Research Pulse #86 10/10/2022

  1. Voting Mechanism Selection for Decentralized Autonomous Organizations
    Author: Winsome Kurniawan

With the invention of blockchain and smart contracts a new form of decentralized governance called decentralized autonomous organization emerged. By using voting mechanisms, these organizations are able to formalize the rules in how members are able to vote. However, there are many ways in how members are able to express their preferences. This research aims to improve the DAO decision context by designing a decision model of voting mechanisms in order to help organizations select a voting mechanism. By conducting a literature study and a case study, a knowledge basis and evaluation method for the decision model is established. The decision model can be categorized in how the voting weight is allocated, which are one-vote-per-participant or token-weighted voting. The one-vote-per-participant systems are further divided in the ballot types, while the token-weighted voting are divided by asking specific questions related to the use case of the voting mechanism.

Link to Paper

  • The term Decentralized Autonomous Organization (DAO) refers to a new type of organization governed entirely by its constituents in a decentralized fashion. While all DAOs share the same high-level structure, not all DAOs are created equally. There are fundamental differences in how DAOs are implemented and maintained.
  • This paper attempts to taxonomize the different types of DAOs in existence and provide interesting insights into their underlying governance mechanisms.
  • Beyond categorization, this paper also presents a selection model that can be used by the creators of DAOs to select appropriate governance frameworks based on their prerequisites.
  1. zkBridge: Trustless Cross-chain Bridges Made Practical
    Authors: Tiancheng Xie, Jiaheng Zhang, Zerui Cheng, Fan Zhang, Yupeng Zhang, Yongzheng Jia, Dan Boneh, and Dawn Song

Blockchains have seen growing traction with cryptocurrencies reaching a market cap of over 1 trillion dollars, major institution investors taking interests, and global impacts on governments, businesses, and individuals. Also growing significantly is the heterogeneity of the ecosystem where a variety of blockchains co-exist. Cross-chain bridge is a necessary building block in this multi-chain ecosystem. Existing solutions, however, either suffer from performance issues or rely on trust assumptions of committees that significantly lower the security. Recurring attacks against bridges have cost users more than 1.5 billion USD. In this paper, we introduce zkBridge, an efficient cross-chain bridge that guarantees strong security without external trust assumptions. With succinct proofs, zkBridge not only guarantees correctness, but also significantly reduces on-chain verification cost. We propose novel succinct proof protocols that are orders-of-magnitude faster than existing solutions for workload in zkBridge. With a modular design, zkBridge enables a broad spectrum of use cases and capabilities, including message passing, token transferring, and other computational logic operating on state changes from different chains. To demonstrate the practicality of zkBridge, we implemented a prototype bridge from Cosmos to Ethereum, a particularly challenging direction that involves large proof circuits that existing systems cannot efficiently handle. Our evaluation shows that zkBridge achieves practical performance: proof generation takes less than 20 seconds, while verifying proofs on-chain costs less than 230K gas. For completeness, we also implemented and evaluated the direction from Ethereum to other EVM-compatible chains (such as BSC) which involves smaller circuits and incurs much less overhead.

Link to Paper

  • Blockchain Interoperability is the idea that users and applications can move from one blockchain to another without usability frictions, via so-called cross-chain ridges.
  • This idea is seen as a building block for the future of cryptoassets whereby users are not siloed to specific blockchains. Nevertheless, bridges continue to face substantial security issues that have led to over a billion dollars worth of stolen funds.
  • This paper presents a novel approach to building safer bridges using Zero Knowledge Proofs, a scheme authors call zkBridge. While it remains to be seen whether the complexity of ZKPs will in fact improve the security of cross-chain bridges, this work is promising as the use of ZKPs may unlock additional functionality cross-chain, such as transaction-graph privacy.
  1. Axioms for Automated Market Makers: A Mathematical Framework in FinTech and Decentralized Finance
    Authors: Maxim Bichuch and Zachary Feinstein

Within this work we consider an axiomatic framework for Automated Market Makers (AMMs). By imposing reasonable axioms on the underlying utility function, we are able to characterize the properties of the swap size of the assets and of the resulting pricing oracle. We have analyzed many existing AMMs and shown that the vast majority of them satisfy our axioms. We have also considered the question of fees and divergence loss. In doing so, we have proposed a new fee structure so as to make the AMM indifferent to transaction splitting. Finally, we have proposed a novel AMM that has nice analytical properties and provides a large range over which there is no divergence loss.

Link to Paper

  • Popular Decentralized Exchanges such as Uniswap and Curve are implemented under a general market model called Automated Market Maker (AMMs). AMMs are the backbone of trading in DeFi, but much remains to be understood about their behavior.
  • This paper analyzes the fundamental properties of AMMs, especially as it relates to fee structures and transaction sizing. The authors propose a new fee structure that makes AMMs indifferent to transaction splitting, which is the idea of splitting a swap into many transactions.
  • As discussed on SCRF in the past, there are several potential benefits of transaction splitting, such as differential privacy as well as diminished susceptibility to so-called sandwich attacks. However, these benefits have not been realized because splitting is disincentivized from a fee perspective in existing models.
  1. DCert: Towards Secure, Efficient, and Versatile Blockchain Light Clients
    Authors: Yang Ji, Cheng Xu, Ce Zhang, and Jianliang Xu

Light clients have been widely used in blockchain systems to support lightweight nodes by synchronizing and verifying block headers only. However, there are two major limitations with the current light client design. First, with the ever increasing blockchain size, the cost for light clients to process and store all the block headers would soon become prohibitively high. Second, only simple queries can be supported by light clients due to the limited functionality of block headers. To address these issues, in this paper, we propose DCert, a novel decentralized certification framework, to enable superlight clients with constant storage and state validation costs. The main idea is to leverage a trusted enclave (e.g., Intel SGX) to recursively certify the entire history of the blockchain. With DCert, the blockchain integrity can be easily validated by superlight clients with a secure certificate. Furthermore, to support rich verifiable queries on light clients, DCert can be extended to certify authenticated indexes for different types of queries on an as-needed basis. While DCert is compatible with existing blockchain systems, its security is guaranteed by the trusted enclave. Our benchmark-based empirical study shows that DCert incurs a small certification overhead, yet it is capable of supporting efficient verifiable queries with a constant storage size of 2.97 KB and a constant bootstrapping time of 0.14 ms.

Link to Paper

  • The overwhelming majority of users interact with their blockchain of choice via light clients, a type of wallet that does not verify all blockchain transactions for practical purposes. Instead, light clients store block headers that effectively “summarize” what happened within a block.
  • Block headers continue to increase in size, which introduces critical bottlenecks to light clients that will likely impact their usability.
  • One approach currently being evaluated by wallet developers is called checkpointing, whereby a set of trusted parties store historical data on behalf of light client users which circumvents the requirement for these users to store that data.
  • This paper introduces such a system called DCert. The authors propose using secure enclaves (e.g. Intel SGX) to certify large chunks of blockchain history on behalf of their users.
  1. Automatic Generation of Attacker Contracts in Solidity
    Authors: Ignacio Ballesteros, Clara Benac-Earle, Luis Eduardo Bueso de Barrio, Lars-Åke Fredlund, Ángel Herranz, and Julio Mariño

Smart contracts on the Ethereum blockchain continue to suffer from well-published problems. A particular example is the well-known smart contract reentrancy vulnerability, which continues to be exploited. In this article, we present preliminary work on a method which, given a smart contract that may be vulnerable to such a reentrancy attack, proceeds to attempt to automatically derive an “attacker” contract which can be used to successfully attack the vulnerable contract. The method uses property-based testing to generate, semi-randomly, large numbers of potential attacker contracts, and then proceeds to check whether any of them is a successful attacker. The method is illustrated using a case study where an attack is derived for a vulnerable contract.

Link to Paper

  • Most approaches to smart contract security involve code audits and exhaustive analysis prior to the contract’s deployment. However, there are various security techniques that can be used concurrently to diminish the impact of critical bugs.

  • This paper introduces an interesting schema whereby if a vulnerability is found while the smart contract is live and user funds can be stolen, an “attacker” contract that exploits that vulnerability is automatically derived and funds are extracted into a “white hat” address.