Tl;dr: We are thrilled to announce that Zengo was selected to receive a prestigious research grant from the Ethereum Foundation to conduct research on the security of Ethereum Transaction simulation. This grant will allow Zengo to extend our security research on this topic (we’ve already uncovered some security vulnerabilities in multiple wallets) and share it in an open source format to benefit the entire community.
What is Transaction Simulation?
The introduction of Web3 smart contracts has opened unlimited opportunities for decentralized apps (Dapps) and users. With smart contracts, anything that can be coded can be deployed on the blockchain, by anyone. As a result, in a Web3 environment, users’ blockchain transactions, previously used for sending coins to peers, are now actually Remote Procedure Calls (RPCs) to smart contracts.
The flip side of this expressiveness is that it’s almost impossible to analytically know in advance what the outcome of a remote procedure call to an arbitrary smart contract will be (in fact, Computer Science theory tells us that such problems are generally undecidable). This observability gap can be, and in fact is, abused by attackers to trick users into signing transactions that are actually harmful for them – in 2022 alone, over $3 Billion dollars worth of cryptoassets were stolen; a vulnerability Zengo has begun to address with our built-in Web3 firewall. This state of affairs bears a close resemblance to the desktop environment: Users need to evaluate in advance if a certain program behavior is good or malicious, without a curated application store.
To solve that observability gap, Web3 security has taken a page out of the desktop’s security book, and is using a sandbox-style emulation to evaluate the potential outcome of the intended transaction, before it gets sent to the blockchain. In Web3 lingo, such sandbox emulation is often referred to as Transaction Simulation.
At Zengo, we have partnered with Alchemy in order to power our Transaction Simulation solution, which will be available to our wallet users in coming weeks.
Zengo’s research plan for Transaction Simulation security
Zengo’s research group will analyze possible attack vectors against such simulations and test leading web3 simulation providers against them.
Some of the attack vectors to be explored include:
- “Red pill” exploits that allow smart contracts to know that they are running in a simulation and behave differently as a result.
- “Time of Check Time of Use” (TOCTOU) attacks to deceive simulation attacks.
It should be noted that we had already found such possible exploits against multiple leading wallets and Transaction Simulation vendors in the Ethereum Virtual Machine (EVM) domain and found out that they are indeed vulnerable to such attacks.
As a result of our responsible disclosure some of these issues were fixed and we were awarded with bug bounties. Other vendors requested for additional time to fix these issues and therefore we still withhold the publication of the full details until they do.
With the additional funding provided by the Ethereum Foundation, Zengo research team plans to release:
- A comprehensive white paper that will include
- Web3 threat model analysis and delineation of which attacks can be addressed via simulations and which cannot.
- Possible exploits and countermeasures
- Testing methodologies for vendors
- Results of testing vendors
- A publicly available open source transaction simulation “shooting range” in which vendors and users can test their simulation against such exploits
We plan to publicly present many of our findings on stage in the upcoming BlueHatIL conference.
Zengo ❤️ Ethereum & Ethereum ❤️ Zengo
We are proud to be selected by the Ethereum Foundation for this grant. Not only because it serves as another testament to the quality of our research, but also because it allows us to work with the community for the greater good of all Ethereum users.
At Zengo, we are committed to making crypto a safer place for all users and improving Web3’s transaction security is yet another step towards that ambitious goal.
