Case Study: Hacken’s Audit of EBSI Smart Contracts
Hacken performed smart contract audits for the EBSI, contributing to the safety and reliability of digital public services across Europe
🇺🇦 Hacken stands with Ukraine!Learn more
On the 8th of October, bug bounty platform HackenProof hosted an onsite bug-bounty marathon – Hacken Cup, where 25 top hackers were testing 3 products, one of which was an all-in-one decentralized communications platform Crypviser Network.
A few days before the event, hackers received partial information about the companies to conduct preliminary recon on the targets. Right before the Hacken Cup, hackers formed teams so that they could easily cooperate during the event.
Participants had 9 hours to test products and report vulnerabilities they’ve found. All reports had to go through the validation procedure by HackneProof’s triage team with close cooperation of the client’s technical staff that was also present at the event.
Hackers and companies were in constant communication during the Hacken Cup, discussing the technical aspects of the products as well as vulnerabilities that were identified during the event.
By the end of the day, hackers have submitted a total of 102 bug reports. The event was concluded with an award ceremony that included 5 nominations.
11 vulnerability reports were received within Crypviser’s scope, of which 4 were valid (2 medium and 2 low). Each vulnerability was rated for technical impact defined in the findings summary section of the report using CVSSv3. We have listed them below, with a quick explanation:
iOS App does not validate server certificates – Medium
The Crypviser iOS application does not validate TLS certificates for m1node.crypviser.network:1443. In short – any presented certificate is trusted by the application.
Non-constant time hmac comparison in + [cryptoHelper decryptContainer:] – Low
When decrypting an application container using +[cryptoHelper decryptContainer:], the application uses a non-constant-time comparison with the computed hmac versus the stored hmac.
Using a non-constant-time comparison against HMAC allows an attacker to modify and forge data, bypassing message authentication: https://security.stackexchange.com/questions/74547/timing-attack-against-hmac-in-authenticated-encryption
Even though the likelihood of an attack is low and the difficulty of execution is high, it should be noted that this vulnerability undermines the entire cryptosystem.
Comment from the Crypviser team:
Such attack which is better known as “SSL timing attack” is not actual and possible with Crypviser app since HMAC checks used for validation of data decryption, but not for authentication.
HMAC comparison mostly used for it’s in byte verification. To perform a successful attack by forging data the backward channel is required to get a response if a modified byte has passed validation. In our case an attacker should pass authentication to be able to send any “false” packet and moreover, Crypviser app doesn’t provide back any result of HMAC comparison.
Thereby Crypviser team has concluded that this attack doesn’t make any sense with Crypviser app and useless practically.
The app uses http (without SSL or any other encryption) to check username – Low
The application POST json rpc requests to the dedicated IP to check (by username) if a user exist. No SSL or any other encryption is used. As a result, the request can be intercepted while adding contacts (so bad guys may know everyone’s usernames).
Lack of URL Scheme Validation leads to arbitrary file deletion/overwrite – Medium
URL Scheme handling for one app copying files into another (to share files between apps) only checks that the URL provided is a file url. If it is a file URL, no other validation is done and the file is moved into the working directory, overwriting any existing files of the same name with an empty file or with an arbitrary file provided by the attacker. Additionally, the lack of file isolation by account or session in this directory means an attacker can have access to any other account files.
The path below is an example of a valid file path: cryptvisor:///path/to/source/file
Further inside the copy to directory function, there is a check “fileExistsAtPath” without session or account validation. This function guarantees that the attacker has access to all other app files in this directory and can cause their deletion and replacement.
Additionally, the check for file existence causes additional code to be executed which may be used as a side channel to leak filenames of other apps files in the acting directory.
We would like to note, that all of the vulnerabilities that were reported by hackers, were fixed by Crypviser’s team. In addition, during Hacken Cup, hackers were unable to identify vulnerabilities in Nodes of the Crypviser Network. Special thanks to Sophia d’Antoine, Ryan Stortz, Dima Kovalenko for reporting the vulnerabilities described in this post.
We are delighted to say, that in addition to participating at Hacken Cup, Crypviser Network is going to launch a public Bug Bounty program for DAPP Crypviser Secure Messenger for iOS on the HackenProof platform for 30 days. Crypviser Network will award hackers up to $3000 for critical vulnerabilities. Cybersecurity of is one of the top priorities for Crypviser. Here at HackenProof, we admire companies that talk publicly about the security of their products and are honored to the platform of their choice.
The Crypviser Network is an all-in-one decentralized communications platform, featuring instant messaging, voice and video calls, but also a secure crypto wallet, local protection features and more. Users can access the network through user-friendly mobile apps. Its mission is to provide a safe communication tool for businesses around the world.
We are happy to invite all researchers to take part in the bug bounty program starting from 24th October 2018. You can find more information about the Crypviser Network bug bounty program on their program page.