidentally write a loophole in the contract that can be used by a third party to use the authorizer's assets , It's not just the contract itself that's destroyed , The assets of all persons authorized by the contract will be stolen .

Someone might have said , Let's not write down the loopholes that can transfer the authorized assets ？

That's right , But in reality, this is almost impossible . Countless loopholes in the history of the ether have proved this , But most of the loopholes can only affect the assets in the contract or the execution of the contract , The authorization related vulnerabilities will endanger the security of all assets of all authorized persons , Now you know how much risk you're taking ？

Let's move on to the next sample code ：

https://github.com/bitpie-wallet/erc20-approve-issue-demo/blob/master/contracts/ExchangeDemoV2.sol

In this case , Contract developers have upgraded ExchangeDemo contract , Before upgrading claim The method could only draw on the contract token Balance of , However, the developer can modify it to transfer the user authorization token, That is, after the update , The user then performs the authorization operation , Developers can easily call claim Method to transfer the money from the user's wallet , It's that simple .

The sample code and the complete test case can be found in the above test case

https://github.com/bitpie-wallet/erc20-approve-issue-demo/blob/master/test/ExchangeDemo.test.js

See above , Interested students can try .

adopt ExchangeDemo V1 and V2 We can see from the examples of two versions of smart contract , Because of abuse of authority , Even if the user has no or only transferred a small amount of assets into the contract , If the contract has a loophole related to authorized transfer , Then the assets in the wallet of all authorized users will be at risk . Even if there are no loopholes , Contract developers also have the right to take all the assets in the authorized user's wallet after updating the code .

Here we can go further and talk about , A contract asking you for unlimited Authorization , The purpose is obviously to easily manipulate your assets , Of course, the function of the contract itself will also be related to the manipulation of your assets , Whether it's a deal 、 To loan 、 Financial management and so on , Manipulate assets .

therefore , The contract itself will at least have relevant interfaces for currency transfer , Of course, this currency transfer operation is functional , For example, for the purpose of mortgage, deposit 5 ten thousand USDT, Or deposit... At the contract address for the purpose of exchange 1 thousand USDT, Okay , The problem now is , Since the contract itself has such an interface , contract Owner It's possible （ Here we need to see how the contract code is written ） Using the same call without your permission allows you to deposit more assets into the contract , in other words , Even if the code is not upgraded or there are no related vulnerabilities , This possibility also exists , Especially the kind of contract that can pay for you , It indicates that even the initiation and approval of the call may be initiated by the contract Owner To be responsible for the .

in other words , If a smart contract can have a way to transfer your 1000 yuan to the contract address after you authorize it , Naturally, it can be transferred into 10000 in the same way 、 One hundred thousand 、 One million , After transferring to the contract address or other relevant address , contract Owner In fact, they have the ability to take away these assets .

Here we want to explain , image 0x This kind of contract has made some precautions at this point , They verify the user's signature when calling the interface , That is, at least it can ensure that the calling operation is initiated by the user . But this actually depends on the writing method of contract code , The user's signature can be verified in the contract code , You can also verify the contract Owner The signature of the , Of course, nothing can be verified , The contract method can also be called by the user or by the contract Owner call , Different ways of writing will give control of the money in your wallet to different characters , Doesn't that sound scary ？

It's estimated that someone will say , If smart contracts Owner Don't do evil , Don't you have this problem ？

Here we want to make a point :

The first thing to do with decentralization is not to need the trust of a third party , If a decentralization project requires you to trust the contract Owner, What is the meaning of decentralization ？

in addition , more importantly , You thought the contract Owner The impact on your assets is limited to your participation in the smart contract , For example, you transfer to... For trading dex、 Money transferred to decentralized lending contracts for financial management , You think the contract Owner It can only affect the part of assets you save , You should understand now , contract Owner It can affect more than this part , He can also affect the remaining assets in your wallet , Whether your wallet is hot or cold , No problem , Can be mine .

And then say , Even if we assume that the contract Owner Is a morally perfect person , But as smart contracts become more complex , As we all know, the risk of vulnerabilities is getting higher and higher , In the previous understanding , Most people may think that if there is a loophole , The main asset risk is still in the contract , At most, the attacker takes away all the money you have in the contract . But the examples in this article tell you the truth , If the contract vulnerability happens to be related to authorized transfer , Then the risk spreads , All addresses that have been authorized for the contract will be wiped out , As long as the attacker scans, there are those addresses that have been authorized , Then transfer all the coins on these addresses one by one .

what's more , This also gives the developers of smart contracts how to keep them safely Owner key Put forward higher requirements , If one day your Owner key lost , That's not just the money in the contract , The end is all the assets in the wallet of all authorized users , Who can bear this ？

See here , Do you understand why the title of this article is “ The etheric fang DeFi The biggest potential safety hazard of ecology at present ” Is that right ？

04

The abuse of authorization in Ethereum ecology has reached a very serious level , We can even say almost all DeFi Contracts are asking for unlimited authorization without restraint , under these circumstances , Experiment with all kinds of... For the purpose of mice DeFi The behavior of the project itself is understandable , But if I tell you , The risk is all your assets , Not just to participate DeFi That little coin , How should you feel ？

There was a little voice about the authorization abuse of Ethereum ecology in the blockchain industry before , But it's not enough , Whether it's developers 、 practitioners 、 Users and other groups ,99.9% People know nothing about it , The abuse of authorization is almost all , It's time to change that .

Here we list some abuses of authorization （ Infinite ） Project case ：

Compound

Uniswap

Kyber

Maker

0x

Balancer

dYdX

EtherDelta

IDEX

imToken Tokenlon

The first few in the above list Compound、Uniswap、Kyber It is the present DeFi The hottest Star project in the world , However, these projects without exception choose to allow users unlimited authorization to obtain full control of users' assets , In other words, any user who has used the above items , The money in your wallet may face the risks mentioned in this article at any time , This is actually a pity .

We screened some unlimited authorized addresses , Found that most of the addresses still have assets , Many of these addresses have millions or even billions of assets , And the owners of these addresses , In fact, he has handed over the control of assets to others without his knowledge .

The above contracts should adjust their own authorization code , Change it to authorize on demand , for instance , You just need to exchange 1000 USDT, Then only authorize 1000 USDT, The additional authorization required is ultra vires .

Users using these contracts should also change their DeFi Contract use behavior , Should not participate in DeFi Put your money at another address that won't be authorized to any application , To protect their assets .

Due to the rapid development and evolution of etheric Ecology , We specially designed the ether security center in bitpie , When you switch to the etheric system, you can see , In the Ethernet security center, we have developed the contract authorization detection function , In addition to seeing if there is any abuse of authorization in your address in bitpie , You can also look at the current authorization of any external address . For abused Authorization , You can also perform authorized recycling operations .

About the contract detection function of bitpie , We'll write an explanatory article to guide you how to use , Is your address secure now ？ Just check it out .

Speaking of widespread abuse of Authorization , How is bitpie made here ？

Take the batch transfer function, which is very commonly used in the mission wallet, as an example , Our approach is limited authorization , in other words , If you need to 100 individual USDT go to 50 On an address , Bitpie only authorizes 100 individual USDT, No additional authorization will be generated .

Again for instance , Bitpie's agent USDT Miner fee function , We didn't use the contract authorization at all , Even if it's clearly using authorization, it's easier to implement , We didn't do that , In fact, it is because of this truth , The project side should put the rights and interests of users in the first place , Any behavior that increases the risk of users should be resisted .

05

Considering the safety under this dark cloud , Ordinary users participate in DeFi What precautions should be taken ？

1、 Regularly use the authorized scanning function provided in wallets like bitpie , Let's see which contracts have been authorized by you （ Unlimited Authorization ）;

2、 Use multiple Ethereum addresses , Put the deposit address and participation DeFi Separate addresses , Use only for DeFi Put the active money in DeFi In the address , So even if the dark clouds are on top , The money in the deposit address is still safe ;

3、 Reclaim the authorization of some applications , Reduce risk , At least you should know which apps can directly transfer money from your wallet without your permission ;

4、 Call on the project party not to abuse the authorization , On demand Authorization , To reduce the security risk of users .