Breakpoint 2023: Riverguard - Fishing for Loss of Funds in the Stream of Solana Transactions

Summary

At Breakpoint 2023, the co-founders of NEODYME introduced Riverguard, an innovative security tool designed to fish out bugs and vulnerabilities within Solana's blockchain transactions. Addressing the common issue of loss of funds due to exploits, the NEODYME team, led by Thomas Lambert and Nico Grundel, detailed their proactive methodology to safeguard all contracts on the Solana network, including closed-source contracts. This presentation showcases how, despite limited resources, the NEODYME team aims to automate the search and mitigation of simple, yet significant, security flaws, thus fostering a more robust and reliable ecosystem.

Key Points:

The Premise of Riverguard

Riverguard is an automated security tool that operates by mimicking the actions of a hacker to spot vulnerabilities in smart contracts on the Solana network. By conducting black box testing on the network's smart contracts without utilizing the source code, Riverguard can detect potentially exploitable bugs by observing and mutating the transactions that run on the Solana validator. The genesis of Riverguard is rooted in the understanding that while some hacks are complex, many exploits result from simple oversights that are surprisingly uncomplicated to enact. Through automation, Riverguard strives to protect all contracts on Solana, not just the ones being reviewed manually.

Technical Underpinnings and Impact

Riverguard utilizes a patched Solana validator to simulate transactions, analyzing the resulting changes to detect irregularities. Data, filtered through Kafka and managed via a Redis cache, is processed by a network of workers that identify and mutate transactions, often highlighting vulnerabilities that could be exploited by malicious actors. The effectiveness of Riverguard is underscored by its track record, with 19 confirmed and fixed bugs to its credit since its inception. This achievement was enabled through financial support in the form of a grant from the Solana Foundation.

Challenges and Solutions

Fishing out the right data from the vast stream of Solana transactions presents a significant challenge; millions of transactions, many of which are from arbitrage bots, produce gigabytes of data per second. The many false positives generated due to inconsistency in transactions further complicate the identification process. However, the NEODYME team shared a detailed case study—Solzhen's 11, a Solana casino heist—to illustrate how these challenges can be turned into actionable intelligence that safeguards the network's integrity.

Facts + Figures

• Riverguard is a security tool aimed at identifying and preventing the loss of funds through exploits on the Solana network.
• The NEODYME team, consisting of six people, highlights the difficulty in manually reviewing all smart contracts.
• Riverguard automates the process of spotting simple bugs by simulating and mutating Solana transactions.
• Riverguard does not require access to the source code to identify potential vulnerabilities.
• Solana Foundation granted financial support to NEODYME, which has aided Riverguard's development.
• The NEODYME team has confirmed and fixed 19 bugs with the help of Riverguard.
• Riverguard manages gigabytes of data per second through Kafka and a Redis cache.
• The case study Solzhen's 11 depicted the discovery and reporting of a bug in a casino platform on Solana that was fixed post-disclosure.
• Manual triage is still required as Riverguard has a 50% false positive rate.
• NEODYME encourages smart contract developers to implement the security TXT standard to ease communication and bug reporting processes.

Top quotes

• "Every bug is a bug that is not caught in time."
• "We want to think like a hacker and basically do black box testing on all of the smart contracts currently out there."
• "Riverguard is really intended to be this first line of defense for all Solana contracts."
• "We were able to build this completely free for everyone because we had a Solana Foundation grant."
• "The findings in Riverguard are only really starting points."
• "The false positives really need to be ruled out."
• "Please prove it first. Otherwise, it's a normal transaction."
• "This whole story just shows how the findings in Riverguard are only really starting points."
• "We protected over $1 million from this bug alone."
• "Thank you all for helping us make the ecosystem more secure."

Questions Answered

What is Riverguard?

Riverguard is an automated tool developed by NEODYME, designed to detect and prevent exploitative bugs within the Solana blockchain by simulating and mutating transactions to spot vulnerabilities. It's a proactive security measure that does not rely on the source code of the contracts it evaluates.

Why is Riverguard important for the Solana ecosystem?

Riverguard is important because it serves as a first line of defense against potential security breaches that could lead to the loss of funds across the Solana network. With its automated system, Riverguard can keep pace with the vast number of daily transactions to protect against simple but harmful exploits.

How does Riverguard operate without source code?

Riverguard functions by engaging with Solana transactions as a hacker would—interacting, mutating, and analyzing them. It relies on observing the on-chain transactions and their outcomes to identify suspicious patterns indicative of vulnerabilities.

Can Riverguard detect all types of bugs?

While Riverguard is adept at detecting simple bugs, more complex ones may require other methods such as fuzzing and formal verification. The tool's current focus is on automating the detection of simpler exploits frequently overlooked but still impactful.

What are the challenges associated with using Riverguard?

One primary challenge is managing and sifting through the massive transaction data on the Solana network. Additionally, there is a 50% false positive rate which necessitates manual triage to verify the legitimacy of potential vulnerabilities.

What was the significance of the case study “Solzhen's 11”?

The "Solzhen's 11" case illustrated Riverguard's practical application by uncovering an actual bug in a Solana-based casino. This real-world example showed how the tool could identify and enable the fix of a vulnerability that might have been exploited for financial gain.

How does Riverguard contribute to the overall cybersecurity landscape of blockchain?

Riverguard enhances the cybersecurity of the Solana blockchain by automated monitoring for vulnerabilities that could be exploited. This tool helps create a safer ecosystem, fostering trust and encouraging wider adoption of blockchain technology.