This document summarizes common vulnerabilities in smart contracts and best practices to avoid them. It discusses issues like reentrancy vulnerabilities, cross-contract call vulnerabilities, timestamp dependence, integer overflow, fund reversal, gas griefing and more. It provides examples of vulnerable code and explains how to fix them. The document recommends practices like separating trusted vs untrusted calls, following the checks-effects-interactions pattern for state changes, properly handling errors from send(), call.value() and external calls, and considering that all blockchain data is public.

1. PRINCIPAIS
VULNERABILIDADES DE
SMART CONTRACTS E
COMO EVITÁ-LAS
Júlio Campos

2. Quem sou
Servidor Público;
Programador;
Blockchain Coach.

3. Smart Contracts

4. Solidity
Orientada a objeto
Alto nível
Fortemente tipada
Influenciada por C++, Python e JavaScript
Gera binários para a EVM

5. Ataques Conhecidos

6. Reentrância de uma função
mapping (address => uint) private userBalances;
function withdrawBalance() public {
uint amountToWithdraw = userBalances[msg.sender];
require(msg.sender.call.value(amountToWithdraw)());
userBalances[msg.sender] = 0;
}

7. Reentrância de uma função
mapping (address => uint) private userBalances;
function withdrawBalance() public {
uint amountToWithdraw = userBalances[msg.sender];
userBalances[msg.sender] = 0;
require(msg.sender.call.value(amountToWithdraw)());
}

8. Reentrância de chamada cruzada
mapping (address => uint) private userBalances;
function transfer(address to, uint amount) {
if (userBalances[msg.sender] >= amount) {
userBalances[to] += amount;
userBalances[msg.sender] -= amount;
}
}
function withdrawBalance() public {
uint amountToWithdraw = userBalances[msg.sender];
require(msg.sender.call.value(amountToWithdraw)());
userBalances[msg.sender] = 0;
}

9. Reentrância de chamada cruzada
mapping (address => uint) private userBalances;
mapping (address => bool) private claimedBonus;
mapping (address => uint) private rewardsForA;
function withdrawReward(address recipient) public {
uint amountToWithdraw = rewardsForA[recipient];
rewardsForA[recipient] = 0;
require(recipient.call.value(amountToWithdraw)());
}
function getFirstWithdrawalBonus(address recipient) public {
require(!claimedBonus[recipient]);
rewardsForA[recipient] += 100;
withdrawReward(recipient); claimedBonus[recipient] = true;
}

10. Usando mutexs
mapping (address => uint) private balances;
bool private lockBalances;
function deposit() payable public returns (bool) {
require(!lockBalances);
lockBalances = true;
balances[msg.sender] += msg.value;
lockBalances = false;
return true;
}
function withdraw(uint amount) payable public returns (bool) {
require(!lockBalances && amount > 0 && balances[msg.sender] >= amount);
lockBalances = true;
if (msg.sender.call(amount)()) { // Normally insecure, but the mutex saves it
balances[msg.sender] -= amount;
}
lockBalances = false;
return true;
}

11. Dependência do timestamp
Você confia 100% na pessoa que está
minerando?

12. Pilhas de inteiros
mapping (address => uint256) public balanceOf;
// INSECURE
function transfer(address _to, uint256 _value) {
require(balanceOf[msg.sender] >= _value);
balanceOf[msg.sender] -= _value;
balanceOf[_to] += _value;
}
// SECURE
function transfer(address _to, uint256 _value) {
require(balanceOf[msg.sender] >= _value && balanceOf[_to] + _value >=
balanceOf[_to]);
balanceOf[msg.sender] -= _value;
balanceOf[_to] += _value;
}

13. Reversão de Fundos
contract Auction {
address currentLeader;
uint highestBid;
function bid() payable {
require(msg.value > highestBid);
require(currentLeader.send(highestBid));
currentLeader = msg.sender;
highestBid = msg.value;
}
}

14. Gas Griefing
contract Relayer {
mapping (bytes => bool) executed;
function relay(bytes _data) public {
require(executed[_data] == 0, "Duplicate call");
executed[_data] = true;
innerContract.call(bytes4(keccak256("execute(bytes)")), _data);
}
}

15. Boas Práticas

16. Chamadas Externas
// bad
Bank.withdraw(100); // Unclear whether trusted or untrusted
function makeWithdrawal(uint amount) { Bank.withdraw(amount);
}
// good
UntrustedBank.withdraw(100);
TrustedBank.withdraw(100); // external but trusted bank contract
maintained by XYZ Corp
function makeUntrustedWithdrawal(uint amount) {
UntrustedBank.withdraw(amount);
}

17. Mudanças de Estado
Checks-Effects-Interactions Pattern

18. Chamadas Externas
// bad
Bank.withdraw(100); // Unclear whether trusted or untrusted
function makeWithdrawal(uint amount) { Bank.withdraw(amount);
}
// good
UntrustedBank.withdraw(100);
TrustedBank.withdraw(100); // external but trusted bank contract
maintained by XYZ Corp
function makeUntrustedWithdrawal(uint amount) {
UntrustedBank.withdraw(amount);
}

19. send()transfer()call.value()()

20. Gerencie Erros
// bad
someAddress.send(55);
someAddress.call.value(55)();
someAddress.call.value(100)(bytes4(sha3("deposit()")));transaction will
NOT be reverted
// good
if(!someAddress.send(55)) {
// handle failure code
}
ExternalContract(someAddress).deposit.value(100);

21. A cadeia é pública

22. Obrigado!
oi@juliocampos.com.br
@jcserracampos