POPETS-ARTIFACTS-README.md

Artifact Appendix

Paper title: SGXonerated: Finding (and Partially Fixing) Privacy Flaws in TEE-based Smart Contract Platforms Without Breaking the TEE

Artifacts HotCRP Id: 87

Requested Badge: Reproducible

Description

There are three main artifacts, briefly described below.

Artifact 1: Sandwich attacking a private swap

Contains the source code and docker-based environment to simulate a sandwich attack on a private swap as described in section 6.2 of the paper.

Artifact 2: Transfer Amount Privacy attacks on SNIP-20 Transaction

Contains the source code, building toolchain and instructions to break the transfer amount privacy assumptions of receivers of SNIP-20 tokens as described in section 5.3 of the paper.

Artifact 3: Account Balance Privacy attacks on SNIP-20

Contains the source code, building toolchain and instructions to break the account balance amount privacy assumptions of SNIP-20 accounts as described in section 5.5 of the paper.

Security/Privacy Issues and Ethical Concerns

Artifact 1: Sandwich attacking a private swap

None.

Artifact 2: Transfer Amount Privacy attacks on SNIP-20 Transaction

None.

Artifact 3: Balance Privacy attacks on SNIP-20

None.

Basic Requirements

Artifact 1-3

We recommend using a linux machine with a recent docker engine installed.

• Time to build the docker image: N/A we provide a prebuilt image
• Time to bootstrap the local network: < 5 minutes
• Time to run each attack for artifact 1 and 2: < 1 minute each
• Time to run attack for artifact 3: < 5 minutes

Hardware Requirements

Artifact 1-3:

None

Software Requirements

Artifact 1-3

Ordinary linux machine with docker engine installed and manageable as a non-root user.

Please make sure your user ($USER) is part of the docker group.

You can do so by running the following commands:

sudo groupadd docker
sudo usermod -aG docker $USER
newgrp docker

Test the docker command without sudo:

docker run hello-world

Estimated Time and Storage Consumption

Artifact 1-3: Sandwich attacking a private swap

• 5 minutes setup

• <1 minute for each artifacts 1 and 2

• 5 minute artifact 3

Environment

Accessibility

• Github commit: Latest

• Pulls prebuild images from initc3 docker image repo

Set up the environment

Artifact

We assume a linux operating system and we have run the experiment on Ubuntu 22.04.

Get the code

Clone the repository, making sure you fetch the submodules, e.g.:

git clone --recurse-submodules https://github.com/initc3/SecretNetwork-Sandbox.git

If you are missing the submodules after having cloned, run:

git submodule update --init --recursive --remote

Go into the hacking directory:

cd hacking/

Setup and start the local network with:

make start

What does the above command do?

Full description of start_node.sh

1. Start a validator node (node-1) and a non-validator node (node-2)

2. Store and instantiate Toy Uniswap demo contracts and set up the initial states for the MEV sandwhich attack. The pool sizes are 1000 for token_a and 2000 for token_b. The victim and adversary account in the toy-swap contract each have a balance of 100 token_a and token_b.

3. Store and instantiate snip-20 contract and set up the initial states for the SNIP-20 privacy attack demos. The victim account has a balance of 12343. Two attacker accounts have balance of 10000 each.

4. Shut down node-1 to launch the attack in simulation mode without broadcasting any transactions to the network.

At the end of its execution the script should end with an output similar to:

...

*********************************************************************************
*                                                                               *
* Secret Network Test Nodes are now setup, and ready for experiments.           *
*                                                                               *
*********************************************************************************

Node 2 status info:
{
	"Address": "A80B0E25EEA4665348F071A41B8122AF079BB2AF",
	"PubKey": {
		"type": "tendermint/PubKeyEd25519",
		"value": "Ew9FY1+mRmXWTnAklkyjcPMiJfbz23b06UtsC04xTQw="
	},
	"VotingPower": "0"
}

Testing the Environment

Make sure your user ($USER) is part of the docker group.

getent group docker | grep $USER

If not, then add your user to the docker group:

sudo groupadd docker
sudo usermod -aG docker $USER
newgrp docker

Test the docker command without sudo:

docker run hello-world

Check docker version:

docker version

Must be >= 24.0.5.

Make sure the docker compose command is available:

docker compose

Check that only node-2 is running

docker ps | grep hacking-localsecret-2-1

Artifact Evaluation

Main Results and Claims

Main Result 1: MEV attack on Uniswap contract

We are able to determine the optimal sandwhich attack transactions for a token swap contract as described in section 6.2 of the paper.

Main Result 2: Transfer amount privacy attack on SNIP-20 token contract

We are able to determine the transfer amount for a SNIP-20 token transfer transaction as described in section 5.3 of the paper.

Main Result 3: Account balance privacy attack on SNIP-20 token contract

We are able to determine the balance of a SNIP-20 account as described in section 5.5 of the paper.

Experiments

Experiment 1: Sandwich attacking a private swap

Launch the sandwich attack.The script creates a victim transaction swaping 10 token A for token b with slippage limit 20. (Given that the Pool balance for token a is 1000 and Pool balance for token B is 2000) It prints the optimal frontrun transaction of swaping 20 of token a for token b, and the optimal backrun transaction of swaping 40 of tokeb b for token a.

make sandwich-attack

What does the above command do?

Full description of sandwich-attack.sh

The above command simulates an adversary executing the following steps:

1. Generate a victim swap transaction to swap 10 token_a for at least 20 token_b.

2. Find a front-run transaction by bisection search that, when executed before the victim's transaction, won't fail the victim's transaction. The front-run transaction found swaps 20 token_a with a slippage limit of 0, resulting in obtaining 40 token_b.

3. After the victim's transaction, the adversary executes a back-run transaction to sell the 40 token_b, increasing their balance of token_a by 1 and maintaining their balance of token_b.

Experiment 2: Transfer amount privacy attack

Getting transfer amount. This script generates a victim transaction sending 10 of a SNIP-20 token to another account. It figures out the transfer amount prints it.

make transfer-privacy-attack

What does the above command do?

Full description of transfer-privacy-attack.sh

The above command simulates an adversary executing the following steps:

1. Generate a victim transaction to transfer 10 tokens to another account

2. Find a transfer amount by bisection search to figure out the tranfer amount:

   • that sets the victim's balance to 0
   • sends an amount guess to the victim's account resulting in the victim's account having a balance of guess
   • execute the victim's transaction to see if guess was enough to conver the victim's transfer transaction

3. If the guess was enough to cover the victim's transfer transaction then guess is the transfer amount

Experiment 3: Account balance privacy attack

Getting the account balance. The script figures out and prints the victim's balance of 12343.

make balance-privacy-attack

What does the above command do?

Full description of balance-privacy-attack.sh

The above command simulates an adversary executing the following steps:

1. Execute balance inflation by creating transfers between the attacker's two accounts, reseting the account balance to the original value before the transfer, and repeating this until the balance has the maximum value.

2. Find a transaction by bisection search that transfers guess from the attacker's account to the victim's account until it causes an overflow error.

3. The victim's balance is the 2**128-1-guess

Limitations

Notes on Reusability