Hey I have a question about re-entrancy, I get the logic but how come the attacker manages to withdraw again before the balance is set to 0, taking into account transaction time and that both functions in A and B are on the next line
re-entrancy
Let's say we have 2 contracts. target contract which holds some ether belongs to the attacker contract. And now attacker contract wants to withdraw its money
Attacker contract has 2 functions: fallback and withdraw
// this gets triggered when ether is receive
fallback(){
A.withdraw()
}
attack(){
A.withdraw()
}
Let's say attacker contract calls attack function. This will call the withdraw inside target contract:
target contract:
withdraw(){
require balance>0
send ether
// before balance gets updated attacker's fallback triggers another withdraw
// send function will give the control to the attacker's contract
set balance of attacker =0
}
Now target contract will send the ether to attacker's contract. When it does, inside attacker's contract fallback function is triggered. fallback gets executed every time ether is received. I explained fallback functions in detail
Now attacker's contract is received ether and immediately calls withdraw inside target contract. So target contract's withdraw function is in a loop till target contract's balance reaches to 0
If a contract uses call, send or transfer which may cause
control flow to the attacker contract, because those functions delegate enough gas for the fallback function. Once the control is passed to the attacker's contract, the state of the target contract will incomplete. target contract lost the contrrol.
Prevent reentrancy attacks
Related
Objective: We are building a dual flow system on NEAR. The flow is something like:
Client -> Escrow Wallet -----true---> Beneficiary
Client -> Escrow Wallet -----false--> Client
I was just wondering if there is a standard procedure for this. Because hard-coding a wallet address to act as the escrow wallet does not sound very reasonable or safe. So please let me know, what might be a better way to do this.
You can implement your desired custodian/escrow behavior in a smart contract's logic. I'm not sure what you mean by hard-coding an account, but this escrow contract's logic would remain unchanged once you have deployed it to the network, as such, you can rely on it as much as you can rely on the network for your application's logic.
There are many ways.
One is creating an a wallet for the specific scrow service and then erasing it at the end of the transaction.
function one - Bob ask for an scrow service, the contract is deployed and tokens sent in same transaction
function two - Alice sent the other part, the contract send tokens from Bob to Alice and from Alice to Bob, closes the contract and send remaining funds to master contract
The Second and easier:
function one - send 5 N from Bob to the Smart contract address
function two - accept from Alice AND in the same function send the another part
Of course this needs more logic and information from your question, an a task maybe is something that couldn´t be sent in the blockchain, so it always will require honesty from one part.
I'm using CosmWasm and CW-Asset crates, and I want to check the smart contract Address balance for a specific cw20 token balance on the current smart contract address before transferring the tokens to another persons address. I have Deps/DepsMut, API and MessageInfo available to me in the executing message. How do I get the address of the currently running smart contract (without passing it in on the InstantiateMsg)? I have not yet seen a way to do this.
https://docs.rs/cw-asset/1.0.0/cw_asset/type.AssetInfo.html#method.query_balance
The answer is use Env.ContractInfo.CanonicalAddress
https://docs.rs/cosmwasm-std/0.9.2/cosmwasm_std/struct.Env.html
If you are running cosmwasm unit tests, you can use mock_env() and the default value is "cosmos2contract".
https://github.com/CosmWasm/cosmwasm/blob/6a447c7dc90f8dfcf8aac23f4b9daf496a877ea9/packages/std/src/mock.rs#L223
I am using web3 to perform ethereum transactions. I have been able to perform the transaction, but I want to notify the user if the transaction is successful and has been mined. How would i do this in node.js?
I have tried to find ways to use a webhook on the reciever ethereum wallet in order to notify the server if a transaction on the blockchain has been mined. After that i would be able to notify the user.
My last option is to create a multi threaded loop on my server that checks if the transaction hash has been mined.
I am unsure if I should provide any code, as I don’t know if it will help.
You can use the web3.eth.getTransactionReceipt method to get a receipt for a transaction, or wait for an event generated by a smart contract when your transaction is being executed.
However, you should take into mind that public Ethereum may have forks and you should wait 5-6 blocks to make sure that the transaction will not be dropped along with the "side" fork.
Currently I have setup ripple mainnet server and provide availability of XRP trading, If any user submits the transaction in his account from the external wallet, How I know which transaction performed?
Currently, I have used WebSocket socket and subscribe all account to the listener, So when any transaction comes in subscribed account then it will catch the transaction. But the issue is that when my xrp server is down or listeners missed any transaction then how we fetch incoming transaction later.
When you get your next transaction.
You check that account's PreviousTxnLgrSeq and see if that matches with the latest tx on your end. You can find that from the account_info API method.
Or you can query account_tx to see if the latest tx you got on your end matches with just previous tx. And if those don't match,... you've got the answer above in the account_tx method.
One downside to this practice is that you have to wait until someone deposits again to that particular account.
To avoid such circumstances, you can track every accounts' latest tx ledger sequence on your end. So if you've missed some ledgers you would know which accounts are lagging behind and check if those accounts have transactions that you've missed using account_tx method with the ledger_index_min set to the latest tx ledger sequence and ledger_index_max set to -1.
In other words this means check this account's transactions since i've last checked until the latest ledger... anyway I hope you get the idea. Godspeed! ;)
This is a question hitting my mind but can not come up with solution.
Suppose there is a IKE tunnel between two peers (peer_1,peer_2). Now there is an attacker who wants to break this tunnel. What the attacker is doing is that for every keep alive Informational Request from peer_1 to peer_2, he/she(attacker) replies back with INVALID_IKE_SPI notify payload and obviously this message would be in plain text. This results peer_1 believing the IKE_SA got some problem and after implementation specific retry the peer_1 closes the tunnel(Although rfc 7296 specifies that peer receiving such reply should not change its state but there should be an end of retrying keep alive to get rid of network flood). As a result the attacker wins.
Is there anything IKEv2 Protocol itself says to prevent this type of situation?
If anyone knows about this please reply me back or some solution will be also helpful.
Citing RFC 7296, section 2.4, paragraph 3:
Since IKE is designed to operate in spite of DoS attacks from the
network, an endpoint MUST NOT conclude that the other endpoint has
failed based on any routing information (e.g., ICMP messages) or IKE
messages that arrive without cryptographic protection (e.g., Notify
messages complaining about unknown SPIs). An endpoint MUST conclude
that the other endpoint has failed only when repeated attempts to
contact it have gone unanswered for a timeout period or when a
cryptographically protected INITIAL_CONTACT notification is received
on a different IKE SA to the same authenticated identity. An
endpoint should suspect that the other endpoint has failed based on
routing information and initiate a request to see whether the other
endpoint is alive. To check whether the other side is alive, IKE
specifies an empty INFORMATIONAL request that (like all IKE requests)
requires an acknowledgement (note that within the context of an IKE
SA, an "empty" message consists of an IKE header followed by an
Encrypted payload that contains no payloads). If a cryptographically
protected (fresh, i.e., not retransmitted) message has been received
from the other side recently, unprotected Notify messages MAY be
ignored. Implementations MUST limit the rate at which they take
actions based on unprotected messages.
I think that (for the sake of clarity) the relevant types of an attacker should be considered:
1/ An attacker able to drop arbitrary packets (i.e. an active MitM)
this one is able to perform DOS just by dropping packets and AFAIK there is nothing that can prevent him doing so. He does not need any sophistication to break the communication.
2/ An attacker unable to drop packets
this one can not prevent peer_2's legitimate responses (to peer_1's INFORMATIONAL requests) reaching peer_1.
thus peer_1 receives the response (before all retries timeout) and knows that peer_2 is alive.
3/ An attacker able to drop some packets
then it is a race and the outcome depends on the configuration of the peers and the percentage of packets the attacker is able to drop.
EDIT>
I would understand the questioned "case 2 attacker" scenario this way:
by receiving the attacker's unprotected INVALID_IKE_SPI notify (spoofed by the attacker from peer_2's address) peer_1 can (at most) only suspect that peer_2 has failed (as it MUST not conclude that the other endpoint has failed based on IKE massages without cryptographic protection)
it may decide (see note below) to issue a liveness check by sending an empty INFORMATIONAL request to peer_2 (which is cryptographically protected)
the "case 2 atacker" is unable to tamper with this request, so it should reach peer_2 (it might involve some implementation specific retransmits, as specified)
peer_2 (as it is alive) responds with an acknowledgement (which is cryptographically protected)
the "case 2 atacker" is unable to tamper with this response, so it should reach peer_1
upon receiving this response (which is a fresh, cryptographically protected message from peer_2), peer_1 knows that peer_2 is alive and keeps the SAs (as nothing has happened)
Note: The "Implementations MUST limit the rate at which they take actions based on unprotected messages" part means, that peer_1 should not perform this liveness check on every unprotected Notify message received and some implementation specific rate limiting mechanism must be in place (probably to prevent traffic amplification).
Desclaimer: I am no crypto expert, so please do validate my thoughts.