ethdo is a command-line tool for Ethereum 2.0 that includes key management. Because of the criticality of ensuring that key management is strong, ethdo underwent an audit with Least Authority in November 2020. This article discusses the purpose of the audit, its findings, and the previous and on-going remediation efforts.
ethdo is a general-purpose command-line tool, however many of its operations are powered by a number of underlying modules that exist as independent pieces of software. Critically, all of the cryptography and key management is in a number of these modules.
Both ethdo and the underlying modules are used in software used with Ethereum 2.0, so the correct functioning of these modules is of importance. As such, although the audit was nominally for ethdo the audit covered these modules as well.
The audit was carried out over October 2020 and November 2020. It focused on a number of areas, including:
correctness of the implementation;
common and case-specific implementation errors;
random number generation (HD seeds, ND private keys);
creation of hierarchical deterministic accounts from a well-known seed are protected against relevant test vectors;
key management: secure private key storage and proper management of encryption and signing keys;
adherence to the Ethereum 2.0 specification regarding generation of deposit data (each individual component of the deposit);
attacks that impacts funds, such as the draining or the manipulation of funds;
mismanagement of funds via transactions;
adversarial actions and protection against malicious attacks;
vulnerabilities within each component as well as secure interaction with related components;
denial of Service (DOS) attacks;
protection against malicious attacks and other methods of exploitation;
inappropriate permissions and excess authority; and
data privacy, data leaking, and information integrity.
The audit was carried out using a mix of static analysis tools and manual inspection.
The full report is available, however it provided two key findings.
Issue A: Scrypt parameters are swapped
This issue was related to the low-level cryptographic functions that were used to encrypt keys on-disk. From the audit report:
While p = 8 is harmless, r = 1 would result in making the Key Derivation Function (KDF) weak. The parameter r is directly proportional to the width of the innermost core hash function’s width and also determines the iteration count of the core hash function. The memory usage and CPU time is directly proportional to r. As a result, making r small increases the Scrypt’s weakness.
Obviously, a lower-than expected strength in the encryption of the key was not desirable. The remediation here was to ensure the correct parameters had the correct value, which took place immediately.
Issue B: Using unencrypted connection to Ethereum endpoint
This issue was related to potentially leaking information over public networks by communicating with Ethereum endpoints over unencrypted connections. From the audit report:
This leaves some of the beacon chain communications with the Ethereum network vulnerable to man-in-the-middle (MITM) attacks, thus exposing data to unintended receivers.
This was a slightly more complex remediation, due to the nature of the current Ethereum endpoints. Ethereum 2.0 endpoints are, in general, unencrypted and proprietary. However, there has recently been a move to a standard HTTP-based API. The benefit of using HTTP is that it is easy to place an HTTPS reverse proxy in front of the endpoint, or to incorporate TLS directly in to the server. One of the modules that ethdo uses, go-eth2-client, was upgraded to allow connections to HTTPS endpoints. In addition, any attempt to connect to a remote Ethereum endpoint would results in a warning message.
In addition to the issues, a number of suggestions were made. Some of these were easily addressed (e.g. “warn users choosing weak passphrases”), others resulted in on-going changes to the development process (e.g. “explore the use of property-based tests”). These were commonly broader items that improve the user experience, or the reliability and maintainability of the codebase, rather than fix a security-related issue, but were equally valuable in ensuring that best practice is followed and the latest methodologies used appropriately.
Audits are an important part of any software’s lifecycle. They bring an outsider’s eye to code that is commonly only looked at by a handful of people, and a focus on security that rarely fails to find issues that need to be resolved. This one was no different, and the benefits from it will be felt across the Ethereum community. The combination of point issues and long-term suggestions provides both immediate and on-going value, and provides
My personal thanks go to Ram, Jehad, Jessie and the entire Least Authority team for a professional and thorough audit.