Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Heiswap Dapp #321

Closed
carlossampol opened this issue Jul 5, 2019 · 13 comments

Comments

@carlossampol
Copy link

commented Jul 5, 2019

Audit request

Heiswap (黑 swap) is an Ethereum transaction mixer that ultilizes parts of CryptoNote to enable zero-knowledge transactions.

It ulitilizes Ring Signatures and pseudo-stealth addresses to achieve its zero-knowledge properties. The deployed smart contract handles the signature verification, while the client is responsible for generating the pseudo-stealth address.

Ring signatures was only possible on the EVM (gas-wise) due to the recent addition of EIP198.

Deployed at https://ropsten.etherscan.io/address/0xbbbf35a4485992520557ae729e21ba35aab178d7

https://kndrck.co/posts/introducing_heiswap/

Source code

https://github.com/kendricktan/heiswap-dapp/tree/master/contracts

Exclude: Migrations.sol

Disclosure policy

public

Platform

Ethereum

Number of lines:

403

@yuriy77k yuriy77k changed the title Order No. 1562340962101 Heiswap Dapp Jul 5, 2019

@danbogd

This comment has been minimized.

Copy link

commented Jul 7, 2019

Auditing time: ~ 3 days.

@yuriy77k

This comment has been minimized.

Copy link
Member

commented Jul 7, 2019

@danbogd assigned

@gorbunovperm

This comment has been minimized.

Copy link

commented Jul 8, 2019

Estimated auditing time is 3 days.

@yuriy77k

This comment has been minimized.

Copy link
Member

commented Jul 8, 2019

@gorbunovperm assigned

@danbogd

This comment has been minimized.

Copy link

commented Jul 11, 2019

My report is finished.

1 similar comment
@gorbunovperm

This comment has been minimized.

Copy link

commented Jul 11, 2019

My report is finished.

@kendricktan

This comment has been minimized.

Copy link

commented Jul 17, 2019

How can I obtain the report?

The frontend is a bit more polished, there is also a barebones relayer ready and would like to deploy this to the mainnet with an audit from the Eth commonwealth if possible hahahaha

@Dexaran

This comment has been minimized.

Copy link
Member

commented Jul 18, 2019

@kendricktan Our audit procedure requires three auditors to review the contract. Currently two reports are completed. We are waiting for one more auditor and we will publish the summary as soon as the third auditor completes his report.

@kendricktan

This comment has been minimized.

Copy link

commented Jul 18, 2019

Thanks for the update!

@MrCrambo

This comment has been minimized.

Copy link

commented Jul 18, 2019

Auditing time 2 days

@yuriy77k

This comment has been minimized.

Copy link
Member

commented Jul 18, 2019

@MrCrambo assigned

@MrCrambo

This comment has been minimized.

Copy link

commented Jul 19, 2019

My report is finished

@yuriy77k

This comment has been minimized.

Copy link
Member

commented Jul 20, 2019

Heiswap Dapp Security Audit Report

1. Summary

Heiswap Dapp smart contract security audit report performed by Callisto Security Audit Department

Heiswap (黑 swap) is an Ethereum transaction mixer that ultilizes parts of CryptoNote to enable zero-knowledge transactions.
It ulitilizes Ring Signatures and pseudo-stealth addresses to achieve its zero-knowledge properties. The deployed smart contract handles the signature verification, while the client is responsible for generating the pseudo-stealth address.
Ring signatures was only possible on the EVM (gas-wise) due to the recent addition of EIP198.

Description: https://kndrck.co/posts/introducing_heiswap/

Dapp: https://heiswap.exchange/

2. In scope

Commit hash: afd1a2731bdcaea03698e29ee179b0b29b536807

  1. Heiswap.sol
  2. AltBn128.sol
  3. LSAG.sol

3. Findings

In total, 5 issues were reported including:

  • 1 high severity issues.

  • 2 medium severity issues.

  • 1 low severity issues.

  • 1 minor observation (not security issue)

3.1. Anyone can close a ring

Severity: high

Description

Confidentiality is based on the fact that there is no links between 5(maximum) deposits and 5 withdrawals. But the contract provides for the premature closure of the ring, even if the amount of participants is less than 5. The exposer can intentionally enter each ring together with the observed address and close the ring with two participants. Thus, he will be able to detect the withdrawing address.

To have only two participants in the ring, the exposer can track the transaction of the observed address and as soon as it appeared to make an Front-Running Attack closing the previous ring. Then the observed address will come into a new ring, which the exposer will be able to close with 2 participants.

Code snippet

3.2. Losing the funds

Severity: medium

Description

When the deposit is not an exact value, rounding occurs. And a decimal fraction of deposit remains blocked in the contract. For example, if an amount of 2.7ETH is deposited , 0.7ETH will be lost.

Code snippet

Recommendation

Return the rest of the rounding.

3.3. Incorrect gas compensation

Severity: medium

Description

The contract provides for compensation of gas during the withdrawal of funds:

    // Send ETH to receiver
    // Calculate fees (1.33%) + gasUsage fees
    uint256 gasUsed = startGas - gasleft();
    uint256 fees = (withdrawEther / 75) + gasUsed + startGas;

But gasleft() function returns just the amount of gas(not in wei). These calculations do not take into account the gas price. Therefore, the returned funds will be incomparably less than spent.

3.4. Zero address checking

Severity: low

Description

In function withdraw there is no zero address checking.

Code snippet

withdraw

3.5. Unused variable

Severity: minor observation

Description

blocksPassed variable is not used.

Code snippet

4. Conclusion

The audited smart contract must not be deployed. Reported issues must be fixed prior to the usage of this contract.

5. Revealing audit reports

https://gist.github.com/yuriy77k/5ae25c2c0892dd524007429135c27c1a

https://gist.github.com/yuriy77k/573a83e8a78142ab86a0f9e6cbfea71d

https://gist.github.com/yuriy77k/3090239037c165b8fc2371e24ee509f5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
7 participants
You can’t perform that action at this time.