By the Blockchain Security Team at Coinbase
Securing smart contracts from risks remains hard. Unaddressed security vulnerabilities readily turn into existential threats to your token’s viability. So how can asset issuers prevent smart contract vulnerabilities from leading to real financial losses on token networks?
Keep users’ tokens and token networks safe from attackers by teaching developers to write smart contracts and design robust testing based on this list of ERC-20 implementation risks.
In Introducing Solidify, we shared how the Coinbase blockchain security team performs smart contract vulnerability review at scale. A meta analysis across a few hundred token Solidify security reports resulted in a list of most frequent and severe risks based on potential impact to token network security.
The top ten Smart Contract Risks (SCR) fall into three categories:
- Operational Risks — Authorization features that are exploited when token network governance is insufficient or flawed
- Implementation Risks — Intrinsic errors that result in unintended smart contract behavior
- Design Risks — Accepted system features that are exploited to alter intended smart contract behavior
OPERATIONAL RISKS
SCR-1: Super User Account or Privilege Management
The smart contract implements functions that allow a privileged role to unilaterally and arbitrarily alter the functionality of the asset.
SCR-2: Blacklisting and Burning Functions
The smart contract implements functions that allow a privileged role to prohibit a specific address from exercising an essential functionality.
SCR-3: Contract Logic or Asset Configuration can be arbitrarily changed
The smart contract implements functions that allow the holder of a privileged role to unilaterally and arbitrarily alter the functionality of the asset.
SCR-4: Self-Destruct Functions
The smart contract implements a function that allows a privileged role to remove the token contract from the blockchain and destroy all tokens created by the contract.
SCR-5: Minting Functions
The smart contract implements a function that allows a privileged role to increase a token’s circulating supply and/or the balance of an arbitrary account.
IMPLEMENTATION RISKS
SCR-6: Rolling Your Own Crypto and Unique Contract Logic
The smart contract implements functions that allow the holder of a privileged role to unilaterally and arbitrarily alter the functionality of the asset.
SCR-7: Unauthorized Transfers
The smart contract contains functions that circumvent standard authorization patterns for sending tokens from an account.
SCR-8: Incorrect Signature Implementation or Arithmetic
The smart contract contains operations that can result in unexpected contract states or account balances.
DESIGN RISKS
SCR-9: Untrusted Control Flow
The smart contract invokes functions on different smart contracts in order to trigger functionality not defined within the contract itself.
SCR-10: Transaction Order Dependence
The smart contract allows asynchronous transaction processing that can be exploited for profit or protocol correctness through mempool transaction reordering.
For Coinbase customer funds’ safety, the Coinbase blockchain security team assesses all tokens being considered for listing for proper risk mitigations according to the above vulnerabilities. If you’re looking to get a token listed on Coinbase, we encourage you to check your token’s security by reviewing and testing for the aforementioned risks.
Future posts will help you review your token’s security by examining the top Smart Contract Risks in detail and will also provide countermeasure recommendations.
If you are interested in listing your token with Coinbase, visit the Coinbase Asset Hub. If you are interested in securing the future of finance, Coinbase is hiring.
Top ten smart contract security risks was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.