web3.py Server-Side Request Forgery Vulnerability via CCIP Read OffchainLookup URL Handling

A Server-Side Request Forgery (SSRF) vulnerability has been identified in web3.py, a Python library for interacting with the Ethereum blockchain. This issue affects versions 6.0.0b3 prior to 7.15.0 and 8.0.0b2. The vulnerability arises from the implementation of CCIP Read/OffchainLookup (EIP-3668), which performs HTTP requests to URLs provided by smart contracts without proper validation. By default, CCIP Read is enabled on all providers, exposing applications that use web3.py's .call() method to potential exploitation. A malicious contract can manipulate the web3.py process into sending requests to arbitrary destinations, including internal network services and cloud metadata endpoints.

Impact

Exploitation of this vulnerability allows for Server-Side Request Forgery (SSRF), where an attacker can control the destination of outbound HTTP requests from the victim's infrastructure. This could lead to unauthorized access to internal services, probing of network topology, or exploitation of cloud metadata endpoints, potentially causing further compromise.

Reproduction

To reproduce this vulnerability, a contract must be deployed that reverts with 'OffchainLookup', supplying URLs that point to internal services or cloud metadata endpoints. When the contract is called via 'eth_call', web3.py automatically triggers the CCIP Read handler, sending an HTTP request to the contract-supplied URL without any destination validation. This can be done by mocking the 'getaddrinfo' function to bypass hostname validation and using a URL that targets a blocked IP, such as 'http://169.254.169.254/latest/meta-data/iam/security-credentials/'

Remediation

Users can update to web3.py versions 7.15.0 or 8.0.0b2, where this vulnerability has been fixed. In these versions, the CCIP Read implementation includes necessary validations and allows users to configure URL validation policies.