Skip to main content

Bridge Security

Since we're following the principle of "security by obscurity," we will not discuss the source code of the bridge contract. Instead, we will discuss potential smart contract vulnerabilities and strategies for their mitigation. Since the bridge contract is a subset of smart contracts, it could be related to some of the items described below.

Potential Smart Contract Vulnerabilities

  1. Unsafe operations
  2. Reentrancy vulnerabilities
  3. Access control failures
  4. Business logic errors
  5. Oracle manipulation

Smart Contract Coding Best Practices

  1. Write readable code: Write code that other developers can easily read and understand. Use meaningful variable names, comments, and whitespace to make the code more readable.
  2. Write modular code: Break down complex code into smaller, reusable modules. It makes the code more manageable and easier to maintain.
  3. Write automated tests: Write automated tests with edge-case inputs to ensure the code works as intended and to catch bugs early in the development cycle.
  4. Handle errors gracefully: Write code that can handle errors and exceptions gracefully. It helps prevent crashes and makes the code more robust.
  5. Optimize performance: Write efficient code that uses resources effectively. It includes using algorithms with the lowest possible time and space complexity, preferably O(1) in web3.
  6. Document the code: Document the code by providing clear explanations of what it does, how it works, and how to use it.
  7. Follow security standards: After numerous attacks, known patterns prevent them, so learn about them and apply them to the relevant pieces of code.
  8. Continuous learning: Stay up-to-date with the latest smart contract languages and best practices. Attend conferences, read books, and participate in online communities to continuously improve your coding skills.

Unsafe operations

Some examples of unsafe operations

  • Unprivileged access to sensitive functionality
  • Unverified user input
  • Reference to nonexistent storage records
  • Long loops causing DoS
  • Contradictory modifiers causing DoS
  • Delegate calls of nonexistent functions of other contracts

How to turn the unsafe operation into safe:

  • Best coding practices implementation
  • Code reviews
  • Security audits
  • Extensive testing with edge case inputs
  • Converting O(n) -> O(1)
  • Programming to interface

Reentrancy attack example scenario

  1. A smart contract has a function that allows users to withdraw funds from their accounts.
  2. The function reduces the user's balance and transfers the funds to their address.
  3. An attacker calls the withdraw function and triggers a fallback function on a separate contract.
  4. The fallback function calls the withdraw function again before the previous invocation has been completed.
  5. The function reduces the balance again and transfers funds to the attacker's address, allowing the attacker to drain the contract's funds.

How to mitigate reentrancy attacks

  1. Use the "check-effects-interactions" pattern: This means performing all state changes before interacting with other contracts to prevent reentrancy attacks.
  2. Use the "withdrawal pattern": This means allowing users to withdraw their funds in a separate function from the main contract to prevent reentrancy attacks.
  3. Limit gas usage: Limit the amount of gas a function can consume to prevent attackers from executing the function multiple times before the previous invocation completes.
  4. Use modifiers: Use modifiers to restrict access to functions and prevent unauthorized calls, to prevent reentrancy attacks.
  5. Use external calls carefully: Limit external calls and use them only when necessary to reduce the risk of reentrancy attacks.
  6. Use Reentrancy guards - flags preventing a function call until the storage is updated.

Potential access control failures

Access control failure in smart contracts occurs when an unauthorized user gains access to restricted functionalities or sensitive data. It can happen due to coding errors or vulnerabilities that allow attackers to bypass access controls and perform actions they are not authorized to do. Access control failures in smart contracts can lead to various security risks, including theft of funds, data breaches, and unauthorized changes to the contract's state.

Access control failure mitigation

  1. Implement an access control mechanism that verifies users' permissions before allowing them to execute restricted functions or access sensitive data. It can be achieved using role-based access control (RBAC) and whitelisting.
  2. Avoid hardcoding addresses and permissions into the smart contract code. Instead, use variables that can be set during deployment or runtime to grant access to specific users or groups. What if the hardcoded address is compromised?
  3. Follow safe coding practices and use security libraries to prevent common access control vulnerabilities such as incorrect function modifiers, integer overflows, and unprotected external function calls.
  4. Conduct code reviews and security audits to identify and fix access control vulnerabilities in the smart contract code.
  5. Test smart contracts thoroughly in the testnet using manual and automated testing techniques to identify and fix access control vulnerabilities before mainnet deployment.
  6. Monitor contract activity for suspicious or unauthorized access attempts and take immediate action to prevent security breaches.

Potential Business Logic Errors

  • Reentrancy
  • Integer overflow/underflow
  • Time-dependent logic
  • Incorrect formulas
  • Broken logic
  • Insufficient input validation
  • Unanticipated edge cases

Possible Solutions:

  • Best coding practices implementation
  • Using secure libraries
  • Code reviews
  • Security audits
  • Extensive testing with edge case inputs
  • Inline documentation
  • Separation of concerns

Potential Oracle Manipulation

Smart contracts are automated pieces of logic running on a blockchain and unable to collect information directly from external sources. To solve this problem, they use oracles.

Oracles are trusted third-party services that provide data to smart contracts on the blockchain.

Oracle manipulation occurs when an attacker manipulates the data provided by the oracle to gain an advantage in the blockchain network.

Oracle Manipulation Mitigation

  • Using multiple oracles can help mitigate the risk of oracle manipulation. By comparing the data they provide, the blockchain can ensure that it is accurate and trustworthy.
  • Reputation-based systems can be used to assess the reliability and trustworthiness of oracles. Oracles with good reputations can be prioritized for providing data to the blockchain.
  • Hardware-based secure enclaves can be used to ensure that the Oracle data is not tampered with. A secure enclave is a secure, isolated environment protected from outside tampering. The Oracle data can be securely transmitted to the blockchain using hardware-based secure enclaves without tampering.
  • The blockchain can implement data validation checks to ensure that the data provided by the oracle is correct. Data validation checks can include signature verification, integrity, and cryptographic checks.
  • Decentralized oracles can be used to eliminate the need for a single point of failure. They rely on multiple nodes to provide data to the blockchain, making it difficult for attackers to manipulate it.