author: aman
Blog V - Part I - Day 16
Hey People, I have been a little busy for last few days. Plus it took me some time to find the correct stuff that should fir right in the series.
So now, after so many micro-blogs, it is possible that you must be wondering on How an attacker can even do this? For that I'll be giving you people an idea about what things are openly available to people, potentially an attacker, to be able to exploit the weaknesses of the blockchain governing codes.
We'll take up Smart Contracts in world's larget Decentralised Application(dAPP) platform. Ethereum works with the currency called ETHER(ETH).
I will give you a quick look into what all information is publicly available, and an idea about what all can be extracted from the information available.
Lets dive deep in...
In this micro-blog
- Ethereum Virtual Machine (EVM)
- The two Properties of EVM
- How the Smart Contracts are actually stored?
Ethereum Virtual Machine (EVM)
Ethereum, is actually a large collection of machines spread across the world in decentralised fashion. And a Ledger containing the details of all the transactions is distributed across all the machines(called nodes).
Ethereum Virtual Machine or EVM, is a system used to refer to this computer.
The two properties of this EVM
1) EVM is Quasi-Turing
A turing complete machine is the one, which is able to solve any problem provided to it, despite the fact how long does it take.
EVM is quasi-Turing because, it is limited by a factor, COST. Any computation you make to it, it is limited by the gas price required to solve this problem.
2) EVM is Stack Based Machine
EVMs Data Structure is Stack Based.
for e.g. 2 + 2
can be given as 2 2 +
How the Smart Contracts are actually stored?
If still you think the contract(i.e. the governing document on the Ethereum Blockchain), is stored in the textual format, as the following one, then you are absolutely wrong.
To work on EVM, the Smart Contracts are to be converted into a specific format called, the bytecodes.
After compiling the Smart Contract into the bytecode using Solidity compiler(solc), it is exported to the EVM.
- Contract Bytecode: is the bytecode of the complete smart contract. That is actually, what ends up staying on the EVM.
It is comprised of functions(), already initialised variables, and all that is predefined. Plus, Something that can be changed during running.
- Runtime Bytecode: it is the same bytecode that can be changes during running.
It can be said that Contract Bytecode = (some bytecode) + (Runtime Bytecode)*
-> Now, when compiled the above smart contract will look like,
if we compile it using solc --bin simpleContract.sol
, we get the Contract Bytecode
======= simpleContract.sol:SimpleStorage =======
Binary:
608060405234801561001057600080fd5b5060016000819055506 0c6806100276000396000f3fe6080604052348015600f57600080 fd5b506004361060325760003560e01c806360fe47b1146037578 0636d4ce63c146062575b600080fd5b6060600480360360208110 15604b57600080fd5b81019080803590602001909291905050506 07e565b005b60686088565b604051808281526020019150506040 5180910390f35b8060008190555050565b6000805490509056fea 265627a7a723158200e135b4c7bcf7bde9dca1f257d97637d8137 b315e29248b5654ac7830dab9e8264736f6c63430005100032
and, if we compile it using solc --bin-runtime simpleContract.sol
, we get the Runtime Bytecode
======= simpleContract.sol:SimpleStorage =======
Binary of the runtime part:
6080604052348015600f57600080fd5b506004361060325760 003560e01c806360fe47b11460375780636d4ce63c146062575b6 00080fd5b606060048036036020811015604b57600080fd5b8101 908080359060200190929190505050607e565b005b60686088565 b6040518082815260200191505060405180910390f35b80600081 90555050565b6000805490509056fea265627a7a723158200e135 b4c7bcf7bde9dca1f257d97637d8137b315e29248b5654ac7830d ab9e8264736f6c63430005100032
If you look very closely, you get to find that, the "Contract Bytecode" contains the "Runtime Bytecode"
608060405234801561001057600080fd5b5060016000819055506 0c6806100276000396000f3fe6080604052348015600f57600 080fd5b506004361060325760003560e01c806360fe47b1146037 5780636d4ce63c146062575b600080fd5b6060600480360360208 11015604b57600080fd5b81019080803590602001909291905050 50607e565b005b60686088565b604051808281526020019150506 0405180910390f35b8060008190555050565b6000805490509056 fea265627a7a723158200e135b4c7bcf7bde9dca1f257d97637d8 137b315e29248b5654ac7830dab9e8264736f6c63430005100032
Metaphorically, the smart contract remain in a way of Fill in the Blanks! The arguments inside the function(), are the blanks, which gets filled, and the state of the Blockchain is changes, or the query result is returned.
Please Note! This thing is publicly available.
-> Will directly, continue in next microblog....