Jury.Online smart contract security audit

blockchain, solidity, smart contract, audit, security

Introduction

This blog post presents the results of a security audit of a smart contract performed by Blaze Information Security, and made public on behalf of the client Jury.Online. This post contains the very same information and findings present in the report released in the end of March 2018.

The audit was performed by Victor Farias (project lead) and Julio Fort of Blaze Information Security.

Disclaimer: This document presents the findings of a security review of the smart contracts under scope of the audit. As a time-boxed and best effort exercise, it does not guarantee there are no other security issues in the smart contract. The results of this audit should not be read as an investment advice.

Reporting

This document presents the results of a Smart Contract Security Review for Jury.Online. This engagement aimed to verify whether the smart contract only does what it is intended to do, and to discover security vulnerabilities that could negatively affect the project before the contract gets deployed into the blockchain network.

Jury.Online aims to create a platform to facilitate deals between different parties. The platform puts itself in the middle of a deal and works as a escrow service; it mediates a given transaction and if all parties are satisfied with the outcome of the deal, the transaction is completed successfully. As a escrow service, it also mediates disputes between the parties of a deal.

Jury.Online provides interaction between judges, arbitrators and parties of a deal for dispute resolutions. It uses an Ethereum ERC20-based token and contracts were written in Solidity. Details about Jury.Online in the whitepaper.

The analysis focused on vulnerabilities related to implementation and on issues caused by architecture and design errors, as well as inconsistencies between the documentation and the code.

For each code pattern non-compliant with the Ethereum token standard or to the contract specification, deviation of best practices and vulnerability discovered during the assessment, Blaze Information Security attributed a risk severity rating and, whenever possible, validated the existence of the vulnerability with a working exploit code.

The main objectives of the assessment were the following:

  • Identify the main security-related issues present in the smart contract
  • Assess the level of secure coding practices present in the project
  • Obtain evidences for each vulnerability and, if possible, develop a working exploit
  • Document, in a clear and easy to reproduce manner, all procedures used to replicate the issue
  • Recommend mitigation factors and fixes for each defect identified in the analysis
  • Provide context with a real risk scenario based on a realistic threat model

Executive summary

The engagement was performed in a total period of 6 business days, including report writing. The smart contract security review commenced part-time on 05/03/2018 and ended on 16/03/2018, finishing with the preliminary version of this report.

On 23/03/2018 all findings reported by Blaze Information Security were fixed accordingly by Jury.Online. The issues are no longer present in the code of the contracts and were fixed in the commit 3f5f707cfeec36e174702b46be0c8f6850e6a12b.

The audit was done with the assistance of automated tools as well as subjected to manual review. The generated EVM code was not inspected in this assessment.

There was only one minor issue discovered in the contracts audited in this engagement. This issue was believed to not bring an immediate risk to the contracts, but should be taken as an advice to improve its security and make it future-proof.

The review of the the contracts under scope did not reveal vulnerabilities that could lead to loss of tokens, bias of jurors, nor problems that had the potential to cause a significant impact to the intended operations of Jury.Online.

Jury.Online had defensive security coding patterns and followed many recommended Solidity programming good practices. Overall the code quality was considered very good, as it was clear, well commented and easy to understand.

Scope

The scope of this security review is comprised of smart contracts written in Solidity.

  • Project name: juryonline
  • Commit: 986aca6ca9c666a34632e4e0ed10d2c78d1fa245

Filename / Lines of code
ERC20Token.sol / 237
JuryOnlineExchanger.sol / 28
JuryOnlineICOContract.sol / 204
JuryOnlineInvestContract.sol / 226
Migrations.sol / 23
Pullable.sol / 38

The code audited is open source and can be found at https://github.com/juryonline/contracts/tree/playground (Playground branch)

Methodology - Smart contract security review

Our security-oriented smart contract review follows an organized methodology with the intent to identify the largest number of vulnerabilities in the contracts under scope from the perspective of a motivated, technically capable and persistent adversary.

Special attention is directed towards critical areas of the smart contract such as burning of tokens and functioning of the multi-signature. Our process also looks into other common implementation issues that lead to problems like reentrancy, mathematical overflows and underflows, gas-related denial of service, etc.

Blaze’s smart contract review methodology involves automated and manual audit techniques. The applications are subjected to a round of dynamic analysis using tools like linters, program profilers and source code security scanners.

The contracts have their source code manually inspected for security flaws. This type of analysis has the ability to detect issues that are missed by automated scanners and static analyzers, as it can discover edge-cases and business logic-related problems.

Technical summary

Description of the smart contracts
  • ERC20Token.sol: Contract with the ERC20 standard token, modified with security enhancements such as SafeMath and approve_fixed, the latter created to prevent a well-known ERC20 race condition that may cause double withdraw.

  • JuryOnlineICOContract.sol: Responsible for fund raising. This contract defines funding goals for each milestone and total effort to be spent on and duration of the project.

  • JuryOnlineInvestContract.sol: This contract is responsible for managing potential dispute of interests among parties. In this contract an investor can open a dispute case against a developer about a project milestone, for example, and it will be voted by the jurors to decide whether or not to allocate resources and
    funds for the continuation of the project.

  • Pullable.sol: This contract has auxiliary methods used in InvestContract to make asynchronous transfers.

Vulnerabilities

1. Absence of arithmetic underflow and overflow checks in parts of the contract

Affected points: JuryOnlineICOContract.sol and JuryOnlineInvestContract.sol
Fixed in commit 3f5f707cfeec36e174702b46be0c8f6850e6a12b
Severity: Low

During the audit it was observed that the contract implement a series of measures regarding to mathematical operations to prevent and effectively mitigate arithmetic underflow and overflows of uint32 variables.

However, Blaze Information Security noticed some parts of the contract as in JuryOnlineICOContract.sol and JuryOnlineInvestContract.sol did not apply these countermeasures, making the variables and functions that perform mathematical operations in these contracts potentially susceptible to this kind of attack.

The code below illustrates the absence of SafeMath or other functions and libraries to prevent arithmetic overflows and underflows:

No SafeMath

Despite no evidence of a viable exploitation scenario using underflow or overflow on those contracts were found during this assessment, it is important to implement the mitigation in advance in order to turn this kind of attack impossible, even if they are somehow discovered in the code or be triggered by corner cases.

As a general good practice and be overall consistent with the same security countermeasures already present in the project, it is recommend to apply the same mitigation implemented in other parts of the contract to the aforementioned Solidity files.

Consider using OpenZeppelin’s SafeMath, as it is the most popular library with enhanced security checks for safe mathematical operations. It is understood, however, that adding those arithmetical safeguards to the contract may increase its gas usage.

Conclusion

The ultimate goal of a security assessment is to bring the opportunity to better illustrate the risk of an organization and help make it understand and validate its security posture against potential threats to its business.

With that in mind, Blaze Information Security provides the following recommendations that we believe should be adopted as next steps to further enhance the security posture of the smart contracts:

  • Fix the only outstanding issue presented in the report, taking into consideration future development of the project;
  • Engage another third party IT security provider for a second round of audit;
  • Consider establishing a bug bounty program, as it is becoming increasingly common among companies in the smart contract and blockchain field.

Blaze Information Security would like to thank the team of Jury.Online for their support and assistance during the entire engagement.

Share

Comments