Security assesment

Name	Patrik Maly
School	FIT CVUT
Course	NIE-BLO
Course Year	B231
## Index

• Index
• Executive Summary of the D21 Voting Contract
  • Overview
  • Key Findings
  • Implications
  • Recommendations
  • Conclusion
• System overview
  • D21 Contract
    • Registries
    • Sequence of operations
  • Actors
    • Contract Owner
    • Voters
    • Subjects (e.g., Political Parties)
• Trust Model
• Security Methodology
• Tool-Based Analysis Findings
• Manual Code Review Findings
• Fuzz Testing Summary
• Overview of Test Findings
  • Fuzz Testing
  • Manual Code Review
  • Tool-Based Analysis

Executive Summary of the D21 Voting Contract

Overview

This security assessment focused on evaluating the D21 voting system, a blockchain-based platform designed to implement the D21 voting method. The assessment encompassed various testing methodologies to ensure a thorough evaluation of the system's security, functionality, and user experience.

Key Findings

1. Fuzz Testing: The system successfully passed fuzz testing, showing resilience to a wide range of inputs and scenarios. No vulnerabilities or errors were detected.

2. Manual Code Review: Revealed two areas for potential improvement:

   • The getRemainingTime function's return value could be misinterpreted when voting has not started.
   • The getResults function lists subjects with zero votes before the voting begins, which might cause confusion.

3. Tool-Based Analysis: Identified a high-severity warning about an unchecked return value in the sorting function, underscoring the need for robust error handling.

Implications

• The system demonstrates robustness and reliability in handling complex voting scenarios, as evidenced by the successful fuzz testing.
• The manual code review's findings suggest a need for slight modifications to improve user clarity and prevent potential misunderstandings.
• The tool-based analysis points to a critical area in error handling that requires attention to ensure system stability and integrity.

Recommendations

• Code Refinement: Address the issues identified in the manual code review to enhance user experience and clarity.
• Error Handling: Modify the code to handle the unchecked return value, reinforcing the system's resilience to errors.

Conclusion

Overall, the D21 voting system exhibits a strong foundation in security and functionality. The identified issues are not indicative of fundamental flaws but rather areas for refinement.

System overview

D21 Contract

The D21 contract manages subjects and voters, it handles registration, voting, and vote counting. The contract enforces rules, manages access, and sorts results.

Registries

• Subject: Stores voting entities such as political parties, including their names and vote counts.
• Voter: Manages information about individual voters, including their voting status and remaining votes.

Sequence of operations

1. Initialization:

2. Deploy Contract: The contract is deployed, initializing the system and setting the contract owner.

3. Setup Phase:

4. Register Subjects (addSubject): Subjects (e.g., political parties) are added to the system.

5. Register Voters (addVoter): Eligible voters are registered by the contract owner.

6. Voting Phase Initiation:

7. Start Voting (startVoting): The contract owner initiates the voting period. This sets the voting period's start and end times.

8. During Voting Phase:

9. Voters Cast Votes:

   • Positive Votes (votePositive): Registered voters cast positive votes for their chosen subjects.
   • Negative Votes (voteNegative): Voters also cast negative votes, following the specific rules of the D21 method.

10. End of Voting Phase:

11. The voting period automatically concludes based on the pre-set end time.

12. Results Compilation:

13. Retrieve Results (getResults): After the voting period ends, the results are compiled, sorted, and can be retrieved to see the final vote counts for each subject.

Actors

Contract Owner

• Role: Typically the deployer of the contract.
• Responsibilities:
  • Initiates and concludes the voting period.
  • Manages voter registration and other administrative tasks.
  • Enforces overall control over the contract’s critical functions.

Voters

• Role: Users who participate in the voting process.
• Capabilities:
  • Cast a limited number of positive and negative votes for different subjects.
  • Interact with the contract during the designated voting period.

Subjects (e.g., Political Parties)

• Role: Entities that are the focus of the voting process.
• Details:
  • Registered in the system by users.
  • Represented in the contract through the Subject struct.
  • Subject to voting by registered voters.

Trust Model

The trust model in the D21 voting system is based on clearly defined roles and the smart contract's ca pabilities to enforce rules:

• Contract Owner: Holds significant control with responsibilities like deploying the contract, registering voters, and managing voting phases. This centralizes trust in the owner for key administrative actions.

• Automated Rule Enforcement: The contract enforces voting rules such as vote limits and voting periods. This eliminates the need for trust in individual voter integrity regarding these rules.

• Transparency and Accountability: Actions taken by voters and the owner are transparent and permanently recorded on the blockchain, ensuring accountability.

Security Methodology

Here are the key components for assessing the D21 voting system integrity, reliability, and security

1. Code Review and Analysis:
2. Manual Code Review: In-depth examination of the Solidity code for logical errors, security vulnerabilities, and adherence to best practices.

3. Automated Code Analysis: Utilization ofwake testing framework to automatically detect common vulnerabilities and code smells.

4. Tool-Based Analysis:

5. Static Analysis: Employing static analysis tools (wake) to scrutinize the code without executing it, identifying potential security flaws.

6. Local Deployment and Testing:

7. Test Environment Setup: Deploying the contract in a controlled, local blockchain environment.

8. Functional Testing: Ensuring all functionalities work as intended and meet the specified requirements.

9. Security Fuzz Testing:

10. Implementing fuzz testing to input a wide range of invalid, unexpected, or random data to the contract and observe its behavior, identifying potential security issues.

Tool-Based Analysis Findings

During the tool-based analysis of the D21 voting system using the wake framework, a warning of high significance was detected:

• Unchecked Return Value Warning:
  • Context: In the function where sorting of subjects is performed (sort(subjects); line 200).
  • Warning Details: The return value of the sort function call is not checked.
  • Implication: This could potentially lead to unexpected behavior if the sorting function fails or behaves unexpectedly. Unchecked return values are often points where errors can propagate silently.

Manual Code Review Findings

During the manual code review of the D21 voting system, two notable observations were made:

1. Remaining Time Query Before Voting Start:
2. The function getRemainingTime returns 0 when queried before the voting period has started.

3. This behavior could be potentially misleading as it might be interpreted as 'no time left for voting' rather than 'voting not started.'

4. Results Retrieval Before Voting Commences:

5. When getResults is called before the start of the voting period, it returns a list of subjects with zero votes.
6. This could be unexpected since the voting hasn't commenced and no votes have been cast yet. Typically, a function like this might be expected to either return an empty list or indicate that voting hasn't started.

These observations are not necessarily bugs, but they highlight areas where the system's response might be counterintuitive or unclear to users.

Fuzz Testing Summary

The fuzz testing of the D21 voting system was completed successfully. The script tested various functions, including voter registration, voting, and result sorting. No errors or issues were found, indicating the system's resilience to diverse input scenarios and its adherence to the defined voting rules.

Overview of Test Findings

Fuzz Testing

• Outcome: Successfully completed with no errors or vulnerabilities found.
• Implication: Indicates the system's robust handling of diverse and unexpected input scenarios, adhering to the defined voting rules.

Manual Code Review

• Observations:
  • getRemainingTime returns 0 when voting hasn't started, which might be misleading.
  • getResults provides a list of subjects with zero votes even before voting begins, potentially causing confusion.
• Implication: These are not bugs but areas where user experience might be improved for clarity.

Tool-Based Analysis

• Warning Detected:
  • Unchecked return value in the sorting function.
• Implication: Highlights the need for diligent error handling and checking return values to prevent silent failures or unexpected behavior.