Research Pulse #51 02/07/21

  1. Dissimilar Redundancy in DeFi
    Authors: Daniel Perez and Lewis Gudgeon

The meteoric rise of Decentralized Finance (DeFi) has been accompanied by a plethora of frequent and often financially devastating attacks on its protocols. There have been over 70 exploits of DeFi protocols, with the total of lost funds amounting to approximately 1.5bn USD. In this paper, we introduce a new approach to minimizing the frequency and severity of such attacks: dissimilar redundancy for smart contracts. In a nutshell, the idea is to implement a program logic more than once, ideally using different programming languages. Then, for each implementation, the results should match before allowing the state of the blockchain to change. This is inspired by and has clear parallels to the field of avionics, where on account of the safety-critical environment, flight control systems typically feature multiple redundant implementations. We argue that the high financial stakes in DeFi protocols merit a conceptually similar approach, and we provide a novel algorithm for implementing dissimilar redundancy for smart contracts.

Link: https://arxiv.org/pdf/2201.12563.pdf

  1. Comprehensive Comparison of Post-Quantum Digital Signature Schemes in Blockchain
    Authors: Bakhtiyor Yokubov and Lu Gan

Blockchain is a distributed database that has gained much attention from researchers in recent years owing to its capacity to create transparent, redundant, and accountable connections in several application domains using asymmetric cryptography and digital signature. Nevertheless, blockchain systems are vulnerable to attacks from quantum computers using Shor’s and Grover’s algorithms. Post-quantum cryptography, according to several researchers, withstands quantum attacks. To address the problem, we examine the performance of various post-quantum digital signature algorithms in Blockchain and provide a comprehensive comparison in terms of computing time and memory usage in this study.

Link: Comprehensive Comparison of Post-Quantum Digital Signature Schemes in Blockchain | IEEE Conference Publication | IEEE Xplore

  1. Smart Contract Security: a Practitioners’ Perspective
    Authors: Zhiyuan Wan, Xin Xia, David Lo, Jiachi Chen, and Xiapu Luo

Smart contracts have been plagued by security incidents, which resulted in substantial financial losses. Given numerous research efforts in addressing the security issues of smart contracts, we wondered how software practitioners build security into smart contracts in practice. We performed a mixture of qualitative and quantitative studies with 13 interviewees and 156 survey respondents from 35 countries across six continents to understand practitioners’ perceptions and practices on smart contract security. Our study uncovers practitioners’ motivations and deterrents of smart contract security, as well as how security efforts and strategies fit into the development lifecycle. We also find that blockchain platforms have a statistically significant impact on practitioners’ security perceptions and practices of smart contract development. Based on our findings, we highlight future research directions and provide recommendations for practitioners.

Link: https://ink.library.smu.edu.sg/cgi/viewcontent.cgi?article=7764&context=sis_research

  1. A Technical Deep Dive Into and Implementation of Non-Fungible Tokens in a Practical Setting
    Authors: Julia Martin and Carrie Hay Kellar

The purpose of this paper is to provide a technical deep dive into non-fungible tokens. We want to look beyond the basics and the easily digestible details and discover how NFTs work on different blockchains and how they utilize blockchain technology. While preparing this comprehensive guide, we will examine a few different aspects of NFTs. After starting with an explanation of how they 1 work and are created on blockchains in general, we will take a more specific look at their initial implementation on Ethereum. We will then compare and contrast the Ethereum NFT standard with that of Solana. The reason we chose Solana here is because it is growing extremely quickly, and has the potential to be Ethereum’s largest competitor in this market [3]. These two blockchains will be compared from the viewpoint of using dynamic data and from the viewpoint of the different formats that NFTs take.

Link: https://timroughgarden.github.io/fob21/reports/r8.pdf

  1. Verifying Liquidity of Recursive Bitcoin Contracts
    Authors: Massimo Bartoletti, Stefano Lande, Maurizio Murgia, and Roberto Zunino

Smart contracts — computer protocols that regulate the exchange of crypto-assets in trustless environments — have become popular with the spread of blockchain technologies. A landmark security property of smart contracts is liquidity: in a non-liquid contract, it may happen that some assets remain frozen, i.e. not redeemable by anyone. The relevance of this issue is witnessed by recent liquidity attacks to Ethereum, which have frozen hundreds of USD millions. We address the problem of verifying liquidity on BitML, a DSL for smart contracts with a secure compiler to Bitcoin, featuring primitives for currency transfers, contract renegotiation and consensual recursion. Our main result is a verification technique for liquidity. We first transform the infinite-state semantics of BitML into a finite-state one, which focusses on the behaviour of a chosen set of contracts, abstracting from the moves of the context. With respect to the chosen contracts, this abstraction is sound, i.e. if the abstracted contract is liquid, then also the concrete one is such. We then verify liquidity by model-checking the finite-state abstraction. We implement a toolchain that automatically verifies liquidity of BitML contracts and compiles them to Bitcoin, and we assess it through a benchmark of representative contracts.

Link: https://lmcs.episciences.org/9031/pdf

  1. Trail: An Architecture for Compact UTXO-Based Blockchain and Smart Contract
    Authors: Ryunosuke Nagayama, Ryohei Banno, and Kazuyuki Shudo

In Bitcoin and Ethereum, nodes require a large storage capacity to maintain all of the blockchain data such as transactions. As of September 2021, the storage size of the Bitcoin blockchain has expanded to 355 GB, and it has increased by approximately 50 GB every year over the last five years. This storage requirement is a major hurdle to becoming a block proposer or validator. We propose an architecture called Trail that allows nodes to hold all blocks in a small storage and to generate and validate blocks and transactions. A node in Trail holds all blocks without transactions, UTXOs or account balances. The block size is approximately 8 kB, which is 100 times smaller than that of Bitcoin. On the other hand, a client who issues transactions needs to hold proof of its assets. Thus, compared to traditional blockchains, clients must store additional data. We show that proper data archiving can keep the account device storage size small. Then, we propose a method of executing smart contracts in Trail using a threshold signature. Trail allows more users to be block proposers and validators and improves the decentralization and security of the blockchain.

Link: https://www.jstage.jst.go.jp/article/transinf/E105.D/2/E105.D_2021EDP7139/_pdf

  1. Hiding payments in lightning network with approximate differentially private payment channels
    Authors: Gijs van Dam and Rabiah Abdul Kadir

Payment Channel Networks (PCN) form a class of techniques created to solve the scalability problems that permissionless blockchains such as Bitcoin face. The Lightning Network (LN) is the biggest PCN to date. As of September 2021, LN is an interconnected network with 27 thousand nodes and 71 thousand channels, representing a total payment capacity of 2500 bitcoins ( USD). LN nodes establish trustless payment channels by locking funds in a funding transaction. The distribution of the funds can be modified with near-instant transactions without broadcasting them to the blockchain. By chaining channels together, it is possible for two nodes to transact without having a direct channel between them. This results in far fewer transactions needing to be broadcast and a theoretical number of off-chain transactions per second that can rival established, centralized payment systems. With off-chain transactions one can obtain more privacy than with on-chain transaction: individual payments through LN should be able to stay private. However, recent research suggests that this is not the case. Several works have shown that channel balances can be tracked with the Balance Discovery Attack (BDA). Monitoring the changes in channel balances over time enables an adversary to track individual payments in LN. Since payments can travel through channels outside the scope of influence of the payer or the payee, these BDA’s form an Interdependent Privacy (IDP) risk for the participants of the LN network. This work applies approximate differential privacy to hide payment amounts of a realistic size in LN. To our knowledge, this is the first time that strong privacy guarantees in the sense of approximate differential privacy are achieved in the setting of LN. We prove the feasibility with our prototype, compatible with LN today. Our solution is evaluated in terms of cost and utility and we show that the latter is not affected by our solution.

Link: Hiding payments in lightning network with approximate differentially private payment channels - ScienceDirect

  1. Attacker Traceability on Ethereum through Graph Analysis
    Authors: Hang Zhu, Weina Niu, Xuhan Liao, Xiaosong Zhang, Xiaofen Wang, Beibei Li, and Zheyuan He

Since the Ethereum virtual machine is Turing complete, Ethereum can implement various complex logics such as mutual calls and nested calls between functions. Therefore, Ethereum has suffered a lot of attacks since its birth, and there are still many attackers active in Ethereum transactions. To this end, we propose a traceability method on Ethereum, using graph analysis to track attackers. We collected complete user transaction data to construct the graph and analyzed data on several harmful attacks, including reentry attacks, short address attacks, DDoS attacks, and Ponzi contracts. Through graph analysis, we found accounts that are strongly associated with these attacks and are still active. We have done a systematic analysis of these accounts to analyze their threats. Finally, we also analyzed the correlation between the information collected through RPC and these accounts and finally found that some accounts can find their IP addresses.

Link: Attacker Traceability on Ethereum through Graph Analysis

  1. LGBM: a machine learning approach for Ethereum fraud detection
    Authors: Rabia Musheer Aziz, Mohammed Farhan Baluch, Sarthak Patel & Abdul Hamid Ganie

Ethereum is a software platform that uses the concept of blockchain and decentralizes data by distributing copies of smart contracts to thousands of individuals worldwide. Ethereum, as a currency, is utilized to exchange value worldwide in the absence of a third party to monitor or intervene. However, as online commerce grows, a slew of fraudulent activities, such as money laundering, bribery, and phishing, emerge as the primary threat to trade security. This paper proposes Light Gradient Boosting Machine (LGBM) approach for accurately detecting fraudulent transactions. It also examines different models such as Random Forest (RF), Multi-Layer Perceptron (MLP), etc., based on machine learning and soft computing algorithm for classifying Ethereum fraud detection dataset with limited attributes and compares their metrics with the LGBM approach. A comparative study of scores of bagging models is presented to know the applicability of the proposed approach. The light gradient boosting machine (LGBM) algorithms and Extreme Gradient Boosting (XGBoost) demonstrate the highest accuracies, while LGBM shows slightly better performance with 98.60% for the stated dataset scenarios. Further optimizing the LGBM with hyper-parameter tuning, an accuracy of 99.03% is achieved.

Link: LGBM: a machine learning approach for Ethereum fraud detection | SpringerLink

1 Like

Research Pulse #51 is out!

In Dissimilar Redundancy in DeFi, authors evaluate major exploits in DeFi and hypothesize a new approach to mitigate the occurrence and the severity of such exploits. The authors call this Dissimilar Redundancy, a concept borrowed from avionics security. In the context of DeFi, it involves implementing the logic of a smart contract application multiple times, ideally using multiple programming languages. Once compiled, the resulting state transitions must match before the application is able to change its state.

In Smart Contract Security: a Practitioners’ Perspective, the authors provide an interesting survey of smart contract developers and attempt to identify industry best practices. A group of 13 interviewees was selected to conduct surveys on 156 respondents from 35 countries and identify commonalities in their development practices.

Finally, in Verifying Liquidity of Recursive Bitcoin Contracts, the authors present a tool that can be used to verify programs built with BitML, a novel stateless smart contract scheme previously covered on SCRF. This tool effectively verifies the liquidity of BitML smart contracts which, as the authors point out, enables a variety of interesting use cases.

1 Like