Introduction
This blog post presents the results of a security audit of a smart contract performed by Blaze Information Security, and made public on behalf of the client Jury.Online. This post contains the very same information and findings present in the report released at the end of March 2018.
The audit was performed by Victor Farias (project lead) and Julio Fort of Blaze Information Security.
Disclaimer: This document presents the findings of a security review of the smart contracts under the scope of the audit. As a time-boxed and best-effort exercise, it does not guarantee there are no other security issues in the smart contract. The results of this audit should not be read as investment advice.
Reporting
This document presents the results of a Smart Contract Security Review for Jury.Online. This engagement aimed to verify whether the smart contract only does what it is intended to do and to discover security vulnerabilities that could negatively affect the project before the contract gets deployed into the blockchain network.
Jury.Online aims to create a platform to facilitate deals between different parties. The platform puts itself in the middle of a deal and works as an escrow service; it mediates a given transaction and if all parties are satisfied with the outcome of the deal, the transaction is completed successfully. As an escrow service, it also mediates disputes between the parties of a deal.
Jury.Online provides interaction between judges, arbitrators, and parties of a deal for dispute resolution. It uses an Ethereum ERC20-based token and contracts were written in Solidity. Details about Jury.Online in the whitepaper.
The analysis focused on vulnerabilities related to implementation and on issues caused by architecture and design errors, as well as inconsistencies between the documentation and the code.
For each code pattern non-compliant with the Ethereum token standard or to the contract specification, deviation of best practices, and vulnerability discovered during the assessment, Blaze Information Security attributed a risk severity rating and, whenever possible, validated the existence of the vulnerability with a working exploit code.
The main objectives of the assessment were the following:
- Identify the main security-related issues present in the smart contract
- Assess the level of secure coding practices present in the project
- Obtain evidence for each vulnerability and, if possible, develop
a working exploit - To report, in a clear and easy-to-reproduce manner, all procedures used to replicate the issue
- Recommend mitigation factors and fixes for each defect identified in the analysis
- Provide context with a real risk scenario based on a realistic threat model
Executive summary
The engagement was performed in a total period of 6 business days, including report writing. The smart contract security review commenced part-time on 05/03/2018 and ended on 16/03/2018, finishing with the preliminary version of this report.
On 23/03/2018 all findings reported by Blaze Information Security were fixed accordingly by Jury.Online. The issues are no longer present in the code of the contracts and were fixed in the commit 3f5f707cfeec36e174702b46be0c8f6850e6a12b.
The audit was done with the assistance of automated tools as well as subjected to manual review. The generated EVM code was not inspected in this assessment.
There was only one minor issue discovered in the contracts audited in this engagement. This issue was believed to not bring an immediate risk to the contracts but should be taken as advice to improve its security and make it future-proof.
The review of the contracts under scope did not reveal vulnerabilities that could lead to the loss of tokens, the bias of jurors, or problems that had the potential to cause a significant impact on the intended operations of Jury.Online.
Jury.Online had defensive security coding patterns and followed many recommended Solidity programming good practices. Overall the code quality was considered very good, as it was clear, well-commented, and easy to understand.
Scope
The scope of this security review is comprised of smart contracts written in Solidity.
- Project name: juryonline
- Commit: 986aca6ca9c666a34632e4e0ed10d2c78d1fa245
Filename / Lines of code:
- ERC20Token.sol / 237
- JuryOnlineExchanger.sol / 28
- JuryOnlineICOContract.sol / 204
- JuryOnlineInvestContract.sol / 226
- Migrations.sol / 23
- Pullable.sol / 38
The code audited is open source and can be found at https://github.com/juryonline/contracts/tree/playground (Playground branch)
Smart contract security review
Our security-oriented smart contract review follows an organized methodology with the intent to identify the largest number of vulnerabilities in the contracts under scope from the perspective of a motivated, technically capable, and persistent adversary.
Special attention is directed towards critical areas of the smart contract such as the burning of tokens and the functioning of the multi-signature. Our process also looks into other common implementation issues that lead to problems like reentrancy, mathematical overflows, and underflows, gas-related denial of service, etc.
Blaze’s smart contract review methodology involves automated and manual audit techniques. The applications are subjected to a round of dynamic analysis using tools like linters, program profilers, and source code security scanners.
The contracts have their source code manually inspected for security flaws. This type of analysis has the ability to detect issues that are missed by automated scanners and static analyzers, as it can discover edge cases and business logic-related problems.
Technical summary
Description of the smart contracts
- ERC20Token.sol:
Contract with the ERC20 standard token, modified with security enhancements such as SafeMath and approve_fixed, the latter created to prevent a well-known ERC20 race condition that may cause double withdrawal. - JuryOnlineICOContract.sol:
Responsible for fundraising. This contract defines funding goals for each milestone and total effort to be spent and the duration of the project. - JuryOnlineInvestContract.sol: This contract is responsible for managing potential disputes of interests among parties. In this
contract an investor can open a dispute case against a developer about a project milestone, for example, and it will be voted by the jurors to decide whether or not to allocate resources and
funds for the continuation of the project. - Pullable.sol: This contract has auxiliary methods used in InvestContract to make asynchronous transfers.
Vulnerabilities
1. Absence of arithmetic underflow and overflow checks in parts of the contract
Affected points: JuryOnlineICOContract.sol and JuryOnlineInvestContract.sol
Fixed in commit 3f5f707cfeec36e174702b46be0c8f6850e6a12b
Severity: Low
During the audit, it was observed that the contract implement a series of measures regarding to mathematical operations to prevent and effectively mitigate arithmetic underflows and overflows of uint32 variables.
However, Blaze Information Security noticed some parts of the contract as in JuryOnlineICOContract.sol and JuryOnlineInvestContract.sol did not apply these countermeasures, making the variables and functions that perform mathematical operations in these contracts potentially susceptible to this kind of attack.
The code below illustrates the absence of SafeMath or other functions and libraries to prevent arithmetic overflows and underflows:
Despite no evidence of a viable exploitation scenario using underflow or overflow on those contracts found during this assessment, it is important to implement the mitigation in advance in order to turn this kind of attack impossible, even if they are somehow discovered in the code or triggered by corner cases.
- Referenceshttps://ethereumdev.io/safemath-protect-overflows
https://openzeppelin.org/api/docs/math_SafeMath.html - Solution
As a general good practice and to be overall consistent with the same security countermeasures already present in the project, it is recommended to apply the same mitigation implemented in other parts of the contract to the aforementioned Solidity files.
Consider using OpenZeppelin’s SafeMath, as it is the most popular library with enhanced security checks for safe mathematical operations. It is understood, however, that adding those arithmetical safeguards to the contract may increase its gas usage.
Conclusion
The ultimate goal of a security assessment is to bring the opportunity to better illustrate the risk of an organization and help make it understand and validate its security posture against potential threats to its business.
With that in mind, Blaze Information Security provides the following recommendations that we believe should be adopted as the next steps to further enhance the security posture of the smart contracts:
- Fix the only outstanding issue presented in the report, taking into consideration the future development of the project;
- Engage another third-party IT security provider for the second round of audit;
- Consider establishing a bug bounty program, as it is becoming increasingly common among companies in the smart contract and blockchain field.
Blaze Information Security would like to thank the team at Jury.Online for their support and assistance during the entire engagement.