@fuchen, I am impressed by the short analysis and output time of your new tool, Pied-Piper. Also, that’s a very clever name you chose.
On Backdoors, Smart Contracts, and Vulnerabilities
Smart contracts have been notorious for their vulnerabilities, hacks, and exploits, but they have been indispensable and have also recorded some considerable advancement. According to Certik as published on CoinDesk, in 2021, money lost to DeFi through Smart Contract vulnerabilities was about $1.3billion. This underscores the importance of a research like this which proposes a solution to an existing problem.
Attacks on Smart Contracts, a research summary on the Forum, omitted Backdoor Attacks. The research paper does not contain an exhaustive list, so it is understandable. Nevertheless, it would have been a good addition.
Backdoor attacks are notorious for privacy breach and loss of assets, thus violating privacy techniques as outlined in this research summary.
Notable Points from the Summary
-
Backdoor threat is a vulnerability in Ethereum smart contracts that can lead to privacy breach and loss of assets.
-
Contract backdoors are a necessary devil as they can be useful in the right hands and manipulated in the wrong hands.
-
Backdoor attacks are perpetrated by attackers who exploit special accounts and special functions on Ethereum smart contracts.
-
Contract backdoors are like an emergency backdoor from which a thief can sneak in without permission and rob some select rooms or even a whole house.
Questions
A. Speaking about the accessibility to invoking functions in smart contracts, hypothetically, what kind of accounts or group of accounts can be granted this access?
B. Just as a sneak peek, can you please mention some of the smart contract functions of which some can trigger a backdoor attack?
Moving the Research Forward
Is it possible for Pied-Piper to develop some kind of severity scale to classify each detected backdoor threat? This way auditors can easily give the results adequate attention. Or, is there a system close to this that Pied-Piper implements?