区块链论文速读C会-PETS 2024 基于TEE的智能合约平台有什么隐私漏洞？-EW帮帮网

Conference：annual Privacy Enhancing Technologies Symposium (PETS)
CCF level：CCF C
Categories：network and information security
Year：2024
Conference time：July 15–20, 2024

Title:

SGXonerated:Finding (and Partially Fixing) Privacy Flaws in TEE-based Smart Contract Platforms Without Breaking the TEE

SGXonerated：在不破坏 TEE 的情况下查找（并部分修复）基于 TEE 的智能合约平台中的隐私漏洞

Authors:

Key words:

blockchain, Trusted Execution Environment, TEE, Intel SGX, smart contract

区块链，可信执行环境，TEE，英特尔SGX，智能合约

Abstract:

TEE-based smart contracts are an emerging blockchain architecture, offering fully programmable privacy with better performance than alternatives like secure multiparty computation. They can also support compatibility with existing smart contract languages, such that existing (plaintext) applications can be readily ported, picking up privacy enhancements automatically. While previous analysis of TEE-based smart contracts have focused on failures of TEE itself, we asked whether other aspects might be understudied. We focused on state consistency, a concern area highlighted by Li et al., as well as new concerns including access pattern leakage and software upgrade mechanisms. We carried out a code review of a cohort of four TEE-based smart contract platforms. These include Secret Network, the first to market with in-use applications, as well as Oasis, Phala, and Obscuro, which have at least released public test networks.

The first and most broadly applicable result is that access pattern leakage occurs when handling persistent contract storage. On Secret Network, its fine-grained access pattern is catastrophic for the transaction privacy of SNIP-20 tokens. If ERC-20 tokens were naively ported to Oasis they would be similarly vulnerable; the others in the cohort leak coarse-grained information at approximately the page level (4 kilobytes). Improving and characterizing this will require adopting techniques from ORAMs or encrypted databases.

Second, the importance of state consistency has been underappreciated, in part because exploiting such vulnerabilities is thought to be impractical. We show they are fully practical by building a proof-of-concept tool that breaks all advertised privacy properties of SNIP-20 tokens, able to query the balance of individual accounts and the token amount of each transfer. We additionally demonstrate MEV attacks against the Sienna Swap application. As a final consequence of lacking state consistency, the developers have inadvertently introduced a decryption backdoor through their software upgrade process. We have helped the Secret developers mitigate this through a coordinated vulnerability disclosure, after which their state consistency should be roughly on par with the rest.

基于 TEE 的智能合约是一种新兴的区块链架构，提供完全可编程的隐私，性能优于安全多方计算等替代方案。它们还可以支持与现有智能合约语言的兼容性，这样现有（纯文本）应用程序就可以轻松移植，自动获得隐私增强功能。虽然之前对基于 TEE 的智能合约的分析主要集中在 TEE 本身的故障上，但我们询问了其他方面是否可能研究不足。我们专注于状态一致性，这是 Li 等人强调的一个关注领域，以及包括访问模式泄漏和软件升级机制在内的新问题。我们对四个基于 TEE 的智能合约平台进行了代码审查。其中包括第一个推出在用应用程序的 Secret Network，以及至少发布了公共测试网络的 Oasis、Phala 和 Obscuro。

第一个也是最广泛适用的结果是，在处理持久化合约存储时会发生访问模式泄漏。在 Secret Network 上，其细粒度的访问模式对 SNIP-20 代币的交易隐私来说是灾难性的。如果 ERC-20 代币被天真地移植到 Oasis，它们也会同样脆弱；该群组中的其他代币会泄露大约页面级别（4 千字节）的粗粒度信息。改进和描述这一点需要采用 ORAM 或加密数据库的技术。

其次，状态一致性的重要性一直被低估，部分原因是利用此类漏洞被认为是不切实际的。我们通过构建一个概念验证工具来证明它们是完全实用的，该工具可以打破 SNIP-20 代币所有宣传的隐私属性，能够查询个人账户的余额和每次转账的代币金额。我们还演示了针对 Sienna Swap 应用程序的 MEV 攻击。由于缺乏状态一致性，开发人员在软件升级过程中无意中引入了解密后门。我们通过协调漏洞披露帮助 Secret 开发人员缓解了这个问题，之后他们的状态一致性应该大致与其他人相当。

基于 TEE 的智能合约是一种颇具吸引力的解决方案。与零知识证明 (ZKP) 和安全多方计算 (MPC) 等纯加密方法相比，可信执行环境 (TEE)（尤其是 Intel SGX）效率更高，而且表达能力更强，能够运行以太坊和 Cosmos 现有的智能合约应用程序。