Case Study: Hacken’s Audit of EBSI Smart Contracts
Hacken performed smart contract audits for the EBSI, contributing to the safety and reliability of digital public services across Europe
🇺🇦 Hacken stands with Ukraine!Learn more
HackenProof is hosting a bug bounty program for a modern social networking protocol based on blockchain called TTC Protocol. Let’s take a short look at their whitepaper, describe the main concepts and some technical details. Then we’ll show you how to run a node to start bug hunting on TTC Bug Bounty Program.
TTC is a decentralized nextgen social networking protocol. TTC provides a brand new social experience; the platform is completely decentralized. It was built to replace the old-style, “attention economy”-based social networks. TTC users will be able to get rewards for interacting with other users and their content.
As new social networking protocol, TTC requires a high speed of transactions. BFT-DPoS model solves this issue.
A variety of social platforms are welcome to operate as DAPPs in the ecosystem of the TTC Protocol. DAPPs within the ecosystem include mainstream social networking services such as personal life sharing platforms, photo sharing communities, video sharing communities, and live streaming platforms.
TTC was built on the ERC-20 token standard to incentivize different participants in the ecosystem of the TTC Protocol. The TTC Protocol applies the user-oriented account system, which distinguishes external owner accounts and smart contract accounts. TTC Protocol allows one private key to correspond with multiple addresses, and also supports the authority transfer of the address owner.
TTC supports cross-chain, namely, it uses a distributed private key control protocol. Since it supports cross chain asset transfer and mortgage, Oracle, multi-token smart contracts, and it will not suffer from “51% attacks.”
Official Go implementation of TTC – https://github.com/TTCECO/gttc
gttc – is golang implementation of the TTC protocol. It requires go (1.9x and 1.10x) and gcc.
Get the latest release of gttc:
Unzip downloaded archive:
Add folder to PATH:
Run node in testnet:
To turn API run:
Test the API:
gttc is based on geth, so API calls are identical.
The most evident way to test the node is trying to send some malicious or wrong data into API. I’ve decided to use BurpSuite with its intruder and fuzzing wordlists from https://github.com/danielmiessler/SecLists.
I used a wordlist with Unicode characters with “eth_sendRawTransaction” method and got the following response:
An attacker can send a GetBlockHeadersMsg request in LES subprotocol with malicious parameters to attack any remote node and make it crash. This bug was found in geth right up to v1.8.10 and it was fixed in v1.8.11 by validating user input and skipping overflow in GetBlockHeadersMsg handler. As soon as gttc is using geth v1.8.9 I decided to try this vulnerability. The bug was reported and marked as CVE-2018–12018. The exploit to this CVE is attached in the description, but it doesn’t work now. So I decided to write a new one for gttc.
You can find the script on the github repository. To run the exploit you need to know enode of the target node.
The error message on the target node:
Now you know what is TTC, how it can be used, its main concepts and technical details. Also, we’ve covered TTC’s node installation and API usage. Now you can start bug hunting on the TTC public bug bounty program on HackenProof. You can try another inputs and methods to break nodes or you can find your own way to find a bug. Mind you, the HackenProof team is constantly writing “How to hack” articles about blockchain based products. If you are interested in bug hunting on blockchain based products you should check out the following posts How to hack VeChainThor and How to hack Smart Contracts. Stay tuned – more useful content is coming your way!