What We Learned from Auditing Our Ethereum Client
DISCLAIMER: As of September 2019, Pantheon has been renamed to Hyperledger Besu. In posts prior to September 2019, we refer to the Ethereum client as Pantheon.
At PegaSys, we take security and code quality seriously. That's why we commissioned an independent auditor to review our codebase before we published our Pantheon Core release at Devcon4. The auditor Trail of Bits completed the security review in October.
First, this audit reinforced the importance of staying on top of technical debt. Several of the review’s findings related to areas of the codebase known to be in need of refactoring or cleanup. Anyone who works in an engineering organization knows the struggle of prioritizing technical debt. At PegaSys, we believe cleanup and constant improvement of the codebase should happen on a regular basis. Going forward, we plan to be even more diligent in addressing technical debt.
Our engineers have addressed all medium- and high-priority issues in the final security assessment report and continue to improve the codebase with expanded testing infrastructure and other best-practice recommendations. In addition to publishing this report, we want to highlight several lessons we found especially valuable.
Second, Trail of Bits’s engineers, who bring deep backgrounds in security and Java, discovered some obscure vulnerabilities and bugs. For example, in some JVM implementations the `entrySet()` method of `java.util.map` can return a single mutable `Entry` object as this `Set` is traversed (From the Java™ Platform Standard Ed. 8: "Note: Great care must be exercised if mutable objects are used as set elements. The behavior of a set is not specified if the value of an object is changed in a manner that affects equals comparisons while the object is an element in the set. A special case of this prohibition is that it is not permissible for a set to contain itself as an element."). This unexpected behavior resulted in a bug that would only be revealed on some JVMs.
Missed devcon iv? Check out our announcement for Pantheon Core and future roadmap on slideslive.
Third, the review uncovered an interesting vulnerability relating to DNS rebinding attacks. Briefly, DNS rebinding involves an attacker binding a local IP address to a domain they control by running a malicious DNS server or by exploiting common router vulnerabilities. This circumvents the Same-Origin Policy (SOP) security measure that browsers use to prevent a web application on one domain from sending malicious requests to a different domain (for example, preventing attack.com from making a request to bank.com/myaccount/transfer/to/attacker).
In the case of Pantheon Core, this DNS rebinding attack could have been used by a malicious website to execute requests against a locally running JSON-RPC HTTP server. One of our key design decisions was to leave Ethereum account key management external to Pantheon. This attack vector illustrates exactly why account management is best left external to the client. Had key management been implemented in Pantheon, this attack would have been much more dangerous — potentially allowing an attacker to transfer funds away from local unlocked accounts.
Beyond reporting vulnerabilities, Trail of Bits also highlighted some longer-term strategies for proactive security bug finding using continuous fuzz testing. Based on their suggestion, we are currently investigating fuzz testing of our externally exposed surfaces (for example, JSON-RPC services and at the p2p networking layer), and exploring higher-level fuzz testing that will allow us to isolate implementation differences between the various Ethereum clients running on mainnet.
No auditor can be expected to uncover every issue or vulnerability, but having a fresh set of eyes with deep security expertise examine Pantheon’s codebase provides an important perspective. In addition to its findings, the report has invigorated our commitment to Pantheon's security. Armed with this new perspective, we look forward to shipping a safe and reliable Pantheon Enterprise release in 2019.
Want the latest PegaSys updates straight to your inbox? Join our mailing list.