Blockchain Developers Meetup 0x06 – Jump Oriented Programming in Ethereum Smart Contract

Blockchain Developers Meetup - 0x06 Jump Oriented Programming in Ethereum Smart Contract

Hey you, fellow blockchain developer. If you’ve missed out our 0x06 monthly meetup which happened last week (22.01.2019) – here is some interesting stuff for you to catch up.

Blockchain Developers Meetup 0x06 - Jump Oriented Programming in Ethereum Smart Contract 1
Blockchain Developers Meetup 0x06 – Jump Oriented Programming in Ethereum Smart Contract

What happened recently

As always we discussed what interesting happened from developers perspective during the month. We got out focus on the last minute postponed Constantinople Ethereum fork.

Constantinople Ethereum fork postponed

As it turns out Chain Security, a company focused on research and security of smart contracts, found a vulnerability that might result to bigger issues and re-enabling re-entrancy attacks on some smart contracts after the fork.

Blockchain Developers Meetup 0x06 - Jump Oriented Programming in Ethereum Smart Contract 2
fork

Summarizing this – EIP1283 which is introducing cheaper gas costs for SSTORE operations may result in reentrancy vulnerability for some smart contracts.

Contracts that increase their probability to being vulnerable are contracts that utilize a transfer() or send() function followed by a state-changing operation. An example of such a contract would be one where two parties jointly receive funds, decide on how to split said funds, and initiate a payout of those funds.

And the brief explanation: The issue is that when a CALL is made to transfer funds, even if the caller hasn’t specified additional gas, will spend 2300 gas. Solidity’s .transfer() function does this and provides no option for the user to override that.

And this has not been an issue previously, because even though with 2300 gas the caller could make a CALL from the callee,but there was no way to change a storage entry when SSTORE costs 5000 gas.

But now after Constantinople and the EIP-1283 the cheapest SSTORE operation is 200 gas, which opens up a non-zero possibility of re-entrancy attacks on some smart contracts.

Jump Oriented Programming in Ethereum

Blockchain Developers Meetup 0x06 - Jump Oriented Programming in Ethereum Smart Contract 3
Exploiting Acoraida Monica game

As the title suggests it – the whole topic that we went through is quite catchy. We initially saw this thing called Jump Oriented Programming in Ethereum last month, is quite well explained in a couple of great videos by LiveOverflow in his YouTube channel. So we got in touch with him and Milen Radkov presented this at the meetup.

We saw how we can make a Solidity smart contract misbehave, making it acting different, hiding what exactly is it doing.

The whole thing is based on carefully selected function names, and specifically chosen address in order for the execution to succeed (in this case making it possible to withdraw and drain the whole contract).

Resources

Useful links


Also published on Medium.

About the author

Founder & CEO

Milen Radkov has experience building and delivering successful complex software systems and projects for both big enterprises and small startups. Being actively developing across different blockchain protocols, platforms and projects for the past 5 years, he has gained extensive experience in blockchain development, architectures, consensus algorithms and token economics. Milen is a well-known figure in the blockchain space.

Let's build the decentralized future together!

Subscribe for updates from the blog

3 comments

  1. Wonderful post however I was wondering if you could write a litte more on this topic?
    I’d be very grateful if you could elaborate a little bit further.

    Appreciate it!

    1. Hey, yusheng,
      I’m glad you are interested in this, maybe I can dedicate some time for a more in-depth tutorial on this soon.
      You can subscribe to our newsletter to receive news and posts from us and stay tuned!

      Best,
      M

  2. I am extremely inspired along with your writing skills and also with the structure on your
    blog. Is that this a paid theme or did you modify it
    yourself? Either way keep up the nice high quality writing, it is rare to look a great
    weblog like this one these days..

Leave a Reply

Your email address will not be published. Required fields are marked *