Another exploit in Solidity, a javascript-like language that Ethereum uses for smart contracts, has been discovered that impacts all of Ethereum and not just the DAO.
Ethereum contracts call out to other contracts routinely. This practice is encouraged by the community with a vision of smart contracts everywhere talking to each other.
Turns out that when an Ethereum contract talks to another contract, it can lose its own program control and state.This vulnerability was discovered by Joey Krug and Martin Kppelmann, and publicized by Philip Daian , a PhD student at Cornell studying with Emin Gun Sirer.
It’s important to differentiate this exploit from reentrancy , which is a known exploit and was used to attack the DAO. Let’s call this exploit solar-storm ( because it knocks out Ethereum smart contract communication like a solar storm would knock out our communication infrastructure on Earth). Daian didn’t explicitly name it, but likes the solar-storm name.
Solar-storm vs. Reentrancy:The reentrancy exploit can happen when:
1. Contract A, function A calls contract B.
2. Contract B calls contract A, function A.
The key insight by Daian is that even a single call out by any contract is enough for an exploit. The solar-storm exploit can happen when:
1. Contract A calls out to any arbitrary external contract.
2. Contract A has an external function that modifies state (most do).
So an example of solar-storm exploit can be:
1. Contract A, function A calls contract B.
2. Contract A has another function C that shares state with function A.
3. Contract B calls contract A, function C.
This means that in Ethereum contracts you either (a) cannot use external calls in your contract or (b) you cannot have externally callable functions that share state with functions that make external calls.
Getting rid of (b) is hard in practice, so this means that you basically cannot use external calls in contracts. If you must have external calls, then you can only use them at the end of your own logic and once the external call is executed you cannot assume anything about the state of your contract.
Solar-storm can be viewed as a variant of reentrancy, but it’s a broader exploit than reentrancy and easier to miss .
Even if the other exploits (unchecked-send and reentrancy) were not there, solar-storm alone is sufficient to steal $150M from the DAO.
What does this mean?To summarize:
This impacts all contracts on Ethereum, not just the DAO. This is an issue with Ethereum’s JavaScript-like programming language (Solidity). It’s possible to have exploits in already published Ethereum contracts. Developers should check if their contracts are vulnerable and take appropriate actions (move funds, publish new contracts). Developers need to be extremely careful with making external calls in future contracts. Avoid external calls until this issue is addressed. Next steps:A full-review of all published smart contracts is needed. We also need a static analyzer to catch the vulnerability and the Solidity compiler should detect this issue. This vulnerability is not yet widely publicized and the Solidity documentation should warn people about it.