Research Pulse #84 09/26/2022

  1. Proofs of Proof-of-Stake with Sublinear Complexity
    Authors: Shresth Agrawal, Joachim Neu, Ertem Nusret Tas, and Dionysis Zindros

Popular Ethereum wallets (e.g., MetaMask) entrust centralized infrastructure providers (e.g., Infura) to run the consensus client logic on their behalf. As a result, these wallets are light-weight and high-performant, but come with security risks. A malicious provider can completely mislead the wallet, e.g., fake payments and balances, or censor transactions. On the other hand, light clients, which are not in popular use today, allow decentralization, but at inefficient linear bootstrapping complexity. This poses a dilemma between decentralization and performance. In this paper, we design, implement, and evaluate a new proof-of-stake (PoS) superlight client with logarithmic bootstrapping complexity. Our key insight is to leverage the standard existential honesty assumption, i.e., that the verifier (client) is connected to at least one honest prover (full node). The proofs of PoS take the form of a Merkle tree of PoS epochs. The verifier enrolls the provers in a bisection game, in which the honest prover is destined to win once an adversarial Merkle tree is challenged at sufficient depth. We implement a complete client that is compatible with mainnet PoS Ethereum to evaluate our construction: compared to the current light client construction proposed for PoS Ethereum, our client improves time-to-completion by 9×, communication by 180×, and energy usage by 30×. We prove our construction secure and show how to employ it for other proof-of-stake systems such as Cardano, Algorand, and Snow White.

Link to Paper

  • The majority of users interact with their blockchain of choice via simple wallets such as MetaMask. These programs tend to rely on centralized infrastructure to facilitate the interaction between decentralized applications and users that do not run their own nodes.

  • While incredibly convenient, such wallets pose a centralization threat that enables not only specific users to be targeted but may also be a single point of failure to the network as a whole.

  • This paper presents a fascinating scheme for more secure crypto wallets via so-called light-clients. Beyond diminishing the impact of centralization, the schema presented improves time-to-completion by 9×, communication by 180×, and energy usage by 30×.

  1. λ - Constant Function Markets Generalizing and Mixing Automated Market Makers
    Authors: Giorgos Felekis and Jesper Kristensen

One of the most exciting recent developments in Decentralized Finance (DeFi) has been the development of decentralized exchanges, called Automated Market Mak-ers (AMMs). In this work, we study the most prominent special class of them, the Constant Function Market Makers (CFMMs). We introduce a generalized formula for CFMMs, called λCFMMs, which encapsulates the idea of combining the advantages of constant sum and constant mean CFMMs by blending their functions where λ is the degree of mixture. Our experiments demonstrate the behaviour of this generalized formula for various token pools with different properties and price differences, and evaluate its performance regarding slippage and imper-manent loss for different degrees of mixture during a trading period. We further show that given the nature of the pool and an optimization objective, different levels of mixture lead to optimal non-trivial functions, which as we show, outperform some of the most popular AMMs such as Uniswap. The novelty of λ CFMMs is both the mixing method that helps us target more efficient AMM functions and also the fact that motivates the idea of dynamic AMM functions that given certain features can self-adjust their parameters in order to produce mutual profits for both the traders and the liquidity providers.

Link to Paper

  • Mechanism design is one of the most fascinating research areas in DeFi, especially as it relates to lending and trading use cases.

  • The most predominant design used by Decentralized Exchanges such as Uniswap is called the Constant Function Market Maker (CFMM) model, whereby swaps are priced based on the balance of two liquidity pools relative to a constant function.

  • There have been many discussions on how this design can be improved so that swaps can be more efficiently priced. This has led to the creation of multiple variants of the CFMM model.

  • This paper discusses a mix of these variants, namely the constant sum and constant mean CFMM model, as a way to achieve better pricing. The authors call this blend Lambda CFMM (λCFMM) and show how, beyond price efficiency, this design can decrease the impact of impermanent loss on liquidity providers.

  1. Code Cloning in Smart Contracts on the Ethereum Platform: An Extended Replication Study
    Authors: Faizan Khan, Istvan David, Daniel Varro, and Shane McIntosh

Smart contracts are programs deployed on blockchains that run upon meeting predetermined conditions. Once deployed, smart contracts are immutable, thus, defects in the deployed code cannot be fixed. As a consequence, software engineering anti-patterns, such as code cloning, pose a threat to code quality and security if unnoticed before deployment. In this paper, we report on the cloning practices of the Ethereum blockchain platform by analyzing 33,073 smart contracts amounting to over 4MLOC. Prior work reported an unusually high 79.2% of code clones in Ethereum smart contracts. We replicate this study at the conceptual level, i.e.,we answer the same research questions by employing different methods. In particular, we analyze clones at the granularity of functions instead of code files, thereby providing a more fine-grained estimate of the clone ratio. Furthermore, we analyze more complex clone types, allowing for a richer analysis of cloning cases. To achieve this finer granularity of cloning analysis, we rely on the NiCad clone detection tool and extend it with support for Solidity, the programming language of the Ethereum platform. Our analysis shows that most findings of the original study hold at the finer granularity of our study as well; but also sheds light on some differences, and contributes new findings. Most notably, we report a 30.13% overall clone ratio, out of which 27.03% are exact duplicates. Our findings motivate improving the reuse mechanisms of Solidity, and in a broader context, of programming languages used for the development of smart contracts. Tool builders and language engineers can use this paper in the design and development of such reuse mechanisms.Business stakeholders can use this paper to better assess the security risks and technical outlooks of blockchain platforms.

Link to Paper

  • Application cloning is a common practice in Ethereum since many dApps share the very same functionality. For example, most ERC20s, NFTs, and even DEXs are often implemented using the same, hopefully battle-tested, codebase.
  • This paper evaluates the extent to which code cloning takes place in Ethereum. The authors find that 27% of smart contracts on Ethereum are exact clones of other contracts, which speaks to the level of standardization and (at times) plagiarism currently in place.
  • Standardization is a positive trend for the industry, especially when it comes to ERC20s and NFTs, but the line between plagiarism and standardization can often be often blurred.
  1. Et tu, Blockchain? Outsmarting Smart Contracts via Social Engineering
    Authors: Nikolay Ivanov and Qiben Yan

We reveal six zero-day social engineering attacks in Ethereum, and subdivide them into two classes: Address Manipulation and Homograph. We demonstrate the attacks by embedding them in source codes of five popular smart contracts with combined market capitalization of over $29 billion, and show that the attacks have the ability to remain dormant during the testing phase and activate only after production deployment. We analyze 85,656 open source smart contracts and find 1,027 contracts that can be directly used for performing social engineering attacks. For responsible disclosure, we contact seven smart contract security firms. In the spirit of open research, we make the source codes of the attack benchmark, tools, and datasets available to the public.

Link to Paper

  • This succinct (2 pages), yet fascinating paper discusses very relevant and practical social engineering attack vectors on Ethereum Smart Contracts.
  • For context, social engineering is the use of deception to manipulate entities (often those that control a smart contract) into sharing confidential information or otherwise facilitating a hack.
  1. MANDO-GURU: Vulnerability Detection for Smart Contract Source Code by Heterogeneous Graph Embeddings
    Authors: Hoang H. Nguyen, Nhat-Minh Nguyen, Hong-Phuc Doan, Zahra Ahmadi, Thanh-Nam Doan, and Lingxiao Jiang

Smart contracts are increasingly used with blockchain systems for high-value applications. It is highly desired to ensure the quality of smart contract source code before they are deployed. This paper proposes a new deep learning-based tool, MANDO-GURU, that aims to accurately detect vulnerabilities in smart contracts at both coarse-grained contract-level and fine-grained line-level. Using a combination of control-flow graphs and call graphs of Solidity code, we design new heterogeneous graph attention neural networks to encode more structural and potentially semantic relations among different types of nodes and edges of such graphs and use the encoded embeddings of the graphs and nodes to detect vulnerabilities. Our validation of real-world smart contract datasets shows that MANDO-GURU can significantly improve many other vulnerability detection techniques by up to 24% in terms of the F1-score at the contract level, depending on vulnerability types. It is the first learningbased tool for Ethereum smart contracts that identify vulnerabilities at the line level and significantly improves the traditional code analysis-based techniques by up to 63.4%. Our tool is publicly available at GitHub - MANDO-Project/ge-sc-machine: MANDO-GURU, a deep graph learning-based tool, aims to accurately detect vulnerabilities in smart contract source code at both coarse-grained contract-level and fine-grained line-level.. A test version is currently deployed at, and a demo video of our tool is available at Mando Guru Introduction - YouTube.

Link to Paper

  • It is critical to identify vulnerabilities in a smart contract before the contract is deployed to the network. In order to do that, developers leverage testing suites that automate vulnerability detection.

  • This paper introduces a new smart contract testing tool called MANDO-GURU which employs sophisticated machine learning techniques to improve vulnerability detection by upwards of 24%.