Full Report
Curvance appears to be a lending and borrowing protocol. In order to ensure their protocol was secure, they asked Trail of Bits to write a large amount of fuzz tests for their project. This included raw fuzzing looking for crashes and also invariant fuzzing to ensure that the protocol works as intended. What are invariants? They are core properties of the system that should always hold true. I felt that the invariants for this went more into the actual functionality as opposed to high level invariants, but that is just semantics. As an example, "Calls to createLock with an amount value less than WAD fail" for the VeCVE functional invariants. Many of the invariants were extremely specific to the functionality. It felt like "what would be bad if XXX went wrong". So, once the invariants were hooked into the Echidna fuzzer with a sufficient harness, they let it go to work. They found 12 unique bugs from this, including a few fairly catastrophic vulnerabilities. To me, the main reason this works is that the validations for specific pieces of functionality were so specific. People think fuzzing is the easy way, which really isn't the case. The report notes that there are some limitations with this setup though. Oracle prices, and external token interactions are good example of large state explosion if not properly restricted. So, they had to really simplify this setup to make the fuzzing work. Overall, a good reference for writing deep invariants in order to find deep bugs!
Analysis Summary
As a malware analyst and TTPs specialist, I have analyzed the context provided regarding the security assessment of the Curvance lending and borrowing protocol by Trail of Bits. The focus is on the tools, techniques, and procedures used for finding vulnerabilities, specifically through advanced fuzz testing and invariant development.
# Tool/Technique: Echidna
## Overview
Echidna is a property-based fuzzer specifically designed for Ethereum smart contracts. Its purpose is to automatically generate inputs to falsify assertions (invariants) embedded within the contract code, helping uncover logic errors and vulnerabilities.
## Technical Details
- Type: Tool (Fuzzing Framework)
- Platform: Ethereum Smart Contracts (Solidity/EVM)
- Capabilities: Property-based fuzzing, assertion falsification, exploration mode, focused assertion mode with high iteration counts (up to 100 billion).
- First Seen: Not explicitly mentioned in the context, but known to be an established tool by Trail of Bits.
## MITRE ATT&CK Mapping
The techniques described are defensive/testing methodologies rather than offensive malware techniques. However, the analysis itself relates to identifying gaps that attackers (Threat Actors leveraging **Adversarial Tactics**) might exploit.
- **T1480.001 - Execution: Trial and Error: Exploit Assessment** (Applicable as this process *is* organized exploit assessment)
- Identifying weaknesses through iterative testing.
## Functionality
### Core Capabilities
- Falsifying assertions (invariants) written into the smart contract code.
- Operating in an "exploration mode" for broad codebase coverage.
- Running in an "assertion mode" for intensive, focused testing (e.g., 10 million to 100 billion iterations).
- Used to uncover deep bugs based on highly specific functional properties.
### Advanced Features
- Integration with external tools like CloudExec for deploying long fuzzing jobs.
- State preservation enhancements resulting from deployment challenges during the Curvance engagement.
- Capability to use corpus data for iterative testing.
## Indicators of Compromise
N/A (This is a defensive testing tool, not malware.)
## Associated Threat Actors
N/A (Trail of Bits and Curvance)
## Detection Methods
N/A (This tool is used for proactive detection of vulnerabilities.)
## Mitigation Strategies
- Implementing rigorous invariant-based fuzzing alongside traditional testing.
- Ensuring invariants are highly specific to core system properties (as demonstrated by the Curvance case).
- Continuous testing, as code evolves (stateful fuzzing).
## Related Tools/Techniques
- Medusa (Experimental `geth`-based fuzzer used alongside Echidna).
- CloudExec (Tool used for deploying long fuzzing jobs).
---
# Tool/Technique: Medusa
## Overview
Medusa is an experimental fuzzer built upon `geth` (Go Ethereum client). It is used to complement Echidna's coverage efforts by testing invariants on Ethereum contracts, often finding bugs missed by other tools.
## Technical Details
- Type: Tool (Fuzzing Framework)
- Platform: Ethereum Smart Contracts (EVM)
- Capabilities: Fuzzing execution complementing Echidna, capability to find bugs missed by other fuzzers. Required bug fixes (OOM) for effective use in this engagement.
- First Seen: Not explicitly detailed.
## MITRE ATT&CK Mapping
N/A (Defensive testing tool)
## Functionality
### Core Capabilities
- Falsifying invariants on target smart contracts.
- Providing complementary coverage to property-based fuzzers like Echidna.
### Advanced Features
- Being `geth`-based allows for specific execution characteristics.
- Improvements to the tool (e.g., fixing an out-of-memory bug) were driven by this engagement to maximize coverage.
## Indicators of Compromise
N/A
## Associated Threat Actors
N/A
## Detection Methods
N/A
## Mitigation Strategies
- Utilizing diverse fuzzer types (like Medusa and Echidna) to maximize test path exploration.
- Maintaining and updating fuzzer tools to address known bugs (e.g., OOM errors).
## Related Tools/Techniques
- Echidna
- CloudExec
---
# Technique: Invariant Development and Falsification
## Overview
The central technique employed was **Invariant Development**, which involves meticulously defining "core properties of the system that should always hold true" and then using fuzzers (like Echidna and Medusa) to actively try and violate (falsify) these invariants. This process moves beyond simple unit testing to validate deep, complex functional logic.
## Technical Details
- Type: Technique (Security Testing and Validation)
- Platform: Smart Contract Codebase (Curvance Protocol)
- Capabilities: Identifying unexpected state transitions, finding catastrophic vulnerabilities by testing highly specific functional constraints, exposing flaws in existing test suites (e.g., unit tests checking incorrect postconditions).
- First Seen: In practice for Trail of Bits for six years, but this engagement was their first *official* invariant development project.
## MITRE ATT&CK Mapping
This technique strongly aligns with proactive security analysis used by defenders to prevent exploitation.
- **T1556.003 - Credential Access: Brute Force: Password Guessing** (Indirect parallelism: Fuzzing is systematic, high-volume trial-and-error against logic gates, similar to brute-forcing credentials, but for state validation.)
- **T1480.001 - Execution: Trial and Error: Exploit Assessment** (Directly applicable as the goal is systematic failure testing.)
## Functionality
### Core Capabilities
- Translating in-depth knowledge of codebase functionality into precise, executable properties.
- Finding functionally critical bugs that evade standard testing methods (12 unique bugs found, including catastrophic ones).
- Dealing with state explosion limitations by simplifying inputs related to external data (e.g., oracle prices).
### Advanced Features
- Developing "deep invariants" that mirror "what would be bad if XXX went wrong," targeting specific failure modes.
- Uncovering reliance on incorrect postconditions in existing unit tests, leading to false security assurances.
## Indicators of Compromise
N/A
## Associated Threat Actors
N/A
## Detection Methods
The *failure* of invariants during fuzzing serves as the primary indicator of a vulnerability.
## Mitigation Strategies
- Prioritizing testing efforts on functional invariants rather than overly general ones, especially when specificity drives success.
- Recognizing the limitations of fuzzing in complex systems with large state spaces (e.g., external oracle dependencies) and adjusting the testing harness accordingly.
## Related Tools/Techniques
- Property-Based Testing (General concept)
- Fuzzing (General technique)