Skip to content

Instantly share code, notes, and snippets.

@yuriy77k

yuriy77k/ETH_HeiswapDapp_report.md Secret

Forked from gorbunovperm/ETH_HeiswapDapp_report.md
Created July 12, 2019 07:40
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save yuriy77k/5ae25c2c0892dd524007429135c27c1a to your computer and use it in GitHub Desktop.
Save yuriy77k/5ae25c2c0892dd524007429135c27c1a to your computer and use it in GitHub Desktop.
Download ZIP
Heiswap Dapp security audit report
Raw
ETH_HeiswapDapp_report.md

Heiswap Dapp security audit report

Summary

This is the report from a security audit performed on Heiswap Dapp by gorbunovperm.

Heiswap (黑 swap) is an Ethereum transaction mixer that ultilizes parts of CryptoNote to enable zero-knowledge transactions. It ulitilizes Ring Signatures and pseudo-stealth addresses to achieve its zero-knowledge properties. The deployed smart contract handles the signature verification, while the client is responsible for generating the pseudo-stealth address. Ring signatures was only possible on the EVM (gas-wise) due to the recent addition of EIP198.

Description: https://kndrck.co/posts/introducing_heiswap/

Dapp: https://heiswap.exchange/

In scope

Commit hash: afd1a2731bdcaea03698e29ee179b0b29b536807

  1. Heiswap.sol
  2. AltBn128.sol
  3. LSAG.sol

Findings

In total, 4 issues were reported including:

  • 0 critical severity issue.

  • 1 high severity issue.

  • 2 medium severity issues.

  • 0 low severity issues.

  • 0 owner privileges.

  • 1 note.

Security issues

1. Anyone can close a ring

Severity: high

Description

Confidentiality is based on the fact that there is no links between 5(maximum) deposits and 5 withdrawals. But the contract provides for the premature closure of the ring, even if the amount of participants is less than 5. The exposer can intentionally enter each ring together with the observed address and close the ring with two participants. Thus, he will be able to detect the withdrawing address.

To have only two participants in the ring, the exposer can track the transaction of the observed address and as soon as it appeared to make an Front-Running Attack closing the previous ring. Then the observed address will come into a new ring, which the exposer will be able to close with 2 participants.

Code snippet

2. Losing the funds

Severity: medium

Description

When the deposit is not an exact value, rounding occurs. And a decimal fraction of deposit remains blocked in the contract. For example, if an amount of 2.7ETH is deposited , 0.7ETH will be lost.

Code snippet

Recommendation

Return the rest of the rounding.

3. Incorrect gas compensation

Severity: medium

Description

The contract provides for compensation of gas during the withdrawal of funds:

    // Send ETH to receiver
    // Calculate fees (1.33%) + gasUsage fees
    uint256 gasUsed = startGas - gasleft();
    uint256 fees = (withdrawEther / 75) + gasUsed + startGas;

But gasleft() function returns just the amount of gas(not in wei). These calculations do not take into account the gas price. Therefore, the returned funds will be incomparably less than spent.

4. Unused variable

Severity: note

Description

blocksPassed variable is not used.

Code snippet

Conclusion

There are some dangerous vulnerabilities were discovered here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment