SlowMist: Denial of Service Vulnerability in Edgeware Lock Contract (Released in 2019)

Recently, we have noticed that a serious vulnerability has been exposed in Edgeware. This vulnerability has been fixed, and it has no impact on users who have already locked their positions or users who continue to lock their positions after the fix. According to the current situation, there should be no actual impact.

But why is this vulnerability serious? I will briefly explain.

Edgeware is a well-known chain project in Polkadot ecology, because of the original ILO (Initial Lock-up Offering) mechanism, one of the ways is to allow participants to obtain more Edgeware digital currency incentives by locking ETH. Over $900 million in ETH has been processed and over $290 million locked so far.

As shown in the figure above, each participant can use the Lockdrop contract published by Edgeware on Ethereum to perform lock-up and obtain incentive operations. After success, an independent Lock contract will be generated under the control of its own authority. This contract itself is safe. (at least we haven’t found known potential risks yet). But here’s the interesting thing: the bug appeared the moment the Lock contract was generated.

Please pay attention to the lock function in the above figure, there is a key code:

assert(address(lockAddr). balance == msg. value);

This code makes a mandatory judgment: the amount of the Lock contract belonging to the participant must be equal to the amount sent by the participant when locking the warehouse. If it is not equal, it means that the lock failed. This failure will cause the participant’s Lock contract to “paralyze” and form The direct consequence of “denial of service” is: if the attack continues, the Lockdrop mechanism of Edgeware will no longer be available. But this loophole has no effect on participants’ funds. So, what would cause “address(lockAddr).balance not equal to msg.value”? As long as the attacker can guess the address of the participant’s Lock contract in advance (this is clearly introduced in the Ethereum Yellow Paper), the attacker only needs to go to the address of the participant’s Lock contract to transfer ETH at will. Edgeware’s fix code for this vulnerability is also very simple, as shown in the figure below:

Change the Lockdrop contract to:

assert(address(lockAddr). balance == msg. value);

Change to:

assert(address(lockAddr).balance >= msg.value);

Yes, the Lockdrop contract reissued a new one.

Vulnerable Lockdrop contract:

https://etherscan.io/address/0x1b75b90e60070d37cfa9d87affd124bb345bf70a#contracts

The fixed Lockdrop contract:

https://etherscan.io/address/0xFEC6F679e32D45E22736aD09dFdF6E3368704e31#contracts

Related references:

https://medium.com/@nmcl/gridlock-a-smart-contract-bug-73b8310608a9

https://blog.edgewa.re/a-denial-of-service-bug-in-the-edgeware-lockdrop

https://ethereum.github.io/yellowpaper/paper.pdf

About SlowMist

SlowMist is a blockchain security firm established in January 2018. The firm was started by a team with over ten years of network security experience to become a global force. Our goal is to make the blockchain ecosystem as secure as possible for everyone. We are now a renowned international blockchain security firm that has worked on various well-known projects such as Huobi, OKX, Binance, imToken, Crypto.com, Amber Group, Klaytn, EOS, 1inch, PancakeSwap, TUSD, Alpaca Finance, MultiChain, O3Swap, etc.

Website：
https://www.slowmist.com
Twitter：
https://twitter.com/SlowMist_Team
Github：
https://github.com/slowmist/