Research Pulse #59 04/04/22

1. Elipmoc: Advanced Decompilation of Ethereum Smart Contracts
   Authors: Neville Grech, Sifis Lagouvardos, Ilias Tsatiris, and Yannis Smaragdakis

Smart contracts on the Ethereum blockchain greatly benefit from cutting-edge analysis techniques and pose significant challenges. A primary challenge is the extremely low-level representation of deployed contracts. We present Elipmoc, a decompiler for the next generation of smart contract analyses. Elipmoc is an evolution of Gigahorse, the top research decompiler, dramatically improving over it and over other state-of-the-art tools, by employing several high-precision techniques and making them scalable. Among these techniques are a new kind of context sensitivity (termed “transactional sensitivity”) that provides a more effective static abstraction of distinct dynamic executions; a path-sensitive (yet scalable, through path merging) algorithm for inference of function arguments and returns; and a fully context sensitive private function reconstruction process. As a result, smart contract security analyses and reverse-engineering tools built on top of Elipmoc achieve high scalability, precision and completeness.
Elipmoc improves over all notable past decompilers, including its predecessor, Gigahorse, and the stateof-the-art industrial tool, Panoramix, integrated into the primary Ethereum blockchain explorer, Etherscan. Elipmoc produces decompiled contracts with fully resolved operands at a rate of 99.5% (compared to 62.8% for Gigahorse), and achieves much higher completeness in code decompilation than Panoramix—e.g., up to 67% more coverage of external call statements—while being over 5x faster. Elipmoc has been the enabler for recent (independent) discoveries of several exploitable vulnerabilities on popular protocols, over funds in the many millions of dollars.

Link: https://yanniss.github.io/elipmoc-oopsla22.pdf

2. Preventing front-running attacks using timelock encryption
   Author: Venkkatesh Sekar

Frontrunning is an active exploit where an attacker benefits from advanced access to privileged market information about upcoming transactions. Dating back to traditional financial markets, the decentralized and open nature of the blockchain has found a new variant of frontrunning attacks with severe impact. Several solutions have been proposed to mitigate frontrunning including automatic market makers and confidential transactions.
A timelock encryption scheme allows a user to commit a secret to a particular time in the future, after which the secret will be made public. We propose a new timelock encryption scheme as a mechanism to thwart frontrunning attacks in the blockchain space. The scheme utilizes a distributed randomness beacon (drand), elliptic curve cryptography, bilinear pairings and threshold BLS signatures as building blocks. It is inspired by Boneh Franklin’s Identity Based Encryption scheme and is adaptive chosen ciphertext attack secure(INDID-CCA) under the Computational co-Bilinear Diffie Hellman problem. As a proof of concept, we provide a web platform built in JavaScript for timelocking arbitrary messages with near-native speed. For feasibility study, a concrete integration of our construction in the Filecoin infrastructure has been undertaken. Additionally, we conduct an analysis of the performance and security of our prototype. On average, it took 62ms for encryption and 33ms for decryption for 3KB transactions on our testbench. Finally, we conclude with the possible drawbacks and other useful applications of our scheme.

Link: https://vsekar.me/assets/diss.pdf

3. A General Framework for Impermanent Loss in Automated Market Makers
   Authors: Neelesh Tiruviluamala, Alexander Port, and Erik Lewis

We provide a framework for analyzing impermanent loss for general Automated Market Makers (AMMs) and show that Geometric Mean Market Makers (G3Ms) are in a rigorous sense the simplest class of AMMs from an impermanent loss viewpoint. In this context, it becomes clear why automated market makers like Curve ([Ego19]) require more parameters in order to specify impermanent loss. We suggest the proper parameter space on which impermanent loss should be considered and prove results that help in understanding the impermanent loss characteristics of different AMMs.

Link: https://arxiv.org/pdf/2203.11352.pdf

4. PCNsim: A Flexible and Modular Simulator for Payment Channel Networks
   Authors: Gabriel Antonio Fontes Rebello, Gustavo Franco Camilo, Maria Potop-Butucaru, Miguel Elias Mitre Campista, Marcelo Dias de Amorim, and Luís Henrique Maciel Kosmalski Costa

Payment channel networks (PCN) enable the use of cryptocurrencies in everyday life by solving the performance issues of blockchains. Nevertheless, the main implementations of payment channel networks lack the flexibility to test new proposals that can address fundamental challenges, such as efficient payment routing and maximization of the payment success rate. In this demo paper, we propose PCNsim, an open-source simulator based on OMNeT++, which fully reproduces the default behavior of a payment channel network. We build the simulator in a modular architecture that allows easy topology/workload customization and automates result visualization. The core mechanism of PCNsim implements the specifications of the Lightning Network. We evaluate our proposal with a dataset of credit card transactions in a scale-free topology and show that it successfully demonstrates the difference between two routing methods in different setups.

Link: https://hal.archives-ouvertes.fr/hal-03616584/document

5. How are Solidity smart contracts tested in open source projects? An exploratory study
   Authors: Luisa Palechor and Cor-Paul Bezemer

Smart contracts are self-executing programs that are stored on the blockchain. Once a smart contract is compiled and deployed on the blockchain, it cannot be modified. Therefore, having a bugfree smart contract is vital. To ensure a bug-free smart contract, it must be tested thoroughly. However, little is known about how developers test smart contracts in practice. Our study explores 139 open source smart contract projects that are written in Solidity to investigate the state of smart contract testing from three dimensions: (1) the developers working on the tests, (2) the used testing frameworks and testnets and (3) the type of tests that are conducted. We found that mostly core developers of a project are responsible for testing the contracts. Second, developers typically use only functional testing frameworks to test a smart contract, with Truffle being the most popular one. Finally, our results show that functional testing is conducted in most of the studied projects (93%), security testing is only performed in a few projects (9.4%) and traditional performance testing is conducted in none. In addition, we found 25 projects that mentioned or published external audit reports.

Link: http://asgaard.ece.ualberta.ca/papers/Conference/AST_2022_Palechor_How_are_Solidity_smart_contracts_tested_in_open_source_projects.pdf

6. Stateful to Stateless Modelling Stateless Ethereum
   Authors: Sandra Johnson, David Hyland-Wood, Anders L Madsen, and Kerrie Mengersen

The concept of ‘Stateless Ethereum’ was conceived with the primary aim of mitigating Ethereum’s unbounded state growth. The key facilitator of Stateless Ethereum is through the introduction of ‘witnesses’ into the ecosystem. The changes and potential consequences that these additional data packets pose on the network need to be identified and analysed to ensure that the Ethereum ecosystem can continue operating securely and efficiently. In this paper we propose a Bayesian Network model, a probabilistic graphical modelling approach, to capture the key factors and their interactions in Ethereum mainnet, the public Ethereum blockchain, focussing on the changes being introduced by Stateless Ethereum to estimate the health of the resulting Ethereum ecosystem. We use a mixture of empirical data and expert knowledge, where data are unavailable, to quantify the model. Based on the data and expert knowledge available to use at the time of modelling, the Ethereum ecosystem is expected to remain healthy following the introduction of Stateless Ethereum.

Link: https://arxiv.org/pdf/2203.12435.pdf

7. Strategic Analysis to defend against Griefing Attack in Lightning Network
   Authors: Subhra Mazumdar, Prabal Banerjee, Abhinandan Sinha, Sushmita Ruj, and Bimal Roy

Payments routed in Lightning Network are susceptible to a griefing attack. In this attack, the channels get blocked, and the affected parties cannot process any payment request. Our work is the first to analyze griefing attacks in Hashed Timelock Contract or HTLC, from a game-theoretic point of view. Using the same model, we analyze another payment protocol Hashed Timelock Contract with Griefing-Penalty or HTLC-GP, which was proposed to counter griefing attacks. We find that HTLC-GP is weakly effective in disincentivizing the attacker. To further increase the cost of attack, we introduce the concept of guaranteed minimum compensation and integrate it into HTLC-GP. This modified payment protocol is termed HTLC-GPζ and unlike HTLC-GP, the protocol considers the participants to act rationally. By experimenting on several instances of Lightning Network, we show that the capacity locked drops to 40% in the case of HTLC-GP when the rate of griefing-penalty is set to 4.5 × 10−5 , and 28% in the case of HTLC-GPζ when guaranteed minimum compensation is 2.5% of the transaction amount. These results justify our claim that HTLC-GPζ is better than HTLC-GP to counter griefing attacks.

Link: https://arxiv.org/pdf/2203.10533.pdf

8. SoK: Preventing Transaction Reordering Manipulations in Decentralized Finance
   Authors: Lioba Heimbach and Roger Wattenhofer

User transactions on Ethereum’s peer-to-peer network are at risk of being attacked. The smart contracts building decentralized finance (DeFi) have introduced a new transaction ordering dependency to the Ethereum blockchain. As a result, attackers can profit from front- and back-running transactions. Multiple approaches to mitigate transaction reordering manipulations have surfaced recently. However, the success of individual approaches in mitigating such attacks and their impact on the entire blockchain remains largely unstudied.
In this systematization of knowledge (SoK), we categorize and analyze state-of-the-art transaction reordering manipulation mitigation schemes. Instead of restricting our analysis to a scheme’s success at preventing transaction reordering attacks, we evaluate its full impact on the blockchain. Therefore, we are able to provide a complete picture of the strengths and weaknesses of current mitigation schemes. We find that currently no scheme fully meets all the demands of the blockchain ecosystem. In fact, all approaches demonstrate unsatisfactory performance in at least one area relevant to the blockchain ecosystem.

Link: https://arxiv.org/pdf/2203.11520.pdf

9. Bribes to Miners: Evidence from Ethereum
   Author: Xiaotong Sun

Though blockchain aims to alleviate bribing attacks, users can collude with miners by directly sending bribes. This paper focuses on empirical evidence of bribes to miners, and the detected behaviour implies that mining power could be exploited. By scanning transactions on Ethereum, transactions for potential direct bribes are filtered, and we find that the potential bribers and bribees are centralized in a small group. After constructing proxies of active level of potential bribing, we find that potential bribes can affect the status of Ethereum and other mainstream blockchains, and network adoption of blockchain can be influenced as well. Besides, direct bribes can be related to stock markets, e.g., S&P 500 and Nasdaq.

Link: https://arxiv.org/pdf/2203.14601.pdf

10. A Fly in the Ointment: An Empirical Study on the Characteristics of Ethereum Smart Contracts Code Weaknesses and Vulnerabilities
    Authors: Majd Soud, Grischa Liebel, and Mohammad Hamdaqa

Context: Smart contracts are computer programs that are automatically executed on the blockchain. Among other issues, vulnerabilities in their implementation have led to severe loss and theft of cryptocurrency. In contrast to traditional software, smart contracts become immutable when deployed to the Ethereum blockchain. Therefore, it is essential to understand the nature of vulnerabilities in Ethereum smart contracts to prevent these vulnerabilities in the future. Existing classifications exist, but are limited in several ways, e.g., focusing on single data sources, mixing dimensions, or providing categories that are not orthogonal.
Objective: This study aims to characterize vulnerabilities and code weaknesses in Ethereum smart contracts written in Solidity, and to unify existing classifications schemes on Ethereum smart contract vulnerabilities by mapping them to our classification.
Method: We extracted 2143 vulnerabilities from public coding platforms (i.e., GitHub and Stack Overflow) and popular vulnerability databases (i.e., National Vulnerability Database and Smart Contract Weakness Registry) and categorized them using a card sorting approach. We targeted the Ethereum blockchain in this paper, as it is the first and most popular blockchain to support the deployment of smart contracts, and Solidity as the most widely used language to implement smart contracts. We devised a classification scheme of smart contract vulnerabilities according to their error source and impact. Afterwards, we mapped existing classification schemes to our classification.
Results: The resulting classification consists of 11 categories describing the error source of a vulnerability and 13 categories describing potential impacts. Our findings show that the language specific coding and the structural data flow categories are the dominant categories, but that the frequency of occurrence differs substantially between the data sources.
Conclusions: Our findings enable researchers to better understand smart contract vulnerabilities by defining various dimensions of the problem and supporting our classification with mappings with literature-based classifications and frequency distributions of the defined categories. Also, they allow researchers to target their research and tool development to better support the implementation and quality assurance of smart contracts.

Link: https://arxiv.org/pdf/2203.14850.pdf

11. Shaduf++: Non-Cycle and Privacy-Preserving Payment Channel Rebalancing*
    Authors: Zhonghui Ge, Yi Zhang, Yu Long, and Dawu Gu

A leading approach to enhancing the performance and scalability of permissionless blockchains is to use the payment channel, which allows two users to perform off-chain payments with almost unlimited frequency. By linking payment channels together to form a payment channel network, users connected by a path of channels can perform off-chain payments rapidly. However, payment channels risk encountering fund depletion, which threatens the availability of both the payment channel and network. The most recent method needs a cycle-based channel rebalancing procedure, which requires a fair leader and users with rebalancing demands forming directed cycles in the network. Therefore, its large-scale applications are restricted.
In this work, we introduce Shaduf, a novel non-cycle offchain rebalancing protocol that offers a new solution for users to shift coins between channels directly without relying on the cycle setting. Shaduf can be applied to more general rebalancing scenarios. We provide the details of Shaduf and formally prove its security under the Universal Composability framework. Our prototype demonstrates its feasibility and the experimental evaluation shows that Shaduf enhances the Lighting Network performance in payment success ratio and volume. Experimental results also show that our protocol prominently reduces users’ deposits in channels while maintaining the same amount of payments. Moreover, as a privacy enhancement of Shaduf, we propose Shaduf++. Shaduf++ not only retains all the advantages of Shaduf, but also preserves privacy for the rebalancing operations.

Link: https://eprint.iacr.org/2022/388.pdf

12. Simple Three-Round Multiparty Schnorr Signing with Full Simulatability
    Author: Yehuda Lindell

In a multiparty signing protocol, also known as a threshold signature scheme, the private signing key is shared amongst a set of parties and only a quorum of those parties can generate a signature. Research on multiparty signing has been growing in popularity recently due to its application to cryptocurrencies. Most work has focused on reducing the number of rounds to two, and as a result: (a) are not fully simulatable in the sense of MPC real/ideal security definitions, and/or (b) are not secure under concurrent composition, and/or (c) utilize non-standard assumptions of different types in their proofs of security. In this paper, we describe a simple three-round multiparty protocol for Schnorr signatures and prove its security. The protocol is fully simulatable, secure under concurrent composition, and proven secure in the standard model or random-oracle model (depending on the instantiations of the commitment and zero-knowledge primitives). The protocol realizes an ideal Schnorr signing functionality with perfect security in the ideal commitment and zero-knowledge hybrid model (and thus the only assumptions needed are for realizing these functionalities). We also show how to achieve proactive security and identifiable abort.
In our presentation, we do not assume that all parties begin with the message to be signed, the identities of the participating parties and a unique common session identifier, since this is often not the case in practice. Rather, the parties achieve consensus on these parameters as the protocol progresses.

Link: https://eprint.iacr.org/2022/374.pdf