1 of 25

RUST

Alternative Path To Web3 Hacking

2 of 25

Purpose

  • Show you an alternative way to get into Web3 hacking through Rust
  • Give you a small how to start guide
  • Convey a message that it is not that hard to get started and you do not need to know everything to start finding bugs

3 of 25

About me

  • Senior security engineer at Halborn.
  • Working primarily with Rust based chains.
  • Auditing NEAR and Substrate based projects (Polkadot/Kusama/OCT)
  • Love coding in Rust
  • Love teaching and sharing knowledge
  • Twitter: @timurguvenkaya @HalbornSecurity

4 of 25

Agenda

  • Why Rust For Web3 Hacking?
  • How to Start Learning Web3 Rust Security?
    • Learn Rust
    • Learn Chain Specific Development
    • Know Your Chain Agnostic Issues
    • Get To Know/Invent Chain Specific Issues
  • The key to learning a new language/chain?
    • Surveying
    • Benefits of Surveying
  • Resources

5 of 25

Why Rust For Web3 Hacking?

6 of 25

7 of 25

It is the right time!

  • The growth of Rust based chains is increasing
  • Web3 Rust security scene is less saturated than the Solidity one
    • More chances on the bug bounty scene.
    • Lack of people with Web3 Rust security knowledge makes you more valuable in the market.
    • More opportunities for research and discoveries.
  • Many companies are looking forward to hiring Web3 Rust Security Professionals

8 of 25

How To Start Learning Web3 Rust Security?

9 of 25

Learn Rust

  • First 10 chapters of the Rust book is enough. (Use Let’s Get Rusty YT channel for video version)
  • Build a small project. (Use Black Hat Rust book for inspiration)
  • Do not afraid to ask questions.
  • It is okay to struggle understanding ownership & borrowing.
  • It is okay to fight with a compiler, but remember it is your friend.
  • You do not need to know all to start building applications and understanding how other applications work.

10 of 25

Learn Chain Specific Development

  • Each chain is different.
  • Learn the basics of smart contract/chain development for the target
  • Again, you do not have to know everything to start auditing
  • Read a lot of code (do the surveying)

11 of 25

Know Your Chain Agnostic Issues - Rust Security

  • Integer Overflows
  • Casting Overflows
  • Stack Overflows
  • Incorrect Error Handling
  • Index Out Of Bounds
  • Crates With Known Vulnerabilities
  • OOM (Out Of Memory) Issues
  • Unsafe Rust Usage/Issues
    • Double Free
    • Use After Free
    • Memory Leak
    • Uninitialized Read
    • OOB (Out Of Bound Access)

12 of 25

Know Your Chain Agnostic Issues - Access Control

  • Access control issues exist in any chain
  • Always learn access control rules/patterns of a specific chain first
  • Low effort high reward

13 of 25

Substrate & NEAR Access Control Example

14 of 25

15 of 25

Know Your Chain Agnostic Issues - Logical Bugs

  • Any software has logical bugs
  • As long as you can read Rust and know the basics chain specific development of a chain, you can find them

16 of 25

CONGRATULATIONS !

  • You already know more about Rust Web3 security than the most people!
  • At this point you know the main Rust language security issues
  • You read about the access control rules/patterns of a target chain. Now you can spot the incorrect implementation
  • You can read and understand the code. Now you can find logical bugs.

17 of 25

Get To Know Your Chain Specific Issues

  • These are types of vulnerabilities that exist only in a certain chain
  • You are in a position to invent chain specific vulnerabilities

18 of 25

Substrate Chain Specific Vulnerability Example

19 of 25

Verify First, Write Last

  • State in Substrate is not Cached.
  • There are no “reverts” in errors by default.
  • Even if error has occurred, all state manipulations will persist

20 of 25

The Key To Learning New Language/Chain

21 of 25

Surveying

  • Skim through large volume of code every day.
  • Pick a project you like and go over their code from high level perspective
  • Pick a project class you are interested in and skim through many implementations of it
  • Dig deeper into the parts you are interested in
  • Do it every day (or at least 3 times a week)

22 of 25

Benefits of Surveying

  • Your eyes will get used to the Rust code and chain specific development. You will navigate over code faster.
  • You will see patterns that developers use and can spot something which does not look right
  • You will see new methods/syntax that you have not seen before, which will increase your overall knowledge

23 of 25

Resources

24 of 25

Thanks For Having Me!

25 of 25

Questions?