Paper 2023/378

SGXonerated: Finding (and Partially Fixing) Privacy Flaws in TEE-based Smart Contract Platforms Without Breaking the TEE

Nerla Jean-Louis, University of Illinois Urbana-Champaign
Yunqi Li, University of Illinois Urbana-Champaign
Yan Ji, Cornell University
Harjasleen Malvai, University of Illinois Urbana-Champaign
Thomas Yurek, University of Illinois Urbana-Champaign
Sylvain Bellemare, Cornell University, IC3
Andrew Miller, University of Illinois Urbana-Champaign, IC3

TEE-based smart contracts are an emerging blockchain architecture, offering fully programmable privacy with better performance than alternatives like secure multiparty computation. They can also support compatibility with existing smart contract languages, such that existing (plaintext) applications can be readily ported, picking up privacy enhancements automatically. While previous analysis of TEE-based smart contracts have focused on failures of TEE itself, we asked whether other aspects might be understudied. We focused on state consistency, a concern area highlighted by Li et al., as well as new concerns including access pattern leakage and software upgrade mechanisms. We carried out a code review of a cohort of four TEE-based smart contract platforms. These include Secret Network, the first to market with in-use applications, as well as Oasis, Phala, and Obscuro, which have at least released public test networks. The first and most broadly applicable result is that access pattern leakage occurs when handling persistent contract storage. On Secret Network, its fine-grained access pattern is catastrophic for the transaction privacy of SNIP-20 tokens. If ERC-20 tokens were naively ported to Oasis they would be similarly vulnerable; the others in the cohort leak coarse-grained information at approximately the page level (4 kilobytes). Improving and characterizing this will require adopting techniques from ORAMs or encrypted databases. Second, the importance of state consistency has been underappreciated, in part because exploiting such vulnerabilities is thought to be impractical. We show they are fully practical by building a proof-of-concept tool that breaks all advertised privacy properties of SNIP-20 tokens, able to query the balance of individual accounts and the token amount of each transfer. We additionally demonstrate MEV attacks against the Sienna Swap application. As a final consequence of lacking state consistency, the developers have inadvertently introduced a decryption backdoor through their software upgrade process. We have helped the Secret developers mitigate this through a coordinated vulnerability disclosure, after which their transaction replay defense is roughly on par with the rest.

Available format(s)
Publication info
blockchainsmart contractsTEE
Contact author(s)
nerlaj2 @ illinois edu
yunqil3 @ illinois edu
yj348 @ cornell edu
hmalvai2 @ illinois edu
yurek2 @ illinois edu
sbellemare @ cornell edu
soc1024 @ illinois edu
2023-03-16: approved
2023-03-15: received
See all versions
Short URL
Creative Commons Attribution-NonCommercial


      author = {Nerla Jean-Louis and Yunqi Li and Yan Ji and Harjasleen Malvai and Thomas Yurek and Sylvain Bellemare and Andrew Miller},
      title = {SGXonerated: Finding (and Partially Fixing) Privacy Flaws in TEE-based Smart Contract Platforms Without Breaking the TEE},
      howpublished = {Cryptology ePrint Archive, Paper 2023/378},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.