monperrus · December 17, 2025 12:01
diff --git a/gistfile1.txt b/gistfile1.txt
 ---
 author: Martin Monperrus
 date: "KTH & mab.xyz"
 paging: "%d/%d"
 ---
 # Software Supply Chain Security of Web3

 ## **Martin Monperrus**  
 ### Professor, IEEE Fellow
 ### KTH Royal Institute of Technology & mab.xyz

 *Acknowledgments: Raphina Liu, Monica Jin, Javier Ron, Sofia Bobadilla, Benoit Baudry, and the CHAINS team*

 *Supported by: Knut and Alice Wallenberg Foundation, Swedish Foundation for Strategic Research, Ethereum Foundation*


 ---
 # Welcome to Web3
 ## The Stakes Are Different

 - **Web2**: Vulnerabilities → data breaches, service disruptions
 - **Web3**: Vulnerabilities → **irreversible financial losses**

 ### Notable Incidents
 - **$1.5B** Bybit exchange attack (Fev 2025)
 - **$120M** Balancer (Nov 2025)

 *When blockchain is your backend, there's no "undo" button*

 ---
 # Anatomy of a $1.5B Supply Chain Attack

 1. Compromised dev machine via spear phishing
 1. Compromised AWS bucket
 1. Compromised fronted for Gnosis Safe wallet interface
 1. Users presented with legitimate-looking transaction approval
 1. Wallet (multi)signed what appeared to be routine operation
 1. **Actual transaction**: Transfer $1.5B to attacker address

 ### Notes
 - ✓ No smart contract vulnerability
 - ✓ Passed all traditional security checks
 - ✓ Trust extends through entire dependency tree

 ---
 ## The Web3 Architecture Stack

 - Infra: Blockchain nodes & RPC endpoints
 - Backend: smart contract (Solidity)
 - Frontend: web applications (Javascript)
 - Wallet software (Javascript)

 Plus
 - Development tools & CI/CD
 - Hosting infrastructure

 ---
 ## What Makes Web3 Unique?
 ### 🔒 Immutability
 - Code can't be compromised
 - Also apply to frontend (IPFS)
 - Deployed contracts can't be patched
 - No hotfixes in minutes

 ### 🔍 Transparency
 - All code is public 
 - All exploits are public 
 - Attackers can study & simulate before exploiting
 - Security through obscurity is harder

 ---
 ## What Makes Web3 Unique? (2)
 ### ⚡ Finality
 - Transactions cannot be reversed (censorship resistance)
 - No customer support rollbacks
 - Direct theft in seconds

 ### 👤 Pseudonymity
 - Attribution can be difficult
 - Very strong privacy stack (mixing services)


 ---

 ## Threat Model: Who's Attacking? Jian Tan

 - **Nation-state actors**: Funding covert operations through Web3 exploits
 - **Organized cybercriminal groups**: Direct monetization through DeFi
 - **Smartest individual attackers**: Discovering and exploiting vulnerabilities

 *The tight attack-to-monetization loop creates unprecedented incentives*

 ### The most adversarial also makes it the most robust software architecture ever 

 ---
 ## Attack Vector #1: Blockchain Nodes

 ### Attack a distributed system through its dependencies

 ### Node Software Dependencies
 - Ethereum, Solana validators depend on hundreds of libraries
 - Compromise through account takeover, typosquatting, or build system attacks
 - Can manipulate consensus, relay, or state queries

 *Decentralized deployment != solo stakers != software diversity*

 See "The Multibillion Dollar Software Supply Chain of Ethereum "
 ---
 ## Attack Vector #2: Smart Contract Dependencies

 ### Pre-Deployment Library Attack
 - Malicious npm packages (e.g., compromised OpenZeppelin):
 - Inject vulnerabilities & backdoor during compilation
 - **Result**: Permanent vulnerabilities in immutable contracts

 ### On-Chain Library Attack
 Upgradeable libraries affecting all dependent contracts:
 - Many-to-one trust relationship
 - Single malicious upgrade = widespread compromise
 - *Example*: Parity Multisig hack ($150M frozen)

 See "On-Chain Analysis of Smart Contract Dependency Risks on Ethereum"

 ---
 ## Attack Vector #3: Frontend Dependencies

 ### The JavaScript Supply Chain
 - React/Vue.js + hundreds of npm packages
 - Blockchain libraries: ethers.js, web3.js, viem
 - Deep transitive dependency trees

 ### Transaction Manipulation Attack
 - Change recipient addresses silently 
 - Increase approval amounts to maximum
 - Substitute benign calls with malicious ones
 - **Users sign what appears legitimate in their wallet**

 *Bybit 2025: Compromised Safe dApp dependency stole $1.5B*

 ---
 ## Attack Vector #4: Wallet Software
 - Manage private cryptographic keys & signing operations
 - Thousands of dependencies in their stack
 - Cryptographic libraries, UI frameworks, blockchain clients

 ### Wallet Dependency Attack
 - Exfiltrate keys and seed phrases
 - Modify transactions before signing
 - Tamper with approval dialogs

 *Ledger Connect Kit 2023: Injected code prompted fund-draining transactions*

 See "Dirty-waters: Investigation of the software supply chain of
 javascript cryptocurrency wallet"
 ---
 ## Attack Vector #5: Frontend Delivery
 ### Domain Hijacking (DNS Attack)
 - BGP hijacking or DNS provider compromise
 - Pixel-perfect interfaces, correct URL
 - Users connect wallets to attacker infrastructure

 ### Hosting Provider Compromise
 - Modify deployed artifacts directly
 - Bypasses source code and build pipeline
 - Inject JavaScript into production files

 ### Interplanetary File System (IPFS)
 - <https://ipfs.io/ipfs/QmSqE4mXHA2BXW58deDbXE8MTcsL5JSKNDbm23sVQxRLPS>

 *BadgerDAO 2021: Cloudflare API credentials compromised → $120M loss*

 ---
 ## Attack Vector #6: Development Tools
 ### Compiler Attack
 - Solidity compiler with backdoors
 - Deployed bytecode differs from source
 - Nearly impossible to detect through audits

 ### IDE Extension Attack
 - Access to .env files & deployment private keys & API Keys
 - Clipboard memory theft

 See "Diverse Double-Compiling to Harden Cryptocurrency Software"

 ---
 ## Attack Vector #6: Development Tools (2)
 ### Framework Attack
 - Hardhat, Truffle, Foundry
 - Control entire development lifecycle
 - Single point of failure for thousands of projects

 ### Build Pipeline Attack
 - CI/CD compromise
 - Manipulate dependency resolution
 - Target smart contract continuous deployments

 *SolarWinds Orion CI to break into US government organizations*
 ---
 ## Attack Vector #7: AI-Assisted Coding
 ### "Vibe Coding" Supply Chain Attack
 - GitHub Copilot, ChatGPT trained on poisoned repositories
 - AI suggests vulnerable patterns learned from backdoored code
 - Flawed access controls, integer overflows, Insecure wallet integration patterns

 *Real incident (2024) User lost $$$$ deploying AI-generated Solana bot code with backdoor from poisoned Github repos targeting ChatGPT training data*

 ---
 ## Other Software Supply Chain Attack Vectors

 ### Off-Chain Voting Platforms
 - DAOs using Snapshot for governance
 - Compromised governance platform can present malicious proposals as legitimate
 - Falsified voting results → unauthorized on-chain execution

 ### Oracle Software
 - Bridges off-chain data to blockchain
 - Manipulated price feeds → mass liquidations
 - Falsified data propagates on-chain
 - Oracles verify integrity, not accuracy

 ---
 # Mitigations
 # Mitigations
 # Mitigations
 # Mitigations
 # Mitigations
 # Mitigations

 ---
 ## Mitigation Strategy: Dev

 ### Pre-Deployment Controls
 - **Dependency verification**: Checksums, signatures, lockfiles
 - **Reproducible builds**: Source code → deterministic binaries
 - **Smart contract verification**: Public source alongside bytecode

 *Verifier Alliance is a community effort in Web3 to foster smart contract verification*
 ---
 ## Mitigation Strategy: KUTE

 - Know your dependencies (software bill of materials, aka SBOM)
 - Update your dependencies (Dependabot, Renovate)
 - Track your dependency changes (VEX)
 - Ensure integrity at runtime

 ---
 ## ERC-7936: Versioned Proxy Interface

 ### The Upgrade Problem
 - Users are forced to switch to the new version

 ```solidity
 contract.call("vote") // → V1
 // if contract upgrades, all clients are forced
 contract.call("vote") // → V2
 ```
 - benign upgrade: breaking changes
 - malicious upgrade: theft

 ---
 ## ERC-7936: Versioned Proxy Interface
 - Contracts declare which versions they support
 - Consumers specify version to call
 - No breaking changes
 - **Supply chain defense**: Limits blast radius of compromised libraries

 ```solidity
 contract.call("v1", "vote") // → V1
 // clients decide when to bump
 contract.call("v1", "vote") // → V1
 ```

 *Apply the best of Web2 dependency management to Web3*

 ---
 ## Mitigation Strategy: CI/CD

 ### Build Security
 - **Sandboxed containers**: Isolated, ephemeral build environments
 - **Secret management**: Minimal exposure, runtime injection only, short lived
 - **Multi-signature deployment**: Distributed authority, no single point of compromise

 *Large attack surface between source code and deployed systems*

 ---
 ## Mitigation Strategy: Process & Policy

 ### Security Audits
 **Smart contract audits** must include:
 - Entire Solidity dependency chain review
 - External onchain call validation (esp with delegatecall)
 - Maintainer history analysis

 **Frontend audits** should examine:
 - Transaction construction logic
 - Wallet integration code
 - Deployment integrity verification

 ---
 ## Mitigation Strategy: Continuous Monitoring

 ### Post-Deployment Surveillance

 **Frontend monitoring**:
 - Dependency vulnerability scanning (Dependabot, Renovate)
 - Deployment change tracking
 - Production integrity checks

 **On-chain monitoring**:
 - Anomalous transaction detection (Tenderly, Forta)
 - Unexpected state changes
 - Library upgrade alerts
 - High-privilege contract monitoring

 *Sustainable pricing of monitoring not found yet*

 ---
 ## Transaction Simulation: The Final Web3 Defense

 ### Wallet-Level Protection
 Modern wallets simulate transactions before signing:
 - Execute against current blockchain state
 - Display net effect in human-readable terms
 - "You will send 100 USDC and receive 0.05 WETH"

 ### But
 - Immature support
 - Does not guarantee finality
 - Simulation itself can be faked

 *Simulation reveals what raw transaction data obscures*
 ---
 ## Call to Action
 ### For Developers
 - Verify all dependencies with cryptographic integrity
 - Use reproducible builds and multi-sig deployments
 - Implement comprehensive frontend + smart contract audits

 ### For the Ecosystem
 - Adopt security standards (ERC-7936, etc.)
 - Build monitoring infrastructure
 - Educate on supply chain awareness

 ### For Research
 - Novel detection techniques for Web3-specific attacks & defenses
 - Engage with the practitionner community
 - Best engineering for decentralization & censorship resistance
 ---
 ## Key Takeaways

 1. **Web3 attack surface: traditional + novel threats** with amplified consequences
 2. **Every layer is adversarial**: nodes, contracts, frontend, wallets, tools, hosting
 3. **Immutability is our best ally** – but no second chances
 4. **Defense-in-depth is essential**: technical controls + process + monitoring
 5. **Transparency is a double-edged sword**: public code aids both defenders and attackers

 *Web3 is the highest integrity software stack ever, for the most precious workflows of our digitalized societies*

 Martin Monperrus,
 December 2025
	---
	author: Martin Monperrus
	date: "KTH & mab.xyz"
	paging: "%d/%d"
	---
	# Software Supply Chain Security of Web3

	## Martin Monperrus
	### Professor, IEEE Fellow
	### KTH Royal Institute of Technology & mab.xyz

	Acknowledgments: Raphina Liu, Monica Jin, Javier Ron, Sofia Bobadilla, Benoit Baudry, and the CHAINS team

	Supported by: Knut and Alice Wallenberg Foundation, Swedish Foundation for Strategic Research, Ethereum Foundation


	---
	# Welcome to Web3
	## The Stakes Are Different

	- Web2: Vulnerabilities → data breaches, service disruptions
	- Web3: Vulnerabilities → irreversible financial losses

	### Notable Incidents
	- $1.5B Bybit exchange attack (Fev 2025)
	- $120M Balancer (Nov 2025)

	When blockchain is your backend, there's no "undo" button

	---
	# Anatomy of a $1.5B Supply Chain Attack

	1. Compromised dev machine via spear phishing
	1. Compromised AWS bucket
	1. Compromised fronted for Gnosis Safe wallet interface
	1. Users presented with legitimate-looking transaction approval
	1. Wallet (multi)signed what appeared to be routine operation
	1. Actual transaction: Transfer $1.5B to attacker address

	### Notes
	- ✓ No smart contract vulnerability
	- ✓ Passed all traditional security checks
	- ✓ Trust extends through entire dependency tree

	---
	## The Web3 Architecture Stack

	- Infra: Blockchain nodes & RPC endpoints
	- Backend: smart contract (Solidity)
	- Frontend: web applications (Javascript)
	- Wallet software (Javascript)

	Plus
	- Development tools & CI/CD
	- Hosting infrastructure

	---
	## What Makes Web3 Unique?
	### 🔒 Immutability
	- Code can't be compromised
	- Also apply to frontend (IPFS)
	- Deployed contracts can't be patched
	- No hotfixes in minutes

	### 🔍 Transparency
	- All code is public
	- All exploits are public
	- Attackers can study & simulate before exploiting
	- Security through obscurity is harder

	---
	## What Makes Web3 Unique? (2)
	### ⚡ Finality
	- Transactions cannot be reversed (censorship resistance)
	- No customer support rollbacks
	- Direct theft in seconds

	### 👤 Pseudonymity
	- Attribution can be difficult
	- Very strong privacy stack (mixing services)


	---

	## Threat Model: Who's Attacking? Jian Tan

	- Nation-state actors: Funding covert operations through Web3 exploits
	- Organized cybercriminal groups: Direct monetization through DeFi
	- Smartest individual attackers: Discovering and exploiting vulnerabilities

	The tight attack-to-monetization loop creates unprecedented incentives

	### The most adversarial also makes it the most robust software architecture ever

	---
	## Attack Vector #1: Blockchain Nodes

	### Attack a distributed system through its dependencies

	### Node Software Dependencies
	- Ethereum, Solana validators depend on hundreds of libraries
	- Compromise through account takeover, typosquatting, or build system attacks
	- Can manipulate consensus, relay, or state queries

	Decentralized deployment != solo stakers != software diversity

	See "The Multibillion Dollar Software Supply Chain of Ethereum "
	---
	## Attack Vector #2: Smart Contract Dependencies

	### Pre-Deployment Library Attack
	- Malicious npm packages (e.g., compromised OpenZeppelin):
	- Inject vulnerabilities & backdoor during compilation
	- Result: Permanent vulnerabilities in immutable contracts

	### On-Chain Library Attack
	Upgradeable libraries affecting all dependent contracts:
	- Many-to-one trust relationship
	- Single malicious upgrade = widespread compromise
	- Example: Parity Multisig hack ($150M frozen)

	See "On-Chain Analysis of Smart Contract Dependency Risks on Ethereum"

	---
	## Attack Vector #3: Frontend Dependencies

	### The JavaScript Supply Chain
	- React/Vue.js + hundreds of npm packages
	- Blockchain libraries: ethers.js, web3.js, viem
	- Deep transitive dependency trees

	### Transaction Manipulation Attack
	- Change recipient addresses silently
	- Increase approval amounts to maximum
	- Substitute benign calls with malicious ones
	- Users sign what appears legitimate in their wallet

	Bybit 2025: Compromised Safe dApp dependency stole $1.5B

	---
	## Attack Vector #4: Wallet Software
	- Manage private cryptographic keys & signing operations
	- Thousands of dependencies in their stack
	- Cryptographic libraries, UI frameworks, blockchain clients

	### Wallet Dependency Attack
	- Exfiltrate keys and seed phrases
	- Modify transactions before signing
	- Tamper with approval dialogs

	Ledger Connect Kit 2023: Injected code prompted fund-draining transactions

	See "Dirty-waters: Investigation of the software supply chain of
	javascript cryptocurrency wallet"
	---
	## Attack Vector #5: Frontend Delivery
	### Domain Hijacking (DNS Attack)
	- BGP hijacking or DNS provider compromise
	- Pixel-perfect interfaces, correct URL
	- Users connect wallets to attacker infrastructure

	### Hosting Provider Compromise
	- Modify deployed artifacts directly
	- Bypasses source code and build pipeline
	- Inject JavaScript into production files

	### Interplanetary File System (IPFS)
	- <https://ipfs.io/ipfs/QmSqE4mXHA2BXW58deDbXE8MTcsL5JSKNDbm23sVQxRLPS>

	BadgerDAO 2021: Cloudflare API credentials compromised → $120M loss

	---
	## Attack Vector #6: Development Tools
	### Compiler Attack
	- Solidity compiler with backdoors
	- Deployed bytecode differs from source
	- Nearly impossible to detect through audits

	### IDE Extension Attack
	- Access to .env files & deployment private keys & API Keys
	- Clipboard memory theft

	See "Diverse Double-Compiling to Harden Cryptocurrency Software"

	---
	## Attack Vector #6: Development Tools (2)
	### Framework Attack
	- Hardhat, Truffle, Foundry
	- Control entire development lifecycle
	- Single point of failure for thousands of projects

	### Build Pipeline Attack
	- CI/CD compromise
	- Manipulate dependency resolution
	- Target smart contract continuous deployments

	SolarWinds Orion CI to break into US government organizations
	---
	## Attack Vector #7: AI-Assisted Coding
	### "Vibe Coding" Supply Chain Attack
	- GitHub Copilot, ChatGPT trained on poisoned repositories
	- AI suggests vulnerable patterns learned from backdoored code
	- Flawed access controls, integer overflows, Insecure wallet integration patterns

	Real incident (2024) User lost $$$$ deploying AI-generated Solana bot code with backdoor from poisoned Github repos targeting ChatGPT training data

	---
	## Other Software Supply Chain Attack Vectors

	### Off-Chain Voting Platforms
	- DAOs using Snapshot for governance
	- Compromised governance platform can present malicious proposals as legitimate
	- Falsified voting results → unauthorized on-chain execution

	### Oracle Software
	- Bridges off-chain data to blockchain
	- Manipulated price feeds → mass liquidations
	- Falsified data propagates on-chain
	- Oracles verify integrity, not accuracy

	---
	# Mitigations
	# Mitigations
	# Mitigations
	# Mitigations
	# Mitigations
	# Mitigations

	---
	## Mitigation Strategy: Dev

	### Pre-Deployment Controls
	- Dependency verification: Checksums, signatures, lockfiles
	- Reproducible builds: Source code → deterministic binaries
	- Smart contract verification: Public source alongside bytecode

	Verifier Alliance is a community effort in Web3 to foster smart contract verification
	---
	## Mitigation Strategy: KUTE

	- Know your dependencies (software bill of materials, aka SBOM)
	- Update your dependencies (Dependabot, Renovate)
	- Track your dependency changes (VEX)
	- Ensure integrity at runtime

	---
	## ERC-7936: Versioned Proxy Interface

	### The Upgrade Problem
	- Users are forced to switch to the new version

	```solidity
	contract.call("vote") // → V1
	// if contract upgrades, all clients are forced
	contract.call("vote") // → V2
	```
	- benign upgrade: breaking changes
	- malicious upgrade: theft

	---
	## ERC-7936: Versioned Proxy Interface
	- Contracts declare which versions they support
	- Consumers specify version to call
	- No breaking changes
	- Supply chain defense: Limits blast radius of compromised libraries

	```solidity
	contract.call("v1", "vote") // → V1
	// clients decide when to bump
	contract.call("v1", "vote") // → V1
	```

	Apply the best of Web2 dependency management to Web3

	---
	## Mitigation Strategy: CI/CD

	### Build Security
	- Sandboxed containers: Isolated, ephemeral build environments
	- Secret management: Minimal exposure, runtime injection only, short lived
	- Multi-signature deployment: Distributed authority, no single point of compromise

	Large attack surface between source code and deployed systems

	---
	## Mitigation Strategy: Process & Policy

	### Security Audits
	Smart contract audits must include:
	- Entire Solidity dependency chain review
	- External onchain call validation (esp with delegatecall)
	- Maintainer history analysis

	Frontend audits should examine:
	- Transaction construction logic
	- Wallet integration code
	- Deployment integrity verification

	---
	## Mitigation Strategy: Continuous Monitoring

	### Post-Deployment Surveillance

	Frontend monitoring:
	- Dependency vulnerability scanning (Dependabot, Renovate)
	- Deployment change tracking
	- Production integrity checks

	On-chain monitoring:
	- Anomalous transaction detection (Tenderly, Forta)
	- Unexpected state changes
	- Library upgrade alerts
	- High-privilege contract monitoring

	Sustainable pricing of monitoring not found yet

	---
	## Transaction Simulation: The Final Web3 Defense

	### Wallet-Level Protection
	Modern wallets simulate transactions before signing:
	- Execute against current blockchain state
	- Display net effect in human-readable terms
	- "You will send 100 USDC and receive 0.05 WETH"

	### But
	- Immature support
	- Does not guarantee finality
	- Simulation itself can be faked

	Simulation reveals what raw transaction data obscures
	---
	## Call to Action
	### For Developers
	- Verify all dependencies with cryptographic integrity
	- Use reproducible builds and multi-sig deployments
	- Implement comprehensive frontend + smart contract audits

	### For the Ecosystem
	- Adopt security standards (ERC-7936, etc.)
	- Build monitoring infrastructure
	- Educate on supply chain awareness

	### For Research
	- Novel detection techniques for Web3-specific attacks & defenses
	- Engage with the practitionner community
	- Best engineering for decentralization & censorship resistance
	---
	## Key Takeaways

	1. Web3 attack surface: traditional + novel threats with amplified consequences
	2. Every layer is adversarial: nodes, contracts, frontend, wallets, tools, hosting
	3. Immutability is our best ally – but no second chances
	4. Defense-in-depth is essential: technical controls + process + monitoring
	5. Transparency is a double-edged sword: public code aids both defenders and attackers

	Web3 is the highest integrity software stack ever, for the most precious workflows of our digitalized societies

	Martin Monperrus,
	December 2025
No results found