- Attacks on Smart Contracts
Author: Otto Porkka
Blockchain technologies and cryptocurrencies have gained massive popularity in the past few years. Smart contracts extend the utility of these distributed ledgers to distributed state machines, where anyone can store and run code and then mutually agree on the next state. This opens up a whole new world of possibilities, but also many new security challenges.
In this thesis we give an up-to-date survey on smart contract security issues. First we give a brief introduction to blockchains and smart contracts and explain the most common attack types and some mitigations against them. Then we sum up and analyse our findings.
We find out that many of the attacks could be avoided or at least severely mitigated if the coders followed good coding practices and used design patterns that are proven to be good. Another finding is that changing the underlying blockchain technology to counter the issues is usually not the best way, as it is hard and troublesome to do and might restrict the usability of contracts too much. Lastly, we find out that many new automated tools for security are being developed and used, which indicates movement towards more conventional coding where automated tools like scanners and analysers are being used to cover a large set of security issues.
- Smart contract vulnerabilities continue to hinder the proliferation of dapps and have led to billions of dollars of stolen funds.
- This paper provides a comprehensive literature review that covers most of the known taxonomized smart contract vulnerabilities.
- What makes this paper particularly interesting is that the author also aggregates mitigation strategies that can be employed by smart contract developers to prevent each attack vector described.
Link: DSpace
- FlashSyn: Flash Loan Attack Synthesis via Counter Example Driven Approximation
Authors: Zhiyang Chen, Sidi Mohamed Beillahi, and Fan Long
In decentralized finance (DeFi) ecosystem, lenders can offer flash loans to borrowers, i.e., loans that are only valid within a blockchain transaction and must be repaid with some fees by the end of that transaction. Unlike normal loans, flash loans allow borrowers to borrow a large amount of assets without upfront collaterals deposits. Malicious adversaries can use flash loans to gather large amount of assets to launch costly exploitations targeting DeFi protocols.
In this paper, we introduce a new framework for automated synthesis of adversarial contracts that exploit DeFi protocols using flash loans. To bypass the complexity of a DeFi protocol, we propose a new technique to approximate DeFi protocol functional behaviors using numerical methods. Then, we propose a novel algorithm to find an adversarial attack which constitutes of a sequence of invocations of functions in a DeFi protocol with the optimized parameters for profits. We implemented our framework in a tool called FlashSyn. We run FlashSyn on 5 DeFi protocols that were victims to flash loan attacks and DeFi protocols from Damn Vulnerable DeFi challenges. FlashSyn automatically synthesizes an adversarial attack for each one of them.
- Flash Loans are a novel type of DeFi loan. They enable capital to be borrowed without the need to post collateral as long as the principal is paid back within the same transaction.
- While incredibly useful for market efficiency and arbitrage, many protocols have been attacked with the help of Flash Loans.
- This paper introduces an interesting tool to assess a protocol’s susceptibility to a flash loan attack. The schema, dubbed FlashSyn, can be very useful in mechanism design and its relationship with protocol governance.
Link: https://arxiv.org/pdf/2206.10708.pdf
- A Survey of DeFi Security: Challenges and Opportunities
Authors: Wenkai Li, Jiuyang Bu, Xiaoqi Li, Hongli Peng, Yuanzheng Niu, and Xianyi Chen
Decentralized finance (DeFi), which is a promising domain since the era of blockchain 2.0, locked $200 billion in April 2022. However, it quickly dropped to $100 billion in May 2022, which makes us realize that security issues in this area are still a challenging job. DeFi is more complex than traditional finance because it is decentralized through blockchain and without a trustworthy third-party institution to act as a guarantee. So it owns not only financial properties but also technical aspects. Existing synthesis work for DeFi tends to ignore the relevance of various layers of security for the whole system. In addition, distinct layers have different means of protection against specific vulnerabilities, which is not considered by existing analytical work. In this paper, we perform a vulnerability analysis for the entire technology layer of the DeFi application, and then we collect the most impactive attacks in recent years. Finally, we summarize the existing optimization approaches for different layers and provide some challenges and future directions.
- Many papers analyzing the security of smart contracts tend to focus on application layer items, such as how smart contracts are written and tested.
- However, smart contracts are also susceptible to events taking place within the networks that hosts them.
- This paper is interesting as it provides a complete view of vulnerabilities in Ethereum. Beyond smart contract vulnerabilities, it also provides a review of vulnerabilities that impacts networks as a whole by focusing on the main Ethereum client, go-ethereum (geth).
Link: https://arxiv.org/pdf/2206.11821.pdf
- zPROBE: Zero Peek Robustness Checks for Federated Learning
Authors: Zahra Ghodsi, Mojan Javaheripi, Nojan Sheybani, Xinqiao Zhang, Ke Huang, and Farinaz Koushanfar
Privacy-preserving federated learning allows multiple users to jointly train a model with coordination of a central server. The server only learns the final aggregation result, thereby preventing leakage of the users’ (private) training data from the individual model updates. However, keeping the individual updates private allows malicious users to perform Byzantine attacks and degrade the model accuracy without being detected. Best existing defenses against Byzantine workers rely on robust rank-based statistics, e.g., the median, to find malicious updates. However, implementing privacy-preserving rank-based statistics is nontrivial and unscalable in the secure domain, as it requires sorting of all individual updates. We establish the first private robustness check that uses high break point rank-based statistics on aggregated model updates. By exploiting randomized clustering, we significantly improve the scalability of our defense without compromising privacy. We leverage the derived statistical bounds in zero-knowledge proofs to detect and remove malicious updates without revealing the private user updates. Our novel framework, zPROBE, enables Byzantine resilient and secure federated learning. Empirical evaluations demonstrate that zPROBE provides a low overhead solution to defend against state-of-the-art Byzantine attacks while preserving privacy.
- Federated Learning is a technique where multiple entities jointly contribute data to a Machine Learning model.
- This technique is useful as it drastically increases the quantity of data available and has multiple applications in crypto, such as address clustering and anomaly detection.
- This paper proposes a system that attempts to solve one of the most significant drawbacks of Federated Learning: privacy.
- Its schema employs Zero-Knowledge Proofs (ZKPs) to protect the privacy of data contributors while retaining Byzantine fault-tolerance, which may expand the set of use cases this technology can address.
Link: https://arxiv.org/pdf/2206.12100.pdf
- Graph Analysis of the Ethereum Blockchain Data: A Survey of Datasets, Methods, and Future Work
Author: Arijit Khan
Ethereum, currently the most actively-used and the second-largest blockchain platform, consists of a heterogeneous ecosystem, cohabited by human users, smart contracts (autonomous agents), ether (native cryptocurrency), tokens (digital assets), dApps (decentralized applications), and DeFi (decentralized finance). These key actors in the Ethereum interact with each other via transactions and contract calls. Given the highly connected structure, graph-based modeling is an optimal tool to analyze the data stored in Ethereum blockchain. Recently, several research works performed graph analysis on the publicly available Ethereum blockchain data to reveal insights into its transactions and for important downstream tasks, e.g., cryptocurrency price prediction, address clustering, phishing scams and counterfeit tokens detection. In this work, we conduct an in-depth survey of the existing literature. We categorize them based on publication years, venues, core ranking, and authors’ affiliations, data usage and graphs construction, graph mining and machine learning techniques employed, and the new insights derived by them. We conclude by discussing our recommendations on the future work. Our article will be useful to data scientists, researchers, financial analysts, and blockchain enthusiasts.
- Graph-based analyses are instrumental in the understanding of many cryptocurrency topics, such as on-chain privacy and address clustering.
- This paper aggregates all Ethereum graph analyses and covers a wide range of topics where graph representations are useful.
- Such aggregations are useful for researchers evaluating related works, or for anyone applying graph analysis to Ethereum data.
- Suborn Channels: Incentives Against Timelock Bribes
Authors: Zeta Avarikioti and Orfeas Stefanos Thyfronitis Litos
As the Bitcoin mining landscape becomes more competitive, analyzing potential attacks under the assumption of rational miners becomes increasingly relevant. In the rational setting, blockchain users can bribe miners to reap an unfair benefit. Established protocols such as Duplex Micropayment Channels and Lightning Channels are susceptible to bribery, which upends their financial guarantees. Indeed, we prove that in a two-party contract in which the honest party can spend an output right away, whereas the malicious can only spend the same output after a timelock, the latter party can promise a high fee to the miners, who then intentionally ignore the transaction of the honest party in anticipation of the higher fee. This effectively prevents a valid transaction from ever entering the blockchain, resulting in potentially severe financial losses for the honest and considerable gains for the malicious party.
We expand previous results on timelock bribes to more realistic blockchains, proving that a general class of contracts are susceptible. We then apply our results to Duplex Micropayment Channels and Lightning Channels, providing exact bounds on their safe operating region. Furthermore, we enhance the Bitcoin Script of Duplex Micropayment Channels so that the coins of a party that attempts to bribe are given to the miners as fees, therefore effectively disincentivizing bribes. Our solution, named Suborn channels, is implemented as a proof-of-concept. We also propose a small change to Lightning Channels that achieves a similar effect. Moreover, we formally express the exact circumstances under which our two proposals ensure alignment of miner incentives with the prescribed protocol outcome.
- Over the years, a host of bribery attacks on the Lightning Network have been formulated, and a subset of them have been mitigated.
- This paper is interesting because it nicely formulates attack scenarios where bribing is used to compromise miners to censor or prioritize certain Payment Channel operational transactions.
- The authors propose a solution to better align mining incentives and mitigate this type of attack, which may become more prevalent as miner competition intensifies.
Link: https://eprint.iacr.org/2022/814.pdf
- Bitcoin Oracle Contracts: Discreet Log Contracts in Practice (Paywalled)
Authors: Thibaut Le Guilly, Nadav Kohen, and Ichiro Kuwahara
Contracts established on a blockchain remove the need for intermediary third parties, but usually require external data to decide on an outcome, provided by a so-called oracle. Discreet Log Contracts were proposed as a way to establish such contracts on the Bitcoin blockchain without requiring interaction with an oracle, increasing the privacy of the contracting parties. To enable cross-compatible implementations to be developed, a specification effort was carried out, that led to various improvements over and additions to the original proposal. In particular, we present in this paper a simpler protocol making use of adaptor signatures, detail the handling of contracts with numerical outcomes, and how to create them using multiple oracles. We also provide some algorithmic optimizations to speed up contract creation and experimental results on performance highlighting their impact and demonstrating the useability of the overall system.
- Discreet Log Contracts are a promising solution to increase the ability to process complex logic in the Bitcoin blockchain.
- This paper presents an interesting implementation of a contract which uses adaptor signatures to create smart contracts that are oracle-agnostic.
- Round Efficient Byzantine Agreement from VDFs
Authors: Poulami Das, Lisa Eckey, Sebastian Faust, Julian Loss, and Monosij Maitra
Byzantine agreement (BA) is a fundamental primitive in distributed systems and has received huge interest as an important building block for blockchain systems. Classical byzantine agreement considers a setting where n parties with fixed, known identities want to agree on an output in the presence of an adversary. Motivated by blockchain systems, the assumption of fixed identities is weakened by using a resource-based model. In such models, parties do not have fixed known identities but instead have to invest some expensive resources to participate in the protocol. Prominent examples for such resources are computation (measured by, e.g., proofs-of-work) or money (measured by proofs-of-stake). Unlike in the classical setting where BA without trusted setup (e.g., a PKI or an unpredictable beacon) is impossible for t ≥ n/3 corruptions, in such resource-based models, BA can be constructed for the optimal threshold of t < n/2. In this work, we investigate BA without a PKI in the model where parties have restricted computational resources. Concretely, we consider sequential computation modeled via computing a verifiable delay function (VDF) and establish the following results:
- Positive result: We present the first protocol for BA with expected constant round complexity and termination under adaptive corruption, honest majority and without a PKI. Earlier work achieved round complexity O(nκ2 ) (CRYPTO’15) or O(κ) (PKC’18), where κ is the security parameter.
- Negative result: We give the first lower bound on the communication complexity of BA in a model where parties have restricted computational resources. Concretely, we show that a multicast complexity of O(√ n) is necessary even if the parties have access to a VDF-oracle.
- VDFs may play a critical role in the evolution of Proof-of-Stake, as they enable better selection of block producers.
- However, there are many open research items related to the use of VDFs within a consensus process.
- This paper attempts to shed a light on how VDFs could be used in consensus and how they may impact Byzantine fault tolerance.