Smart Contract / Transaction Order Dependence
Description
Transaction Order Dependence (TOD) is a type of vulnerability that occurs in certain types of smart contracts. Specifically, it describes a situation when smart contracts do not correctly handle re-ordered or concurrent transactions. The Common Weakness Enumeration (CWE) directory defines the vulnerability as “the software does not correctly handle reordered or concurrent transactions,” (CWE-721). According to the OWASP Testing Guide, TOD vulnerability is most relevant to smart contracts written in Solidity (SWC).
Risk
TOD vulnerability can lead to serious security issues if not identified and addressed. If two transactions are sent to a smart contract at the same time, the contract may not function as expected and the results may be unpredictable. This can lead to financial loss and other types of losses. As a result, it is important to ensure that the code is tested and validated to identify any potential TOD issues.
Solution
The best way to address TOD vulnerability is to ensure that the code of the smart contract is properly tested and validated. This should be done through a combination of manual and automated tests. In addition, it is important to use a secure coding standard, such as the Secure Coding Standard for Solidity, to ensure that all code is written in a secure manner to avoid any potential TOD issues.
Example
The following example of TOD vulnerability is taken from the CVE directory (CVE-2017-15550):
function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {
require(balances[_from] >= _value);
balances[_from] -= _value;
balances[_to] += _value;
emit Transfer(_from, _to, _value);
return true;
}
In this example, the transferFrom function is vulnerable to TOD because it does not check for re-ordered or concurrent transactions. If two transactions are sent to the contract at the same time, the second transaction may be processed before the first, resulting in incorrect balances.