“What Ethereum intends to provide is a blockchain with a built-in fully fledged Turing-complete programming language that can be used to create “contracts” that can be used to encode arbitrary state transition functions [...]. The code in Ethereum contracts is written in a low-level, stack-based bytecode language, referred to as “Ethereum virtual machine code” or “EVM code”. The code consists of a series of bytes, where each byte represents an operation.”

Vitalik Buterin [1]

Welcome to the seventh chapter of this book, where we’ll analyze our vulnerable application with a Capture the Flag (CTF) on Ethereum Smart Contracts.

The epigraph features words from Vitalik Buterin, who, in 2014, examined Bitcoin – the digital currency first introduced through a white paper in 2009 [2]. His analysis expanded the idea...

You can use the Ubuntu LTS machine configured in w in this chapter.

As with the previous chapters, we will use Visual Studio Code. You can get it from its website if it isn’t installed [5]. After, do the following:

1. Enable the Shell Command: Install the 'code' command in PATH functionality via the VSCode command palette.
2. Install the Nomic Foundation extension [6] for Solidity Language Support.

Scenario files

To reproduce the scenario in this chapter, you can use the files in the Chapter07 directory in this book’s GitHub repository.

The scenario comprises a smart contract and other useful files.

The following scenario unfolds as a CTF game we created and published on QuillAcademy [7].

We have the LicenseManager smart contract on the blockchain, where each license costs 1 ether.

Our objective? With only 0.01 ether, we need to buy a license and then find a way to collect the ethers in the contract before the owner notices.

Before diving into this scenario, let’s take a high-level look at the significant security incidents of blockchain to understand common vulnerabilities.

Note to chief information security executive officers (CISOs)

As with new technologies, blockchain often brings new opportunities and risks that must be understood and managed correctly.

If you are in an organization, it is possible to implement blockchain technologies on multiple levels:

a. Building your private blockchain with all the issues related to cryptography and programming

b. Having nodes where the blockchain runs, with the various...

The first thing to understand is what contracts are, how applications using smart contracts are structured, and how they get on the blockchain. We’ll understand the most famous vulnerability, named Reentrancy.

What are smart contracts in the Ethereum blockchain?

To define smart contracts, we can refer directly to the documentation on Ethereum, which states that a smart contract “is simply a program that runs on the Ethereum blockchain. It’s a collection of code (its functions) and data (its state) that resides at a specific address on the Ethereum blockchain.” [8]

Contracts have a balance and can use it, as specified in their functions, such as via fund transfer or state change. You can send transactions that call upon these functions to interact with these contracts.

Smart contracts – being Turing-complete – can be used to develop different things:

The first thing we need to structure in our lab is our local blockchain, along with what we did to set up Burp and Docker earlier in this book.

Of course, we can use public testnets, but on the one hand, it’s not appropriate to leave our traces on these networks and perhaps dedicate them to a later step, and on the other hand, we may not want to give visibility to our tests.

Fortunately – using Solidity’s development environments – we can recreate our blockchain and lab from the comfort of our machine.

For Solidity, excluding Remix, we have the historic Truffle in JavaScript, which we are particularly fond of and which brings along Ganache – a local blockchain server on which to do testing; Hardhat, which also includes Hardhat Network, its local Ethereum node; and the new Foundry framework, written in Rust.

In general, each environment has its pros and cons, and it’...

In this chapter, we embarked on an insightful journey into smart contracts, exploring the fundamentals of their design and deployment and the structure of web3 applications.

Then, we delved into the critical vulnerabilities that threaten smart contracts on the Ethereum blockchain, offering a thorough understanding of these potential weaknesses.

Furthermore, we probed into various methods for auditing contracts and executing tests using sophisticated tools such as Foundry and various disassemblers. We examined randomness, business logic, and reentrancy vulnerabilities to equip you with comprehensive knowledge about this innovative topic.

Next, we’ll wrap up this book with some concluding thoughts.

This chapter covered many topics. If you’d like to dive deeper, we’re happy to share some valuable resources with you:

• [1] Buterin, V. (2014). Ethereum: A Next-Generation Smart Contract and Decentralized Application Platform, by Vitalik Buterin (2014). [online] Available at https://ethereum.org/669c9e2e2027310b6b3cdce6e1c52962/Ethereum_Whitepaper_-_Buterin_2014.pdf.
• [2] Nakamoto, S. (2008). Bitcoin: a Peer-to-Peer Electronic Cash System. [online] Available at https://bitcoin.org/bitcoin.pdf.
• [3] Edelman, G. (2021). What Is Web3, Anyway? [online] Wired. Available at https://www.wired.com/story/web3-gavin-wood-interview/.
• [4] Berners-Lee, T., Connolly, D., Andrea Stein, L. and Swick, R. (2000). Tim Berners-Lee – Semantic Web. [online] www.w3.org. Available at https://www.w3.org/2000/Talks/0906-xmlweb-tbl/text.htm.
• [5] Visualstudio.com. (2016). Visual Studio Code. [online] Available at https://code.visualstudio.com/Download...