Scribd
Upload
44 views28 pages

Cairo 101

This document discusses 7 potential sources of vulnerabilities in the Cairo programming language: 1) arithmetic issues like overflows and finite fields, 2) under constrained execution, 3) unexpected syscall behavior, 4) low-level memory access, 5) storage variable mapping, 6) accidental imports, and 7) regular DeFi hacks like flash loans and market manipulation. It notes that finite fields can behave unexpectedly, the prover has too much freedom in under constrained programs, and documentation on syscalls may be incomplete. It recommends avoiding direct use of the AP register or pointer arithmetic. The document also mentions that storage variables are mapped based on name and imports adopt the entire interface. It concludes by providing contact information to reach out for Cairo audits

Uploaded by

isnull
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
44 views28 pages

Cairo 101

This document discusses 7 potential sources of vulnerabilities in the Cairo programming language: 1) arithmetic issues like overflows and finite fields, 2) under constrained execution, 3) unexpected syscall behavior, 4) low-level memory access, 5) storage variable mapping, 6) accidental imports, and 7) regular DeFi hacks like flash loans and market manipulation. It notes that finite fields can behave unexpectedly, the prover has too much freedom in under constrained programs, and documentation on syscalls may be incomplete. It recommends avoiding direct use of the AP register or pointer arithmetic. The document also mentions that storage variables are mapped based on name and imports adopt the entire interface. It concludes by providing contact information to reach out for Cairo audits

Uploaded by

isnull
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 28

Joran Honig

Cairo Security 101


Verifiable Execution !=
Verified Code
Young Language!
7 Sources of Vulnerabilities
That you should probably keep in mind!
Language
1 - Arithmetic
● Overflows / Under Flows
● Finite Fields
● mod P

Finite Fields are Weird
● (N * 2) % 2 != 0

Finite Fields ● 7/3>7


are super weird!
2 - Under Constrained Execution
● Cairo is not an imperative language!
● It’s a language of constraints
● The prover “comes up with” a trace that fits
the program
Constraints
Constraints - Cont
Hints
● The prover gets to choose!
● The might have too much room to chose.
DictAccess
● List of updates
● Empty update = update where the prover can
pick
● Accidental + DictAccess.SIZE -> free write
3 - Syscalls with Undocumented /
Unexpected Behaviour
● Do you know the edgecases of all syscalls?
Signature Checking
Limitation of Knowledge
● Documentation
4 - Low Level Memory Access
● Difficult to exploit
● Easy to mess up

● Rule of thumb:
○ Don’t use the AP register
○ Use the standard library instead of
pointer arithmetic
StarkNet
5 - Storage Variable Mapping
● The storage location is based on the variable
name.

● Same Name -> Same Variable


6 - Accidental Imports
● You adopt all imports into your own
interface
● Imagine you accidentally import initialize()
Domain
cons
ensy
s. g ithub
7 - Regular DeFi Hacks .io/sm
art-c
ontra
ct-be
st -prac
tices
/
● Flash Loans
● Market Manipulation
● Frontrunning
● Re-entrancy
● Uninitialized contracts
● etc.
Damn Vulnerable ERC20 Cairo

Check out my twitter account:


@JoranHonig
Summary
Language Starknet Domain
1. arithmetic 1. Storage 1. DeFi
2. under Variable
constrained 2. Accidental
3. syscalls Imports
4. low-level
Fin
Connect with me @JoranHonig

Looking for Cairo audits?

Reach out to us: consensys.net/diligence/contact

You might also like