Research Pulse #60 04/11/22

  1. Extracting Godl [sic] from the Salt Mines: Ethereum Miners Extracting Value
    Authors: Julien Piet, Jaiden Fairoze, and Nicholas Weaver

Cryptocurrency miners have great latitude in deciding which transactions they accept, including their own, and the order in which they accept them. Ethereum miners in particular use this flexibility to collect MEV—Miner Extractable Value— by structuring transactions to extract additional revenue. Ethereum also contains numerous bots that attempt to obtain MEV based on public-but-not-yet-confirmed transactions. Private relays shelter operations from these selfsame bots by directly submitting transactions to mining pools.
In this work, we develop an algorithm to detect MEV exploitation present in previously mined blocks. We use our implementation of the detector to analyze MEV usage and profit redistribution, finding that miners make the lion’s share of the profits, rather than independent users of the private relays. More specifically, (i) 73% of private transactions hide trading activity or re-distribute miner rewards, and 87.6% of MEV collection is accomplished with privately submitted transactions, (ii) our algorithm finds more than $6M worth of MEV profit in a period of 12 days, two thirds of which go directly to miners, and (iii) MEV represents 9.2% of miners’ profit from transaction fees.
Furthermore, in those 12 days, we also identify four blocks that contain enough MEV profits to make time-bandit forking attacks economically viable for large miners, undermining the security and stability of Ethereum as a whole.


  1. Large-Scale Empirical Study of Inline Assembly on 7.6 Million Ethereum Smart Contracts
    Authors: Zhou Liao, Shuwei Song, Hang Zhu, Xiapu Luo, Zheyuan He, Renkai Jiang, Ting Chen, Jiachi Chen, Tao Zhang, and Xiao-song Zhang

Being the most popular programming language for developing Ethereum smart contracts, Solidity allows using inline assembly to gain fine-grained control. Although many empirical studies on smart contracts have been conducted, to the best of our knowledge, none has examined inline assembly in smart contracts. To fill the gap, in this paper, we conduct the first large-scale empirical study of inline assembly on >7.6 million open-source Ethereum smart contracts from three aspects, namely, source code, bytecode, and transactions after designing new approaches to tackle several technical challenges. Through a thorough quantitative and qualitative analysis of the collected data, we obtain many new observations and insights. Moreover, by conducting a questionnaire survey on using inline assembly in smart contracts, we draw new insights from the valuable feedback. This work sheds light on the development of smart contracts as well as the evolution of Solidity and its compilers.

Link: Large-Scale Empirical Study of Inline Assembly on 7.6 Million Ethereum Smart Contracts | IEEE Journals & Magazine | IEEE Xplore

  1. NFTs For 3D Models: Sustaining Ownership In Industry 4.0
    Authors: Dimitris Mouris and Nektarios Georgios Tsoutsos

Digital manufacturing (DM) is actively adopted to the production lifecycles of a variety of critical industries, and this rapid growth has resulted in exponential increase of 3D computer-aided design (CAD) models. Unfortunately, counterfeiting of intellectual property becomes a prominent threat as many 3D designs are accessible online, combined with the proliferation of cheap consumer 3D printers that enable malicious actors to produce non-authentic parts. State-of-the-art techniques to secure manufacturing processes mostly rely on watermarking, which embeds hidden information inside CAD models to prove ownership and authenticity. Nevertheless, such techniques tamper with the model itself, while existing attacks allow removing such watermarks altogether. To address these shortcomings, we integrate signal processing and cryptographic techniques and describe a tailored solution for CAD model ownership and supply chain management. Our approach generates unique identifiers for 3D designs using frequency-domain transforms and employs non-fungible tokens (NFTs) that persist on public distributed ledgers. Our NFTs are implemented on the Ethereum blockchain using smart contracts and their functionality is twofold: (a) authenticate the owner of a CAD model, and (b) enable ownership transfer. To validate our technique, we deployed our smart contract on Ethereum’s proof-of-work Ropsten network and demonstrated the applicability of our methodology.

Link: NFTs For 3D Models: Sustaining Ownership In Industry 4.0 | IEEE Journals & Magazine | IEEE Xplore

  1. Attacking Bitcoin anonymity: generative adversarial networks for improving Bitcoin entity classification
    Authors: Francesco Zola, Lander Segurola-Gil, Jan L. Bruse, Mikel Galar, and Raul Orduna-Urrutia

Classification of Bitcoin entities is an important task to help Law Enforcement Agencies reduce anonymity in the Bitcoin blockchain network and to detect classes more tied to illegal activities. However, this task is strongly conditioned by a severe class imbalance in Bitcoin datasets. Existing approaches for addressing the class imbalance problem can be improved considering generative adversarial networks (GANs) that can boost data diversity. However, GANs are mainly applied in computer vision and natural language processing tasks, but not in Bitcoin entity behaviour classification where they may be useful for learning and generating synthetic behaviours. Therefore, in this work, we present a novel approach to address the class imbalance in Bitcoin entity classification by applying GANs. In particular, three GAN architectures were implemented and compared in order to find the most suitable architecture for generating Bitcoin entity behaviours. More specifically, GANs were used to address the Bitcoin imbalance problem by generating synthetic data of the less represented classes before training the final entity classifier. The results were used to evaluate the capabilities of the different GAN architectures in terms of training time, performance, repeatability, and computational costs. Finally, the results achieved by the proposed GAN-based resampling were compared with those obtained using five well-known data-level preprocessing techniques. Models trained with data resampled with our GAN-based approach achieved the highest accuracy improvements and were among the best in terms of precision, recall and f1-score. Together with Random Oversampling (ROS), GANs proved to be strong contenders in addressing Bitcoin class imbalance and consequently in reducing Bitcoin entity anonymity (overall and per-class classification performance). To the best of our knowledge, this is the first work to explore the advantages and limitations of GANs in generating specific Bitcoin data and “attacking” Bitcoin anonymity. The proposed methods ultimately demonstrate that in Bitcoin applications, GANs are indeed able to learn the data distribution and generate new samples starting from a very limited class representation, which leads to better detection of classes related to illegal activities.


  1. FIRST: FrontrunnIng Resilient Smart ConTracts
    Authors: Emrah Sariboz, Gaurav Panwar, Roopa Vishwanathan, and Satyajayant Misra

Owing to the meteoric rise in the usage of cryptocurrencies, there has been a widespread adaptation of traditional financial applications such as lending, borrowing, margin trading, and more, to the cryptocurrency realm. In some cases, the inherently transparent and unregulated nature of cryptocurrencies leads to attacks on users of these applications. One such attack is frontrunning, where a malicious entity leverages the knowledge of currently unprocessed financial transactions submitted by users and attempts to get its own transaction(s) executed ahead of the unprocessed ones. The consequences of this can be financial loss, inaccurate transactions, and even exposure to more attacks. We propose FIRST, a framework that prevents frontrunning attacks, and is built using cryptographic protocols including verifiable delay functions and aggregate signatures. In our design, we have a federated setup for generating the public parameters of the VDF, thus removing the need for a single trusted setup. We formally analyze FIRST, prove its security using the Universal Composability framework and experimentally demonstrate the effectiveness of FIRST.


  1. Providing Liquidity in Uniswap V3
    Author: Yann Huynh

One of the largest DEX Uniswap released their version v3 in 2021 and introduced the concept of concentrated liquidity. Now liquidity providers in Uniswap v3 need to choose a range in which they want to provide liquidity. We built a robust and precise backtester based on the original Uniswap v3 smart contract and used it to test eleven different strategies for liquidity providers. We analyzed those strategies on the USDC-ETH pool with 0.05% transaction fee. We found strategies that performed really well when Ethereum was going up, but most of these strategies did not perform so well when Ethereum was going down. We also analyzed the delta of liquidity provision strategies.


  1. Identifying Security Risks in NFT Platforms
    Authors: Yash Gupta and Jayanth Kumar

Purpose: This paper examines the effects of inherent risks in the emerging technology of non-fungible tokens and proposes an actionable set of solutions for stakeholders in this ecosystem and observers. Web3 and NFTs are a fast-growing 300 billion dollar economy with some clear, highly publicized harms that came to light recently. We set out to explore the risks to understand their nature and scope, and if we could find ways to mitigate them.
Method: In due course of investigation, we recap the background of the evolution of the web from a client-server model to the rise of Web2.0 tech giants in the early 2000s. We contrast how the Web3 movement is trying to re-establish the independent style of the early web. In our research we discover a primary set of risks and harms relevant to the ecosystem, and classify them into a simple taxonomy while addressing their mitigations with solutions.
Results: We arrive at a set of solutions that are a combination of processes to be adopted, and technological changes or improvements to be incorporated into the ecosystem, to implement risk mitigations. By linking mitigations to individual risks, we are confident our recommendations will improve the security maturity of the growing Web3 ecosystem.
Implications: The Web 3 and NFT movement isn’t just about trading digital goods, but is creating fundamental new capabilities for our Internet, helping people establish clear ownership of digital goods. Establishing security best practices will enable serious minimization of harms in this nascent technology.
Disclaimer: We are not endorsing, or recommending specifically any particular product or service in our solution set. Nor are we compensated or influenced in any way by these companies to list these products in our research. The evaluations of products in our research have to simply be viewed as suggested improvements.