Clockwork Finance: Automated Analysis of Economic Security in Smart Contracts
Authors: Kushal Babel, Philip Daian, Mahimna Kelkar, and Ari Juels
We introduce the Clockwork Finance Framework (CFF), a general purpose, formal verification framework for mechanized reasoning about the economic security properties of composed decentralized-finance (DeFi) smart contracts.
CFF features three key properties. It is contract complete, meaning that it can model any smart contract platform and all its contracts—Turing complete or otherwise. It does so with asymptotically optimal model size. It is also attack-exhaustive by construction, meaning that it can automatically and mechanically extract all possible economic attacks on users’ cryptocurrency across modeled contracts.
Thanks to these properties, CFF can support multiple goals: economic security analysis of contracts by developers, analysis of DeFi trading risks by users, and optimization of arbitrage opportunities by bots or miners. Because CFF offers composability, it can support these goals with reasoning over any desired set of potentially interacting smart contract models.
We instantiate CFF as an executable model for Ethereum contracts that incorporates a state-of-the-art deductive verifier. Building on previous work, we introduce extractable value (EV), a new formal notion of economic security in composed DeFi contracts that is both a basis for CFF analyses and of general interest.
We construct modular, human-readable, composable CFF models of four popular, deployed DeFi protocols in Ethereum: Uniswap, Uniswap V2, Sushiswap, and MakerDAO, representing a combined 17 billion USD in value as of August 2021. We uses these models to show experimentally that CFF is practical and can drive useful, data-based EV-based insights from real world transaction activity. Without any explicitly programmed attack strategies, CFF uncovers on average an expected $56 million of EV per month in the recent past.
Structural Attacks on Local Routing in Payment Channel Networks
Authors: Ben Weintraub, Cristina Nita-Rotaru, and Stefanie Roos
Payment channel networks (PCN) enable scalable blockchain transactions without fundamentally changing the underlying distributed ledger algorithm. However, routing a payment via multiple channels in a PCN requires locking collateral for potentially long periods of time. Adversaries can abuse this mechanism to conduct denial-of-service attacks. Previous work focused on source routing, which is unlikely to remain a viable routing approach as these networks grow.
In this work, we examine the effectiveness of attacks in PCNs that use routing algorithms based on local knowledge, where compromised intermediate nodes can delay or drop transactions to create denial-of-service. We focus on SpeedyMurmurs as a representative of such protocols. We identify two attacker node selection strategies; one based on the position in the routing tree, and the other on betweenness centrality. Our simulation-driven study shows that while they are both effective, the centrality-based attack approaches near-optimal effectiveness. We also show that the attacks are ineffective in less centralized networks and discuss incentives for the participants in PCNs to create less centralized topologies through the payment channels they establish among themselves.
DT-SSIM: A Decentralized Trustworthy Self-Sovereign Identity Management Framework
Authors: Efat Samir, Hongyi Wu, Mohamed Azab, Chun Sheng Xin, and Qiao Zhang
In a ubiquitous environment enclosing cooperative Internet of Things (IoT) devices, individuals, and entities, Digital Identity Management (DIM) becomes critical and challenging. DIM pertains to device identities authentication and verification to enable trustworthy service exchange, data collection, and decision making. DIM is the supporting pillar for all online services and the foundation for security and authentication mechanisms. Due to the extreme heterogeneity, scale, and configuration complexity of such environments, enabling trustworthy DIM is crucial and seriously challenging. In an IoT context, devices use local (Digital Identities) DIs stored within a tamper-proof unit and verified by a centralized authority for authentication. The recent attacks on IoT systems showed how vulnerable such a design is. It is also an inherent problem that influences humans. From that, Self-Sovereign Identity (SSI) has emerged as a decentralized DIM approach embracing the concept of portable selfpossession identity. SSI was presented to decouple the DI from the owner to enable large-scale cooperation. However, DI storage and verification still occur on the device and in a centralized manner. Utilizing a local single-point-of-failure storage memory for verifiable credentials is one of the considerable drawbacks in contemporary SSI. In this regard, this paper introduces DTSSIM, a novel Decentralized Trustworthy Self-Sovereign Identity Management framework. DT-SSIM integrates the secret share scheme with the Blockchain-based smart contracts technologies to provide transparent and trustworthy SSI-based digital identity management services for IoT. Storing IoT identity credentials outside the devices’ local storage preserves the identity credentials from being tampered with or misused. Evaluations and discussions show the resiliency assessment of the system and the cost and estimated running times for verification processes in DTSSIM.
What’s in Your Wallet? Privacy and Security Issues in Web 3.0
Authors: Philipp Winter, Anna Harbluk Lorimer, Peter Snyder, and Benjamin Livshits
Much of the recent excitement around decentralized finance (DeFi) comes from hopes that DeFi can be a secure, private, less centralized alternative to traditional finance systems but the accuracy of these hopes has to date been understudied; people moving to DeFi sites to improve their privacy and security may actually end up with less of both.
In this work, we improve the state of DeFi by conducting the first measurement of the privacy and security properties of popular DeFi applications. We find that DeFi applications suffer from the same kinds of privacy and security risks that frequent other parts of the Web. For example, we find that one common tracker has the ability to record Ethereum addresses on over 56% of websites analyzed. Further, we find that many trackers on DeFi sites can trivially link a user’s Ethereum address with pii (e.g., name or demographic information) or phish users.
This work also proposes remedies to the vulnerabilities we identify, in the form of improvements to the most common cryptocurrency wallet. Our wallet modification replaces the user’s real Ethereum address with site-specific addresses, making it harder for DeFi sites and third parties to ( i) learn the user’s real address and (ii) track them across sites.
A New Schnorr Multi-Signatures to Support Both Multiple Messages Signing and Key Aggregation
Authors: Rikuhiro Kojima, Dai Yamamoto, Takeshi Shimoyama, Kouichi Yasaki, and Kazuaki Nimura
A digital signature is essential for verifying people’s reliability and data integrity over networks and is used in web server certificates, authentication, and blockchain technologies. Specifically, to solve the bitcoin scalability problem, Multi-Signature (MS) schemes have recently attracted attention because the MS’s aggregate algorithm can reduce the amount of signature data in transactions. While such schemes support only a single message signing, Interactive Aggregate Signatures (IAS) and Aggregate Multi-Signature Protocol (AMSP) support signing of multiple messages. However, there are some issues with these schemes, for example, key aggregation is unavailable. In this paper, we propose a key aggregatable IAS scheme called KAIAS that can sign multiple messages with key aggregation. In terms of cases using Multi-Signature, previous studies have mainly discussed the benefits of reducing the size of signatures. On the other hand, we also propose a practical application of KAIAS that leverages its benefits in aggregating both signatures and public keys with a low computing cost for verification.
RA: A Static Analysis Tool for Analyzing Re-Entrancy Attacks in Ethereum Smart Contracts
Authors: Yuichiro Chinen, Naoto Yanai, Jason Paul Cruz, and Shingo Okamura
Ethereum smart contracts are programs that are deployed and executed in a consensus-based blockchain managed by a peer-to-peer network. Several re-entrancy attacks that aim to steal Ether, the cryptocurrency used in Ethereum, stored in deployed smart contracts have been found in the recent years. A countermeasure to such attacks is based on dynamic analysis that executes the smart contracts themselves, but it requires the spending of Ether and knowledge of attack patterns for analysis in advance. In this paper, we present a static analysis tool named RA (Reentrancy Analyzer), a combination of symbolic execution and equivalence checking by a satisfiability modulo theories solver to analyze vulnerability of smart contracts to re-entrancy attacks. In contrast to existing tools, RA supports analysis of inter-contract behaviors by using only the Ethereum Virtual Machine bytecodes of target smart contracts, i.e., even without prior knowledge of attack patterns and without spending Ether. Furthermore, RA can verify existence of vulnerability to re-entrancy attacks without execution of smart contracts and it does not provide false positives and false negatives. We also present an implementation of RA to evaluate its performance in analyzing the vulnerability of deployed smart contracts to re-entrancy attacks and show that RA can precisely determine which smart contracts are vulnerable.