In this paper, a new replay attack based on Ethereum smart contracts is presented. In the token transfer, the risk of replay attack cannot be completely avoided when the sender's signatures are abused, which can bring the loss to users. And the reason is that the applying scope of the signatures is not properly designed in the smart contracts. To test and verify this loophole, we selected two similar smart contracts for our experiment, at the same time, we used our own accounts in these two contracts to carry out the experiment. Because the same signatures of the two contracts were used in the experiment, we got a double income from sender successfully.

The experiment verified that the replay attack is really exist. Besides, the replay attack may exist in multiple smart contracts. We calculated the number of smart contracts with this loophole, as well as the corresponding transaction activities, which find some Ethereum smart contracts are risked for this loophole. According to the vulnerability of the contract signature, the risk level is calibrated and depicted. Furthermore, the replay attack pattern is extended to within contract, cross contract and cross chain, which provide the pertinence and well reference for protection. Finally, the countermeasures are proposed to fix this vulnerability.

Speakers:

  • Zhenxuan Bai Freelance Security Researcher
  • Yuwei Zheng Senior Security Researcher, Unicorn Team, 360 Technology
  • Senhua Wang Freelance Security Researcher
  • Kunzhe Chai Leader of Pegasus Team at 360 Radio Security Research Department, 360 Technology

Zhenxuan Bai
Zhenxuan Bai is a freelance Security Researcher interests in smart contract and blockchain, consultant of UnicornTeam. He is a co-researcher of the decryption blackberry project, which manage to decrypt Blackberry BBM, PIN message and BIS secure mail without keys.

Yuwei Zheng
Yuwei Zheng is a senior security researcher at Radio Security Department of 360 Technology, core member of UnicornTeam. He cracked the protocols of Blackberry BBM, PIN message, BIS secure mail, and successfully decrypted the messages without keys. He is currently focusing on the security research of cellular network, IoT system, and mobile baseband. He had presented his research works at top level security conferences like BlackHat, DEF CON, HITB etc.

Senhua Wang
Senhua Wang is a freelance Security Researcher interested in smart contract and blockchain, consultant of UnicornTeam

Kunzhe Chai
Leader of PegasusTeam at 360 Radio Security Research Department in 360 Technology. He focuses on wireless security, including attack-defense research. He is the person in charge of the attack and defense technology of Skyscan Wireless Intrusion and Prevention System, One of the authors of the well-known wireless security tool MDK4. He leads his team to share the research results at HITB, HITCON, Blackhat, China ISC etc.

twitter@swe3per

Detailed Presentation:

(Source: DEF CON 26)

 
 

8669803288?profile=original
E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform