Jekyll2018-07-31T12:44:14+00:00/Officina0Consulting
Developing
Training
and Research
on disruptive technologies Preventing malicious hack in solidity proxy pattern2018-07-26T08:49:41+00:002018-07-26T08:49:41+00:00/solidity/2018/07/26/preventing-malicious-hack-in%20-solidity-proxy-pattern<p>Simple article demonstrating how prevent proxy hacks as described by <a href="https://medium.com/nomic-labs-blog/malicious-backdoors-in-ethereum-proxies-62629adf3357">Patricio Palladino</a></p>
<p>In the interesting posts above we can learn how to hack a proxed contract and I would like to suggest a different approach to upgradable contract in solidity.</p>
<p>We start anlyzing what proxy pattern do: reverting calling from itself to the proxed object.</p>
<p>But if we know that in our solidity code code we can refer to a contract in a simple way by getting the address, like this <code class="highlighter-rouge">contract(0xAdddress)</code>.</p>
<p>So my idea is to have a referenced address instead of a proxyfied contract.</p>
<p>We start with a basic contract and we call it <code class="highlighter-rouge">ReferencedContract</code></p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">pragma</span> <span class="n">solidity</span> <span class="mf">0.4</span><span class="o">.</span><span class="mi">24</span><span class="p">;</span>
<span class="n">contract</span> <span class="no">ReferencedContract</span> <span class="p">{</span>
<span class="n">int</span> <span class="kp">private</span> <span class="n">amount</span><span class="p">;</span>
<span class="n">function</span> <span class="n">increase</span><span class="p">(</span><span class="n">int</span> <span class="n">inc</span><span class="p">)</span> <span class="kp">public</span> <span class="p">{</span>
<span class="n">amount</span> <span class="o">+=</span> <span class="n">inc</span><span class="p">;</span>
<span class="p">}</span>
<span class="n">function</span> <span class="n">getAmmo</span><span class="p">()</span> <span class="kp">public</span> <span class="n">constant</span> <span class="n">returns</span><span class="p">(</span><span class="n">int</span><span class="p">)</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">amount</span><span class="p">;</span>
<span class="p">}</span>
<span class="p">}</span></code></pre></figure>
<p>And we need two other actor, a <code class="highlighter-rouge">ReferencingContract</code> that will be the contract that refer to our updatable contract and a <code class="highlighter-rouge">UsingReferencig</code> contract that will work on our <code class="highlighter-rouge">ReferencedContract</code> by calling <code class="highlighter-rouge">ReferencingContract</code></p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">contract</span> <span class="no">ReferencingContract</span><span class="p">{</span>
<span class="n">address</span> <span class="n">referenced</span><span class="p">;</span>
<span class="n">function</span> <span class="n">getRef</span><span class="p">()</span> <span class="kp">public</span> <span class="n">view</span> <span class="n">returns</span><span class="p">(</span><span class="n">address</span><span class="p">){</span>
<span class="k">return</span> <span class="n">referenced</span><span class="p">;</span>
<span class="p">}</span>
<span class="n">function</span> <span class="n">changeRef</span><span class="p">(</span><span class="n">address</span> <span class="n">newRef</span><span class="p">)</span> <span class="kp">public</span><span class="p">{</span>
<span class="n">referenced</span> <span class="o">=</span> <span class="n">newRef</span><span class="p">;</span>
<span class="p">}</span></code></pre></figure>
<p>We see how we can refer to a contract, by method <code class="highlighter-rouge">getRef</code> we get the address of referenced contract and by <code class="highlighter-rouge">changeRef</code> we change the address in case of update;</p>
<p>In <a href="https://github.com/officina0/avoid-proxy-hacks">working example</a> we saw a little bit ensecured <code class="highlighter-rouge">changeRef</code>, allowing only the owner of the contract calling th method.</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">contract</span> <span class="no">UsingReferenceContract</span> <span class="p">{</span>
<span class="no">ReferencingContract</span> <span class="n">referencing</span><span class="p">;</span>
<span class="n">constructor</span> <span class="p">(</span><span class="n">address</span> <span class="n">ref</span><span class="p">)</span> <span class="p">{</span>
<span class="n">referencing</span> <span class="o">=</span> <span class="no">ReferencingContract</span><span class="p">(</span><span class="n">ref</span><span class="p">);</span>
<span class="p">}</span>
<span class="n">function</span> <span class="n">increaseOnReferenced</span><span class="p">(</span><span class="n">int</span> <span class="n">amount</span><span class="p">)</span> <span class="kp">public</span> <span class="p">{</span>
<span class="n">address</span> <span class="n">ret</span> <span class="o">=</span> <span class="n">referencing</span><span class="p">.</span><span class="nf">getRef</span><span class="p">();</span>
<span class="no">ReferencedContract</span> <span class="n">referenced</span> <span class="o">=</span> <span class="no">ReferencedContract</span><span class="p">(</span><span class="n">ret</span><span class="p">);</span>
<span class="n">referenced</span><span class="p">.</span><span class="nf">increase</span><span class="p">(</span><span class="n">amount</span><span class="p">);</span>
<span class="p">}</span></code></pre></figure>
<p>And in the end we use our contract by <code class="highlighter-rouge">UsingReferenceContract</code>.
We define a constructor where we pass our <code class="highlighter-rouge">ReferencingContract</code> and every time we want to use our <code class="highlighter-rouge">ReferencedContract</code>
we refer to it by the address given in the reference.</p>
<p>Not so difficult, isnt’t so?</p>
<p>In my <a href="https://github.com/officina0/avoid-proxy-hacks">github</a> you can find simple example with two test testing using referenced contract, updating his reference and check value in old and in new contract</p>
<p>Thank you for time spent on article,</p>
<p>Christian</p>Simple article demonstrating how prevent proxy hacks as described by Patricio PalladinoAccess external data with solidity2018-07-17T08:49:41+00:002018-07-17T08:49:41+00:00/solidity/2018/07/17/accessing-external-data-with-solidity<p>Simple article demonstrating how access external data in a Oraclize style with a homemade implementation.</p>
<p><strong>Attention:</strong> the contracts in example doesn’t implement any kind of security, so before using it in production environment it should be reviewed with security constraints.</p>
<p>In this article I want to demonstrate how to handling external data with solidity.</p>
<p>Ethereum contracts cannot communicate directly with the outside world, so they rely on an external entity that push something in it (Oracle pattern).</p>
<p>One of the most used service that do it is using OraclizeAPI, a solid, well architetcured implementation of Oracle pattern.
But if we have some reason not to use it ( eg: we don’t want send our data to external entities ) we can rely on ethereum ability to emit event.
Event in Ethereum are just a sort of publish pattern and we have to write the subscribe part for that.
So we can easily deploy a sample contract that will be implemented in all our contracts that will be listenable by some entity:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">contract</span> <span class="no">CallableBack</span> <span class="p">{</span>
<span class="no">ListenableContract</span> <span class="n">listenable</span><span class="p">;</span>
<span class="n">function</span> <span class="n">_callBack</span><span class="p">(</span><span class="n">string</span> <span class="n">message</span><span class="p">)</span> <span class="kp">public</span> <span class="p">{}</span>
<span class="n">constructor</span><span class="p">(</span><span class="no">ListenableContract</span> <span class="n">listenableContract</span><span class="p">)</span> <span class="p">{</span>
<span class="n">listenable</span> <span class="o">=</span> <span class="n">listenableContract</span><span class="p">;</span>
<span class="p">}</span>
<span class="p">}</span></code></pre></figure>
<p>We define the contract <code class="highlighter-rouge">CallableBack</code> with just a <code class="highlighter-rouge">_callback</code> function that will be called by <code class="highlighter-rouge">ListenableContract</code> defined in costructor.
Before proceding is useful to see also the implementation of <code class="highlighter-rouge">ListenableContract</code> :</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">contract</span> <span class="no">ListenableContract</span> <span class="p">{</span>
<span class="n">event</span> <span class="no">ListenEvent</span><span class="p">(</span><span class="n">string</span> <span class="n">message</span><span class="p">,</span><span class="no">CallableBack</span> <span class="n">emitter</span><span class="p">);</span>
<span class="n">function</span> <span class="n">engage</span><span class="p">(</span><span class="n">string</span> <span class="n">message</span><span class="p">)</span> <span class="kp">public</span> <span class="p">{</span>
<span class="n">emit</span> <span class="no">ListenEvent</span><span class="p">(</span><span class="n">message</span><span class="p">,</span><span class="no">CallableBack</span><span class="p">(</span><span class="n">msg</span><span class="p">.</span><span class="nf">sender</span><span class="p">));</span>
<span class="p">}</span>
<span class="n">function</span> <span class="n">callBack</span><span class="p">(</span><span class="no">CallableBack</span> <span class="n">callableBack</span><span class="p">,</span><span class="n">string</span> <span class="n">message</span><span class="p">)</span> <span class="kp">public</span> <span class="p">{</span>
<span class="n">callableBack</span><span class="p">.</span><span class="nf">_callBack</span><span class="p">(</span><span class="n">message</span><span class="p">);</span>
<span class="p">}</span></code></pre></figure>
<p>As we can see when <code class="highlighter-rouge">CallableBack</code> is deployed, the constructor has the reference on an alredy deployed <code class="highlighter-rouge">ListenableContract</code> instance.
The same contract can be both <code class="highlighter-rouge">CallableBack</code> both <code class="highlighter-rouge">ListenableContract</code> and the result is the same, but seaparating it in two differnt contracts we can use single listener for multiple contracts.</p>
<p>So for example we can have a demo contract like the following:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">contract</span> <span class="no">ListenableDemo</span> <span class="n">is</span> <span class="no">CallableBack</span><span class="p">{</span>
<span class="n">uint</span> <span class="n">callBackCalls</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span>
<span class="n">string</span><span class="p">[]</span> <span class="n">messages</span><span class="p">;</span>
<span class="n">constructor</span>
<span class="p">(</span>
<span class="no">ListenableContract</span> <span class="n">listenable</span>
<span class="p">)</span>
<span class="kp">public</span>
<span class="no">CallableBack</span><span class="p">(</span><span class="n">listenable</span><span class="p">)</span>
<span class="p">{</span>
<span class="p">}</span>
<span class="n">function</span> <span class="n">listened</span><span class="p">(</span><span class="n">string</span> <span class="n">message</span><span class="p">)</span> <span class="kp">public</span> <span class="n">returns</span><span class="p">(</span><span class="n">string</span><span class="p">){</span>
<span class="n">listenable</span><span class="p">.</span><span class="nf">engage</span><span class="p">(</span><span class="n">message</span><span class="p">);</span>
<span class="k">return</span> <span class="n">message</span><span class="p">;</span>
<span class="p">}</span>
<span class="n">function</span> <span class="n">_callBack</span><span class="p">(</span><span class="n">string</span> <span class="n">message</span><span class="p">)</span> <span class="kp">public</span> <span class="p">{</span>
<span class="n">callBackCalls</span> <span class="o">+=</span> <span class="mi">1</span><span class="p">;</span>
<span class="n">messages</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="n">message</span><span class="p">);</span>
<span class="p">}</span>
<span class="n">function</span> <span class="n">getCallBackCalls</span><span class="p">()</span> <span class="kp">public</span> <span class="n">view</span> <span class="n">returns</span> <span class="p">(</span><span class="n">uint</span> <span class="n">callbacks</span><span class="p">)</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">callBackCalls</span><span class="p">;</span>
<span class="p">}</span>
<span class="n">function</span> <span class="n">getLastMessage</span><span class="p">()</span> <span class="kp">public</span> <span class="n">view</span> <span class="n">returns</span><span class="p">(</span><span class="n">string</span> <span class="n">message</span><span class="p">)</span> <span class="p">{</span>
<span class="k">return</span> <span class="n">messages</span><span class="p">[</span><span class="n">messages</span><span class="p">.</span><span class="nf">length</span><span class="o">-</span><span class="mi">1</span><span class="p">];</span>
<span class="p">}</span>
<span class="p">}</span></code></pre></figure>
<p>As we can see there are two important methods:</p>
<ul>
<li><code class="highlighter-rouge">listened</code></li>
<li><code class="highlighter-rouge">_callBack</code></li>
<li>The first one is delgate to call <code class="highlighter-rouge">ListenableContract.engage</code> the method that trigger the
event <code class="highlighter-rouge">ListenEvent</code> that will be listened as we will see in some row.</li>
</ul>
<p>The second is <code class="highlighter-rouge">_callBack</code> and will be called by <code class="highlighter-rouge">ListenableContract</code>, through his <code class="highlighter-rouge">callback</code> method, hooked by listener entity when external data will be ready.</p>
<p>By now we saw the Solidity part, but we miss the last, important thing:
<strong>the listener</strong></p>
<p>I used web3js to write code example, but it can be done with every web3 client.</p>
<figure class="highlight"><pre><code class="language-javascript" data-lang="javascript">
<span class="c1">//I supposed doing some work and then call the callback on listenableContract</span>
<span class="nx">listenable</span><span class="p">.</span><span class="nx">callBack</span><span class="p">(</span><span class="nx">demo</span><span class="p">.</span><span class="nx">address</span><span class="p">,</span><span class="nx">originalMessage</span><span class="o">+</span><span class="s2">" after some works"</span><span class="p">).</span><span class="nx">then</span><span class="p">(()</span> <span class="o">=></span> <span class="p">{</span>
<span class="c1">//work complete</span>
<span class="p">});</span>
<span class="p">});</span></code></pre></figure>
<p>And is all, by this way we can easily handle event and external data on blockchain by ourside, without depending on external actor.</p>
<p>You can find complete example and working test on <a href="https://github.com/officina0/external-data-ethereum">github</a>.</p>
<p>Thank you for time spent on article,</p>
<p>Christian</p>Simple article demonstrating how access external data in a Oraclize style with a homemade implementation.