GUSD smart contract allows for theft of antispam payments
#1
Information 
Quote:
[Image: gemini-front-running-featured.jpg]

Exploring front-running to capture the Gemini dollar’s antispam stake.

The Winklevoss twins are best known as the alleged founding fathers of Facebook — and even received $65 million in compensation from Mark Zuckerberg in 2008. In 2013 they invested heavily in Bitcoin, buying about 1% of all existing coins at $120 apiece.

Soon after, the brothers opened the Gemini cryptocurrency exchange, and in 2018 they launched the stablecoin Gemini dollar (GUSD). A stablecoin is a fixed-rate cryptocurrency — 1 GUSD token always costs 1 US dollar. Stablecoins are handy for “digitizing” real dollars. They make moving blockchain dollars between exchanges quick and easy. The guarantor of the reverse conversion to dollars is the company that issued and sold them to you.

Under the Kaspersky Smart Contract Source Code Review service, we analyzed a smart contract that provides GUSD functionality, and we detected a flaw.

Disclaimer
Quote:Note that the given smart contract had already been reviewed, although we do not know if any code flaws were described in the report.

In line with our Responsible Disclosure Policy, we contacted Gemini’s security team to report the problem. They informed us the issue was considered during the design phase but presented no risk to GUSD.

For a simple explanation of how smart contracts work, see our post on smart contracts, Ethereum, and ICOs.

Gemini dollar smart contracts

Generally speaking, when someone wants to create new tokens based on the Ethereum blockchain, they write a smart contract (a miniprogram) that specifies the following:

1. Data (“this many tokens are at such-and-such address),

2. Methods (“please transfer my tokens to such-and-such address,” plus a few others).

The creators of the Gemini dollar system implemented the following enhancements as well:

1. They separated the contract into three components: Proxy (the permanent interface with which token holders can interact and perform operations), store (the mapping of token holders to their balances), and Impl (the underlying logic);

2. The component describing the logic can be updated and supplemented with new features such as the ability to freeze funds. Meanwhile, the data and interface remained unchanged; the update is transparent to everyone;

3. For updating and control, a separate, “Custodian” smart contract is used that is managed by several people (custodians) for additional protection. If one custodian proposes an action, the others must confirm before the action can take place.

The enhancements are sound and increase overall security and flexibility.

Antispam payments

If someone other than the primary custodian enters a proposal in a custodian contract, they must pay a 1 ETH stake (about $200 at the current exchange rate). As noted in the comments to the contract itself, this antispam measure aims to dissuade participants from creating too many requests.

The antispam payments ultimately go to one person: the one who announces the approval of a particular proposal/request. This implementation may not look terrifically fair, but the comments clearly indicate that its creators conceived it that way.

} else {
if (address(this).balance > 0) {
// reward sender with anti-spam payments
// ignore send success (assign to ʹsuccessʹ but this will be overwritten)
success = msg.sender.send(address(this).balance);


For our part, we recommend using the Solidity Withdrawal Pattern approach.

Front-running attackers can steal all antispam payments

The person who determines the approval of the request thus also receives all ETH antispam payments. To do so, he or she calls the smart contract function completeUnlock and passes the signatures of two custodians in the parameters.

The problem is that Ethereum, like any other blockchain, executes requests on a delay. A client transaction (transferring money or calling a function) waits in line for some time (usually 15 seconds or longer). During this time, absolutely anyone can view the planned transfers of other Ethereum users, including amounts, recipients, and parameters. And the peeper can use this information to create their own transaction and push it to the front by paying a higher commission to the miner.

Any advantage gained through peeping is considered front-running, a form of attack (Known Attacks: Front-Running).
Quote:From investopedia.com:

Front-running is when a broker or other entity enters into a trade because they have foreknowledge of a big nonpublicized transaction that will influence the price of the asset, resulting in a likely financial gain for the broker. It also occurs when a broker or analyst buys or sells shares for their account ahead of their firm’s buy or sell recommendation to clients.

In our case, a complete outsider can set up a robot to monitor the custodian contract. If it sees that someone called the completeUnlock function (that is, a custodian is interacting with Gemini dollar), it immediately copies all of the parameters and calls the function to extract the Ether that has accumulated there.

To counter such an attack, we again recommend using the popular Solidity Withdrawal Pattern approach.

On top of that, we recommend blocking unknowns from calling a function intended for custodians.
...
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56
GFYI [Official] IObit Christmas 2024 Bl...
Merry Christmas and ...damien76 — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>