EOS EVM Contract Drain Vulnerability

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

EOS.io Logo

A critical vulnerability was uncovered and resolved in the EOS EVM before it could be exploited. The vulnerability, if exploited, would have allowed draining all contracts storing EOS across the trustless bridge. According to the report, the vulnerability was never exploited.

About EOS Blockchain

The EOS (Electro-Optical System[1]) blockchain is "a highly performant open-source blockchain platform, built to support and operate safe, compliant, and predictable digital infrastructures."[2] EOS launched in June 2018 with a $4.1 billion USD initial coin offering[1]. The core team of EOS is based in the Cayman Islands[3].

The core team behind EOS is “Block.one”, which is based in the Cayman Islands. Brendon Blumer, the CEO, has been involved in blockchain since 2014. He has previously been involved in companies that dealt with currency exchanges in MMORPGs and in real estate. Dan Larimer, is the CTO. He is the creator of delegated proof-of-stake and decentralized autonomous organizations aka DAOs. He is the also the man behind BitShares and Steem.

The EOS platform allows the development of decentralized blockchain applications in a similar manner to Ethereum and was initially dubbed the ethereum killer[4]. The EOS network has demonstrated high transaction processing capability without disruptions[5].

"EOS is a platform that uses the blockchain technology for the development of decentralized applications (dapps), very similar to Ethereum in function. As a matter of fact, supporters have dubbed it as the “Ethereum killer”. By providing an operating-system-like set of services and features that dapps can make use of, it makes dapp development very easy."

The EOS Network Foundation (ENF) took over the development of the EOS network after the community voted to stop payments to Block.one, the company behind the original EOSIO software[5].

About EOS EVM

The EOS Network Foundation (ENF) has introduced support for Ethereum's Virtual Machine (EVM) on the EOS network as part of a revitalization plan[5]. EOS EVM offers a solution to the challenges faced when building applications on different blockchains[6]. Due to the popularity of Ethereum, EVM and the solidity language underlying it has become somewhat of a standard for blockchains. EVM, or the Ethereum Virtual Machine, is a core computation engine of Ethereum which powers the blockchain and smart contracts[7].

EOS EVM, the Ethereum Virtual Machine implementation for the EOS Network[8].The EOS EVM enables Ethereum-like transactions on the EOS Network by implementing a smart contract-based Ethereum Virtual Machine (EVM)[6]. The EOS EVM is a compatibility layer that's designed to allow EOS to mimic the same functionality as the EVM. "It enables developers to deploy and run their applications on top of the EOS blockchain infrastructure but to build, test, and debug those applications using the common languages and tools they are used to using with other EVM compatible blockchains.[9]" This allows developers to build Ethereum-based applications on EOS, leveraging its performance, reliability, and liquidity[6]. With EOS EVM, Ethereum projects can reach a broader audience and tap into the liquidity of EOS without the need to rewrite their code[6]. Users can enjoy improved user experiences on EOS while benefiting from Ethereum's established open source code, tooling, libraries, and SDKs[6].

EOS EVM is an Ethereum Virtual Machine (EVM) running on the EOS blockchain that offers improved speed, scalability, and cost-effectiveness[10].The new EVM, called Trust EVM, will operate as a smart contract on the EOS blockchain and aims to attract Ethereum developers[5]. It offers full compatibility with the existing EOS decentralized application ecosystem, allowing tokens to be transferred between environments[5]. The integration of the EVM provides developers with access to open-source code libraries, SDKs, and popular toolkits, addressing previous developer tooling issues[5][11]. The EOS EVM supports all Ethereum development tools and libraries, making it easy for developers to migrate their existing projects or build new decentralized applications (dApps) on the EOS platform[10].The EOS EVM has 5 parts[9].

  • A fork of the Blockscout blockchain explorer with adaptations for the EOS EVM.
  • The EVM bridge front-end, a front-end which allows for the operation of the EVM trustless bridge[12].
  • The EOS EVM contract, an Antelope smart contract implementing the main runtime for the EVM.
  • The EOS EVM Node and RPC (remote procedure call). This allows for the operation of EVM nodes and remote interaction with those nodes.
  • The transaction wrapper, an Node.js application to service the eth_sendRawTransaction and eth_gasPrice functions.

The goal is to attract new developers and projects to EOS by offering unmatched speed, performance, and compatibility with traditional Solidity environments[8][11]. It is fully compatible with Ethereum's EVM, allowing developers to deploy their EVM-compatible smart contracts on the EOS network[10].EOS EVM enables Solidity developers to access the scalability of EOS, combining the power of EOS with the accessible resources of the Ethereum community. The architecture of EOS EVM includes the use of Silkworm as the execution client, enabling scalability and compatibility with the RPC, the introduction of Crypto Primitives for privacy and complex operations, and the adoption of one-second block times for performance and compatibility with Ethereum specifications. Despite the focus on EOS EVM, development work on EOS native continues, ensuring its role as a flagship product of the EOS Network. Funding opportunities and resources are available for developers building on EOS EVM or EOS native, encouraging the growth and innovation of projects on the platform[8].

The EOS EVM Contract is a runtime implemented as a contract on the EOS blockchain[13]. It is compatible with Antelope blockchains and features a trustless bridge for transferring EOS tokens between EVM and EOS accounts. Users can seamlessly move tokens between the environments with a small bridge fee deducted[13]. Interacting with EVM contracts on EOS EVM significantly reduces transaction costs and enables higher throughput. In summary, EOS EVM provides a seamless integration of Ethereum's EVM functionality into the EOS ecosystem, expanding the possibilities for developers and users[10].

The EOS EVM Node and RPC are programs that support Ethereum JSON-RPC for the virtual EVM blockchain. The eos-evm-rpc program handles most of the read methods, while the eos-evm-node program reconstructs the virtual EVM blockchain using data from the EOS blockchain[13].

The TX-Wrapper handles the eth_sendRawTransaction and eth_gasPrice RPC methods by constructing Antelope transactions and pushing them to the EOS EVM Contract. It also retrieves the minimum gas price from the EOS EVM Contract[13].

Upgrades and compatibility are considerations for deploying EOS EVM. Version 0.3.0 introduced the trustless bridge, and version 0.4.0 has minimal changes. Upgrading the EOS EVM Contract involves deploying the new WASM and ABI files and making some configuration adjustments. The components of EOS EVM undergo bug fixes and improvements, requiring redeployment and reindexing[13].

Getting Blockchain Information

The EOS EVM allows for a blockchain which is built in a deterministic way. Through the RPC, clients such as MetaMask can gain a read-only view of the blockchain[9].

Sending EVM-Compatible Transactions

Clients can push transactions via a proxy and the transaction wrapper. This encapsulates the EVM transaction into an Antelope smart contract transaction. The EVM transactions are then validated and executed by the EOS EVM smart contract deployed in the EOS blockchain[9].

The Reality

The EOS EVM contained a critical security vulnerability. The security vulnerability related to "state objects" tracking the reserved addresses of the trustless bridge. The tracking was not properly being undone in the case where the EVM execution context was reverted[14].

The vulnerability could potentially allow an attacker to illegitimately drain all of the EOS stored by the EOS EVM smart contract across the trustless bridge[14].

TBD - Need to fill in more details on the exact exploit and how it was introduced into the source code.

The vulnerability primarily affected the EOS EVM smart contract, although the EOS EVM node, and the EOS EVM RPC would expect the failed behaviour.

What Happened

The vulnerability was kept confidential and patched behind the scenes by the EOS team. They released an update to the EOS EVM on May 15th.

Key Event Timeline - EOS EVM Contract Drain Vulnerability
Date Event Description
April 21st, 2022 8:30:00 AM MDT CryptoSlate Article The EOS EVM is announced in a CryptoSlate article[5], referencing an announcement that work on the Trust EVM was already completed. The EOS Network Foundation (ENF) has introduced support for Ethereum's Virtual Machine (EVM) on the EOS network as part of a revitalization plan. The new EVM, called Trust EVM, will operate as a smart contract on the EOS blockchain and aims to attract Ethereum developers. The ENF took over the development of the EOS network after the community voted to stop payments to Block.one, the company behind EOSIO software.
January 18th, 2023 7:24:00 AM MST Yves La Rose Announcement Yves La Rose announces the EOS EVM on Twitter[15].
January 20th, 2023 8:09:20 AM MST EOS Network Foundation Announcement The EOS Network foundation announces major changes to the EOS EVM system[6].
March 24th, 2023 9:48:38 AM MDT EOS EVM Architecture Deep Dive The EOS Network Foundation publishes a deep dive into the EOS EVM architecture, which at that time is set to launch on April 14, 2023, after over a year of development involving contributors from the EOS ecosystem[8].
April 12th, 2023 2:55:11 PM MDT EOS EVM 0.4.0 Release Notes Published The release notes for the EOS EVM 0.4.0 are published[13].
May 11th, 2023 12:20:00 AM MDT taokayan Provides Silkwork Stability Fix EOS developer taokayan[16] commits a fix to the silkworm module[17].
May 11th, 2023 7:50:00 PM MDT Version Bumped To 0.4.2 The EOS EVM software version is bumped up to 0.4.2[14].
May 15th, 2023 7:07:00 PM MDT Upgrade Available The upgrage to the EVM is made available on Twitter[18][19].
May 16th, 2023 Included In SlowMist The vulnerability is included as an exploit on the SlowMist website[20].
May 22nd, 2023 7:37:11 AM MDT EOS GO Publication on Vulnerability The EOS GO publishes information about the vulnerability in the weekly newsletter[21][22].

Technical Details

Some information is provided in the release notes[23].

"The security vulnerability is related to the state objects tracking the reserved addresses of the trustless bridge and how they were not properly being undone in the case of an EVM execution context being reverted. If exploited, it could potentially allow an attacker to illegitimately drain all of the EOS stored by the EOS EVM Contract across the trustless bridge."

While there are several updates in 0.4.2[14], the specific modifications to correct the vulnerability apply to two separate files within the silkworm module[17]:

core/silkworm/state/delta.cpp

void CreateDelta::revert(IntraBlockState& state) noexcept {
    if(is_reserved_address(address_))
        state.reserved_objects_.erase(address_);
    else
        state.objects_.erase(address_);
}
void UpdateDelta::revert(IntraBlockState& state) noexcept {
    if(is_reserved_address(address_))
        state.reserved_objects_[address_] = previous_;
    else
        state.objects_[address_] = previous_;
}
void UpdateBalanceDelta::revert(IntraBlockState& state) noexcept {
    if(is_reserved_address(address_))
        state.reserved_objects_[address_].current->balance = previous_;
    else
        state.objects_[address_].current->balance = previous_;
}

core/silkworm/stagedsync/stage_hashstate.cpp

Stage::Result HashState::write_changes_from_changed_addresses(db::RWTxn& txn, const ChangedAddresses& changed_addresses) {
    throw_if_stopping();

    if (changed_addresses.size() == 0) return Stage::Result::kSuccess;

TBD - Need more details on the exploit itself. For example, how could it be exploited by an attacker?

Total Amount Lost

There were no funds lost since the EOS EVM smart contract was patched prior to a public release of any information. The vulnerability does not appear to have been exploited on either the EOS EVM testnet or mainnet. Therefore, it was possible to treat the fix as simpler retroactive change of the EVM. It does not appear that any bounty was paid out for discovering the vulnerability either.

Immediate Reactions

According to release notes, three developers @yarkinwho, @spoonincode, and @taokayan were responsible for investigation and resolution of the vulnerability[16]. Developer @taokayan was responsible for the actual proposal to resolve the vulnerability[17].

The EOS Network Foundation ultimately released version 0.4.2 of their Ethereum Virtual Machine, which resolved the vulnerability. This required an upgrade to the EVM smart contract, EVM nodes, and EVM RPC components[23].

While the resolution was technically a breaking change, this wasn't a fatal problem as the vulnerability had never been exploited[23].

Ultimate Outcome

The EOS Foundation announced the resolution on Twitter with a new version of the EVM being released for people to download.

EOS Foundation Announcement on Twitter

The EOS Foundation posted on Twitter to announce the resolution of the vulnerability[18][19].

EOS EVM v0.4.2 Released!

This release fixes a critical security vulnerability discovered in the EOS EVM.

The EOS EVM Contract, EOS EVM Node, and EOS EVM RPC for the EOS mainnet implementation have already been patched prior to this public release.

Required Upgrades

It was reported that there was no change required to the Application Binary Interface (ABI)[23], making the smart contract upgrade easy.

"Upgrading EOS EVM Contract from v0.4.1 simply requires a setcode of the v0.4.2 contract. There are no changes to the ABI."

At the same time, the node and RPC services needed to have their binaries updated and then be restarted[23].

"Upgrading EOS EVM Node and EOS EVM RPC from v0.4.1 only requires restarting the services with the updated binaries."

Total Amount Recovered

No funds were lost in this case, and therefore no recovery was needed.

Ongoing Developments

There don't appear to be any remaining developments in this case. The original vulnerability has already been patched by the EOS team.

The fix to the security vulnerability is technically a breaking change to EOS EVM, so it is possible that existing clients may still continue to run the old version of the EVM client. However, the exploit was never exploited, and EOS has a small set of active validator nodes, so the upgrade is easy to spread.

It's possible that other forks of EOS may have adopted a portion of the same code and be vulnerable. It is unclear if the EOS team has assessed or reached out to any other projects that may be using the code to assist with mitigation.

Individual Prevention Policies

No funds were lost in this case, as the vulnerability was never exploited. However, there are still strategies which individuals can undertake to reduce their risk.

Avoid the use of smart contracts unless necessary. Minimize the level of exposure by removing or withdrawing assets whenever possible. Aim to choose smart contracts which have obtained third party security audits, preferably having been audited by at least three separate reputable firms. Pay attention to the audit reports, which smart contracts are covered, and whether the smart contract has been upgraded or modified since the report. Ensure that any administrative functions with the ability to remove funds from the smart contract are under the authority of a multi-signature wallet which is controlled by at least three separate and reputable entities.

Store the majority of funds offline. By offline, it means that the private key and/or seed phrase is exclusively held by you and not connected to any networked device. Examples of offline storage include paper wallets (seed phrase or key written down and deleted from all electronic media), hardware wallets, steel wallet devices, etc...

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

No funds were lost in this case, as the vulnerability was never exploited. Further scrutiny by platforms using the EOS blockchain may have helped to uncover the vulnerability before it was exploited. It is also important to place more assets, particularly key treasury assets, within a simpler multi-signature arrangement, which would typically have a lot less risk than more complex smart contracts.

All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.

All wallets, minting functions, and critical infrastructure should be implemented with a multi-signature requirement, with a recommended minimum of 3 signatures required. This means that making important changes or approving spending will require the keys held by at least 3 separate individuals within the organization to approve. The multi-signature should be implemented at the lowest layer possible, all key holders should have security training, and all key holders should be empowered and encouraged to exercise diligence.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No funds were lost in this case, as the vulnerability was never exploited. However, there are still some strategies which can be undertaken to reduce the risk.

In general, blockchain-level exploits can be resolved by reverting the blockchain to a prior state, which restores all funds to their prior ownership and limits potential losses to those who are transacting between the time of the exploit and the time of the revert. Effort should be undertaken by node operators to switch to a branch that eliminates the exploit as soon as possible to minimize losses. Any remaining losses would be resolved through the industry insurance fund.

Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. 1.0 1.1 EOS Tokens Defined: The Basics and Examples - Investopedia (May 24, 2023)
  2. EOSIO Blockchain Software & Services Homepage (May 29, 2022)
  3. What is EOS Blockchain: Beginners Guide - BlockGeeks (May 24, 2023)
  4. EOS Oversimplified: A Beginners Guide To EOS.IO Cryptocurrency - DataDrivenInvestor Medium (May 29, 2022)
  5. 5.0 5.1 5.2 5.3 5.4 5.5 5.6 EOS Community delivers Ethereum EVM support to revitalize the network - CryptoSlate (May 30, 2023)
  6. 6.0 6.1 6.2 6.3 6.4 6.5 Major Updates to EOS EVM and Silkworm-based v0.2 Testnet Deployed - EOS Network Foundation (May 30, 2023)
  7. What is the Ethereum Virtual Machine (EVM)? - QuickNode (May 24, 2023)
  8. 8.0 8.1 8.2 8.3 EOS EVM Architecture Deep Dive - EOS Network Foundation (May 30, 2023)
  9. 9.0 9.1 9.2 9.3 EOS EVM Readme.md - Github (May 24, 2023)
  10. 10.0 10.1 10.2 10.3 EOS EVM - EOS Network Docs (Jun 14, 2023)
  11. 11.0 11.1 EOS EVM - EOS Network Docs Homepage (May 30, 2023)
  12. evm-bridge-frontend - Github (May 24, 2023)
  13. 13.0 13.1 13.2 13.3 13.4 13.5 EOS EVM v0.4.0 Release Notes - EOS Network Foundation (May 30, 2023)
  14. 14.0 14.1 14.2 14.3 Comparing v0.4.1...v0.4.2 · eosnetworkfoundation/eos-evm · GitHub (May 19, 2023)
  15. BigBeardSamurai - "Not only is EOS EVM by far the most performant EVM (800+ swaps per second - 4x faster than Solana), but we have improved the token model." - Twitter (May 30, 2023)
  16. 16.0 16.1 taokayan - Github (May 25, 2023)
  17. 17.0 17.1 17.2 Comparing Silkworm Stability Fixes - eosnetworkfoundation/silkworm - GitHub (May 25, 2023)
  18. 18.0 18.1 EOSnFoundation - "EOS EVM v0.4.2 Released! This release fixes a critical security vulnerability discovered in the EOS EVM." - Twitter Archive May 19th, 2023 11:23:47 AM MDT (May 19, 2023)
  19. 19.0 19.1 EOSnFoundation - "EOS EVM v0.4.2 Released! This release fixes a critical security vulnerability discovered in the EOS EVM." - Twitter (May 19, 2023)
  20. SlowMist Hacked - SlowMist Zone Archive May 19th, 2023 10:13:38 AM MDT (May 19, 2023)
  21. This Week: Progress and Direction of the EOS Comeback - EOS GO Archive May 22nd, 2023 7:37:11 AM MDT (May 24, 2023)
  22. This Week: Progress and Direction of the EOS Comeback - EOS GO (May 24, 2023)
  23. 23.0 23.1 23.2 23.3 23.4 Release EOS EVM v0.4.2 Release Notes · eosnetworkfoundation/eos-evm · GitHub (May 19, 2023)