1 of 9

�Blockchain Security�Winter 2022��Session 14

Dr. Christian Seifert

cseifert@seattleu.edu

2 of 9

Outline for Today

  • CPSC 5011: Object-Oriented Concepts
  • Ethernaut Challenge Walk Through
    • Fallback
    • Fallout
    • CoinFlip
  • Security Incident Deep Dive
    • DFX Finance Attack
    • EDEN
  • Assignment 8 & 9

Page 2

3 of 9

Ethernaut Challenge - Fallback

  • CPSC 5011: Object-Oriented Concepts

Goal:

  • you claim ownership of the contract
  • you reduce its balance to 0

Solution:

  1. Invoke contribute with less than 0.001 eth, so your account has contributions
  2. Send any value to contract
  3. Call withdraw as you are now the owner

Page 3

4 of 9

Ethernaut Challenge - Fallout

  • CPSC 5011: Object-Oriented Concepts

Goal:

  • you claim ownership of the contract

Solution:

  1. Call Fal1out function!

Page 4

5 of 9

Ethernaut Challenge - Coinflip

  • CPSC 5011: Object-Oriented Concepts

Page 5

Goal:

  • This is a coin flipping game where you need to build up your winning streak by guessing the outcome of a coin flip. To complete this level you'll need to use your psychic abilities to guess the correct outcome 10 times in a row.

Solution:

  1. Time your flip calls, but hard you don’t know the blockhash
  2. Create contract that flips first, determines whether it’s the a winning combination and then call the real CoinFlip function

6 of 9

Security Incident Deep Dive – DFX Finance

Attacker Address: 0x14c19962e4a899f29b3dd9ff52ebfb5e4cb9a067 (DFX Finance Exploiter)

Analysis Document

What actions did the attacker perform in

  • Funding Stage
  • Preparation (from funding to exploit)
  • Exploitation – where were the funds stolen from
  • Money laundering

What did Forta detect in these 4 stages? (app.forta.network)

Would monitoring given the protocol enough time to mitigate the attack?

Was the protocol in a position to mitigate?

Page 6

7 of 9

Security Incident Deep Dive – EDEN

Attacker Address: 0x5c95123b1c8d9d8639197c81a829793b469a9f32

Analysis Document

Would monitoring given the protocol enough time to mitigate the attack? Was the protocol in a position to mitigate?

Page 7

8 of 9

Security Incident Deep Dive – WINTERMUTE

Attacker Address: 0xe74b28c2eAe8679e3cCc3a94d5d0dE83CCB84705 (Wintermute Exploiter)

Analysis Document

Would monitoring given the protocol enough time to mitigate the attack? Was the protocol in a position to mitigate?

Page 8

9 of 9

ASSIGNMENT

Assignment 8 (due 11/29/22)

DoubleEntryPoint – an on-chain detection challenge; this is different from how a Forta Bot would be created for Asssignment 9.

Assignment 9 (due 11/29/22)

Create and deploy a Forta Bot onto the Forta Network, that:

  • Identifies mixers in a generic way
  • Identifies whether an account has positive reputation (e.g. based on age, transaction count, protocols it interacted with)
  • Identifies the victim contract based on static analysis (when contract is deployed)
  • Identifies the victim contract based on where funds are coming from during exploit transaction
  • Or a bot you deem valuable; note, it cannot be a bot already deployed on the network

Ensure proper testing, documentation, and open source your bot

Page 9