One of the critical issues standing at the front position amongst the top 10 vulnerabilities of 2021 by OWASP is, Broken access control affects more than 90% of applications within their dataset.
In the context of a smart contract, the concept of access control, or “who is permitted to perform a specific task,” is critical.
The access control in your contract may determine who can issue tokens, vote on initiatives, halt transfers, and so on. These flaws result from unsafe coding or implementation of authentication and authorization systems.
This blog will focus on several aspects revolving around broken access control and ways to protect your smart contracts from access control attacks.
What is Broken Access Control?
Table of Contents
- 1 What is Broken Access Control?
- 2 How Does Broken Access Control Vulnerability Work?
- 3 Examples of Broken Access Control Vulnerabilities
- 4 How can Access Control Attacks harm Smart Contracts?
- 5 How to Protect a Smart Contract from an Access Control Attack?
- 6 How to Prevent Broken Access Attacks?
- 7 Sum Up
Broken access control occurs when incorrectly configured access permissions allow attackers to access, modify, or delete data and accounts to which they shouldn’t have had access in the first place.
Access control requires consideration of various factors while implementing authentication into web applications. These include account recovery controls, password reset controls, account permissions, and session management.
How Does Broken Access Control Vulnerability Work?
Before getting onto the working of access control vulnerabilities, let us first look at these vulnerabilities.
Types of Broken Access Control Vulnerabilities
Access control is meant to control a non- or a lower privileged user to access the higher privileged mechanisms or functions that lie outside its intended permissions.
Access control vulnerabilities can be split into two categories:
- Horizontal privilege escalation
It happens when a user with the same permissions level can perform an action or access data.
- Vertical privilege escalation
It happens when a user can undertake an action or access information that includes access beyond what their role allows.
Moving on to the working of broken access control vulnerability impeding a smart contract’s security.
Following are the different ways broken access control can enter into the security domain of your Web3.0 application.
- Accessing API with missing POST, PUT, and DELETE access controls
- Privilege elevation. Acting as a user while not logged in, or acting as an administrator while logged in as a user.
- As an unauthenticated user, force browsing to authenticated or privileged pages being only a standard user.
- Circumventing access control checks by altering the URL (parameter tampering or force browsing), the internal state of the application, the HTML page, or by modifying API requests with an attack tool.
- Viewing or editing someone else’s account by providing its unique identifier is a condition of horizontal access escalation.
Examples of Broken Access Control Vulnerabilities
One of the most common vulnerabilities of Web2.0 space initially has now made inroads into the Web3.0 domain as well.
Let us understand the broken access control bug through an example.
In the code given above, there is no access barrier allowing any user to access the public virtual function. This makes the program vulnerable to malicious attackers.
Solution Using Modifier
Now, here only admin, a modifier, has been put to work, which sieves out the malicious attackers, allowing access only to the authorized users.
How can Access Control Attacks harm Smart Contracts?
The second largest scam in the history of the Ethereum network happened due to the exploitation of access control. Here, an access control bug was detected on the Parity Multisig Wallet (Ver 1.5+), which allowed hackers to steal over 150,000 ETH (~30M USD).
Access controls are a primary means of improving smart contract security. Appropriately implemented controls determine who can manipulate data within the contract and handle other administrative functions. Access controls may even restrict who is allowed to interact with the contract. A Web3.0 company that uses smart contracts for shareholder votes will only allow access to members on an approved list.
Recommended: 10 Key Smart Contract Vulnerabilities
How to Protect a Smart Contract from an Access Control Attack?
Access control can undoubtedly breach a smart contract’s security by allowing access to unauthorized users. As has been explained through an example above is one such methodology for preventing broken access.
Let’s discuss the modifier and other solutions to prevent broken access attacks.
How to Prevent Broken Access Attacks?
- Use modifiers for access checks
The code in a modifier is executed before the function body. As a result, any changes to the state or external calls infringe the verification-effect- design pattern.
- Use access control library: for example, openZapplin’s library.
The technique of extracting logic into a shared library enhances code reusability while lowering the transactional gas price.
- Smart contract Auditing, primarily manual auditing
Access control errors are usually related to code logic, and deploying static auditing tools could be of little use in making the required amendment.
Security concerns are paramount in any online platform or software product. The majority of blockchain transactions involve money in the form of digital assets, and many involve private information. While the nature of blockchain technology makes attacks more complex, it is not immune.
Hence, it is imperative to cover the extra mile to secure your smart contract from being bait to the attackers. A smart contract audit is thus a quintessential addition to your project deployment process to ensure your blockchain security is intact.