Halborn Logo

// Disclosures

Halborn Cadence (Flow) Vulnerability Discovery


Introduction

Halborn security researcher Ferran Celades identified a vulnerability in the Secure Cadence update to Cadence during an audit engagement with Dapper Labs.  This vulnerability affected how the Flow blockchain managed resources.  Halborn has worked with Cadence to deploy an update that addressed the issue.

Description and Overview

Cadence, the Flow blockchain’s programming language, inappropriately allowed destroyed resources to be accessed and used.  The update enabled smart contracts to contain references to optional values.  When these optional values were used by a program, they were tested to see if they actually contained a value — i.e. were not nil — and were unwrapped to expose that value.

When resources were destroyed, references to that resource were not invalidated, making it possible to continue to access those resources via these references.  This issue, similar to a “use after free” vulnerability would inappropriately provide access to the memory allocated to the resource even after that memory might have been allocated to another variable.

pub resource R {
    pub var value: Int
    init(value: Int) {
        self.value = value
    }
    pub fun increment() {
        self.value = self.value + 1
    }
}
pub fun main(): Int {
    let resources <- {
        "r1": <-create R(value: 0)
    }
    let ref: &R? = &resources["r1"] as &R?
    destroy <-resources.remove(key: "r1")
    destroy resources
    ref!.increment()
    log(ref!.value)
    return 1
}

For Smart Contract Developers

Developer Guidance

This vulnerability affects smart contracts that were developed after the Secure Cadence update and that make use of optional values.  If a smart contract uses optional values and creates references to them, these references might not be appropriately cleared after a resource is destroyed.

Developer Mitigation

The Cadence interpreter has been updated to address the issue.  Upon creation of a reference, the type of the inner value is checked.  If the inner value is a resource, it is tracked throughout its lifetime, and, when the resource is destroyed, references to it are invalidated as well.

Have concerns, want to learn more, or have a bug you’d like to disclose? Please reach out to us at disclosures@halborn.com.

Halborn is hiring! If you’re someone who can help make our products and this industry more secure, consider joining our team.