How to Peel a Million: Validating and Expanding Bitcoin Clusters
Author: George Kappos, Haaroon Yousaf, Rainer Stütz, Sofia Rollet, Bernhard Haslhofer, and Sarah Meiklejohn
One of the defining features of Bitcoin and the thousands of cryptocurrencies that have been derived from it is a globally visible transaction ledger. While Bitcoin uses pseudonyms as a way to hide the identity of its participants, a long line of research has demonstrated that Bitcoin is not anonymous. This has been perhaps best exemplified by the development of clustering heuristics, which have in turn given rise to the ability to track the flow of bitcoins as they are sent from one entity to another.
In this paper, we design a new heuristic that is designed to track a certain type of flow, called a peel chain, that represents many transactions performed by the same entity; in doing this, we implicitly cluster these transactions and their associated pseudonyms together. We then use this heuristic to both validate and expand the results of existing clustering heuristics. We also develop a machine learning-based validation method and, using a ground-truth dataset, evaluate all our approaches and compare them with the state of the art. Ultimately, our goal is to not only enable more powerful tracking techniques but also call attention to the limits of anonymity in these systems.
An Analysis of Upgradeability, Oracles, and Stablecoins in the Ethereum Blockchain
Author: Mehdi Salehi
The Ethereum blockchain is a widely adopted global alternative to cloud computing platforms, currently used primarily for financial services. Given the large number of funds held by smart contracts and decentralized applications on top of Ethereum, there are profound security implications for both users and enterprise developers.
Over time, developers have brought more complex logic to Ethereum. For example, contracts often require access to valid, real-world data. In most cases, the system’s functionality and security are strongly dependent on the correctness and safeness of the data pushed to the blockchain. One topic of this thesis is an oracle system—infrastructure added to the blockchain to respond to this need. As contract code becomes more complex, it is increasingly likely that the code has bugs or vulnerabilities. Given smart contracts are immutable and tamper-proof, it seems impossible to upgrade a contract should a fix or patch be needed. Another topic of this thesis examines contract deployment patterns that enable and handle the upgradeability of smart contracts in Ethereum. Finally, the thesis also considers an application of oracle technology: payments made in stable currencies such as USD and not blockchain native currencies such as ETH, which are volatile in price. This thesis explains each topic in detail, evaluating the security risks of each, and examining any consequences for user trust and the degree of decentralization.
Conceptual Flaws of Decentralized Automated Market Making
Author: Andreas Park
Decentralized exchanges (DEXes) are an essential component of the nascent decentralized finance (DeFi) ecosystem. The most common DEXes are so-called automated market makers (AMMs), smart contracts that pool liquidity and process trades as atomic swaps of tokens. AMMs price transactions with a deterministic liquidity invariance rule that only uses the AMM’s token deposits as inputs and that has no precedent in traditional finance. Yet in the context of transparent and open blockchain operations, any liquidity invariance pricing function allows so-called sandwich attacks (akin to frontrunning) that increase the cost of trading and threaten the long-term viability of the DeFi eco-system. Linear price rules that commonly emerge in economic models have similar problems, except for uniform pricing for which sandwich attack profits are limited and smaller, but which invites excessive order splitting.
Secure Hierarchical Deterministic Wallet Supporting Stealth Address
Authors: Xin Yin, Zhen Liu, Guomin Yang, Guoxing Chen, and Haojin Zhu
Over the past decade, cryptocurrency has been undergoing a rapid development. Digital wallet, as the tool to store and manage the cryptographic keys, is the primary entrance for the public to access cryptocurrency assets. Hierarchical Deterministic Wallet (HDW), proposed in Bitcoin Improvement Proposal 32 (BIP32), has attracted much attention and been widely used in the community, due to its virtues such as easy backup/recovery, convenient cold-address management, and supporting trust-less audits and applications in hierarchical organizations. While HDW allows the wallet owner to generate and manage his keys conveniently, Stealth Address (SA) allows a payer to generate fresh address (i.e., public key) for the receiver without any interaction, so that users can achieve “one coin each address” in a very convenient manner, which is widely regarded as a simple but effective way to protect user privacy. Consequently, SA has also attracted much attention and been widely used in the community. However, as so far, there is not a secure wallet algorithm that provides the virtues of both HDW and SA. Actually, even for standalone HDW, to the best of our knowledge, there is no strict definition of syntax and models that captures the functionality and security (i.e., safety of coins and privacy of users) requirements that practical scenarios in cryptocurrency impose on wallet. As a result, the existing wallet algorithms either have (potential) security flaws or lack crucial functionality features.
In this work, we formally define the syntax and security models of Hierarchical Deterministic Wallet supporting Stealth Address (HDWSA), capturing the functionality and security (including safety and privacy) requirements imposed by the practice in cryptocurrency, which include all the versatile functionalities that lead to the popularity of HDW and SA as well as all the security guarantees that underlie these functionalities. We propose a concrete HDWSA construction and prove its security in the random oracle model. We implement our scheme and the experimental results show that the efficiency is suitable for typical cryptocurrency settings.
Wiser: Increasing Throughput in Payment Channel Networks with Transaction Aggregation
Authors: Samarth Tiwari, Michelle Yeo, Zeta Avarikioti, Iosif Salem, Krzysztof Pietrzak, and Stefan Schmid
Payment channel networks (PCNs) are one of the most prominent solutions to the limited transaction throughput of blockchains. Nevertheless, PCNs suffer themselves from a throughput limitation due to the capital constraints of their channels. A similar dependence on high capital is also found in inter-bank payment settlements, where the so-called netting technique is used to mitigate liquidity demands. In this work, we alleviate this limitation by introducing the notion of transaction aggregation: instead of executing transactions sequentially through a PCN, we enable senders to aggregate multiple transactions and execute them simultaneously to benefit from several amounts that may “cancel out”. Two direct advantages of our proposal is the decrease in intermediary fees paid by senders as well as the obfuscation of the transaction data from the intermediaries.
We formulate the transaction aggregation as a computational problem, a generalization of the Bank Clearing Problem. We present a generic framework for the transaction aggregation execution, and thereafter we propose WISER as an implementation of this framework in a specific hub-based setting. To overcome the NP-hardness of the transaction aggregation problem, in WISER we propose a fixed-parameter linear algorithm for a special case of transaction aggregation as well as the Bank Clearing Problem. WISER can also be seen as a modern variant of the Hawala money transfer system, as well as a decentralized implementation of the overseas remittance service of Wise.
eTainter: Detecting Gas-Related Vulnerabilities in Smart Contracts
Authors: Asem Ghaleb, Julia Rubin, and Karthik Pattabiraman
The execution of smart contracts on the Ethereum blockchain consumes gas paid for by users submitting contracts’ invocation requests. A contract execution proceeds as long as the users dedicate enough gas, within the limit set by Ethereum. If insufficient gas is provided, the contract execution halts and changes made during execution get reverted. Unfortunately, contracts may contain code patterns that increase execution cost, causing the contracts to run out of gas. These patterns can be manipulated by malicious attackers to induce unwanted behavior in the targeted victim contracts, e.g., Denial-of-Service (DoS) attacks. We call these gas-related vulnerabilities. We propose eTainter, a static analyzer for detecting gas-related vulnerabilities based on taint tracking in the bytecode of smart contracts. We evaluate eTainter by comparing it with the prior work, MadMax, on a dataset of annotated contracts. The results show that eTainter outperforms MadMax in both precision and recall, and that eTainter has a precision of 90% based on manual inspection. We also use eTainter to perform large-scale analysis of 60,612 real-world contracts on the Ethereum blockchain. We find that gas-related vulnerabilities exist in 2,763 of these contracts, and that eTainter analyzes a contract in eight seconds, on average.
On the Routing Convergence Delay in the Lightning Network
Authors: Niklas Gögge, Elias Rohrer, and Florian Tschorsch
Nodes in the Lightning Network synchronise routing information through a gossip protocol that makes use of a staggered broadcast mechanism. In this work, we show that the convergence delay in the network is larger than what would be expected from the protocol’s specification and that payment attempt failures caused by the delay are more frequent, the larger the delay is. To this end, we measure the convergence delay incurred in the network and analyse what its primary causes are. Moreover, we further investigate and confirm our findings through a timediscrete simulation of the Lightning Network gossip protocol. We explore the use of alternative gossip protocols as well as parameter variations of the current protocol and evaluate them by the resulting bandwidth usage and convergence delay. Our research shows that there are multiple ways of lowering the convergence delay, ranging from simple parameter changes to overhauling the entire protocol.