Stochastic Properties of EIP-1559 Basefees
Authors: Ian C. Moore, Jagdeep Sidhu
EIP-1559 is a new proposed pricing mechanism for the Ethereum protocol developed to bring stability to fluctuating gas prices. To properly understand this as a stochastic process, it is necessary to develop the mathematical foundations to understand under what conditions the base fee gas price outcomes behave as a stationary process, and when it does not. Understanding these mathematical fundamentals is critical to properly engineering a stable system.
Smart-Graph: Graphical Representations for Smart Contract on the Ethereum Blockchain
Authors: Giuseppe Antonio Pierro
The Ethereum blockchain enables executing and recording smart contracts. The smart contracts can facilitate, verify, and implement the negotiation between multiple parties, also guaranteeing transactions without a traditional legal entity. Many tools supporting the smart contracts development in different areas are flourishing because in Ethereum blockchain valuable assets are often involved. Some of the tools help the developer to find security vulnerabilities via static and/or dynamic analysis or to reduce the Gas fees consumption. Despite the plethora of such tools, there is no tool supporting smart contracts evaluation and analysis via a graphical representation for expert developers.The paper embraces this way to facilitate the developers’ analysis activity, by proposing a graphical representation model to visualize smart contract source code. The paper makes available a tool via a web interface, which accepts the smart contract address as an input and produces a graphical representation of the smart contract as an output. The graphical representation can help developers to better understand the structure of smart contracts and share it with other developers. Moreover, some metrics, such as the relations among smart contracts, are easier to be understood via “spatial” than “tabular” representation. Indeed, representing smart contracts’ metrics via visual representation facilitates the developers, who are used to analyse the source code by directly inspecting it or using other tools that provide the metrics in a table format. Finally, the paper provides detailed data regarding a smart contract to the developers and proposes a graphical representation of the smart contracts without obscuration of details, also highlighting areas of the code that are possibly too big in size and/or too complex via a diagram displaying their connections.
SmartScan: An approach to detect Denial of Service Vulnerability in Ethereum Smart Contracts
Author: Noama Fatima Samreen, Manar H. Alalfi
Blockchain technology (BT) Ethereum Smart Contracts allows programmable transactions that involve the transfer of monetary assets among peers on a BT network independent of a central authorizing agency. Ethereum Smart Contracts are programs that are deployed as decentralized applications, having the building blocks of the blockchain consensus protocol. This technology enables consumers to make agreements in a transparent and conflict-free environment. However, the security vulnerabilities within these smart contracts are a potential threat to the applications and their consumers and have shown in the past to cause huge financial losses. In this paper, we propose a framework that combines static and dynamic analysis to detect Denial of Service (DoS) vulnerability due to an unexpected revert in Ethereum Smart Contracts. Our framework, SmartScan, statically scans smart contracts under test (SCUTs) to identify patterns that are potentially vulnerable in these SCUTs and then uses dynamic analysis to precisely confirm their exploitability of the DoS-Unexpected Revert vulnerability, thus achieving increased performance and more precise results. We evaluated SmartScan on a set of 500 smart contracts collected from the Etherscan. Our approach shows an improvement in precision and recall when compared to available state-of-the-art techniques.
Red-Black Coins: Dai without liquidations
Authors: Mehdi Salehi, Jeremy Clark, and Mohammad Mannan
A number of Ethereum projects for stablecoins and synthetic assets use the same core mechanism for fixing the price of an asset. In this paper, we distil this shared approach into a primitive we call red-black coins. We use a model to demonstrate the primitive’s financial characteristics and to reason about how it should be priced. Real world projects do not use the red-black coin primitive in isolation but lay on other mechanisms and features to provide fungibility and to reduce exposure to price drops. One mechanism is called liquidation, however liquidation is hard to analyze as it relies on human behaviour and could produce unintended economic consequences. Therefore we additionally develop a design landscape for extending the red-black coin primitives and put forward a research agenda for alternatives to liquidation.
SuMo: A Mutation Testing Strategy for Solidity Smart Contracts
Authors: Morena Barboni, Andrea Morichetta, Andrea Polini
Smart Contracts are software programs that are deployed and executed within a blockchain infrastructure. Due to their immutable nature, directly resulting from the specific characteristics of the deploying infrastructure, smart contracts must be thoroughly tested before their release. Testing is one of the main activities that can help to improve the reliability of a smart contract, so as to possibly prevent considerable loss of valuable assets. It is therefore important to provide the testers with tools that permit them to assess the activity they performed. Mutation testing is a powerful approach for assessing the fault-detection capability of a test suite. In this paper, w e propose SuMo, a novel mutation testing tool for Ethereum Smart Contracts. SuMo implements a set of 44 mutation operators that were designed starting from the latest Solidity documentation, and from well-known mutation testing tools. These allow to simulate a wide variety of faults that can be made by smart contract developers. The set of operators was designed to limit the generation of stillborn mutants, which slow down the mutation testing process and limit the usability of the tool. We report a first evaluation of SuMo on open-source projects for which test suites were available. The results we got are encouraging, and they suggest that SuMo can effectively help developers to deliver more reliable smart contracts.
A Systematic Literature Review on Blockchain Governance
Authors: Yue Liua, Qinghua Lub, Liming Zhub, Hye-Young Paika, Mark Staplesb
Blockchain has been increasingly used as a software component to enable decentralisation in software architecture for a variety of applications. Blockchain governance has received considerable attention to ensure the safe and appropriate use and evolution of blockchain, especially after the Ethereum DAO attack in 2016. To understand the state-of-the-art of blockchain governance and provide an actionable guidance for academia and practitioners, in this paper, we conduct a systematic literature review, identifying 34 primary studies. Our study comprehensively investigates blockchain governance via 5W1H questions. The study results reveal several major findings: 1) the adaptation and upgrade of blockchain are the primary purposes of blockchain governance, while both software quality attributes and human value attributes need to be increasingly considered; 2) blockchain governance mainly relies on the project team, node operators, and users of a blockchain platform; and 3) existing governance solutions can be classified into process mechanisms and product mechanisms, which mainly focus on the operation phase over the blockchain platform layer.
Forsage: Anatomy of a Smart-Contract Pyramid Scheme
Authors: Tyler Kell, Haaroon Yousaf, Sarah Allen, Sarah Meiklejohn, Ari Juels
Pyramid schemes are investment scams in which top-level participants in a hierarchical network recruit and profit from an expanding base of defrauded newer participants. Pyramid schemes have existed for over a century, but there have been no in-depth studies of their dynamics and communities because of the opacity of participants’ transactions. In this paper, we present an empirical study of Forsage, a pyramid scheme implemented as a smart contract and at its peak one of the largest consumers of resources in Ethereum. As a smart contract, Forsage makes its (byte)code and all of its transactions visible on the blockchain. We take advantage of this unprecedented transparency to gain insight into the mechanics, impact on participants, and evolution of Forsage. We quantify the (multi-million-dollar) gains of top-level participants as well as the losses of the vast majority (around 88%) of users. We analyze Forsage code both manually and using a purpose-built transaction simulator to uncover the complex mechanics of the scheme. Through complementary study of promotional videos and social media, we show how Forsage promoters have leveraged the unique features of smart contracts to lure users with false claims of trustworthiness and profitability, and how Forsage activity
Authors: Alfred Lehar, Christine A. Parlour
Uniswap is one of the largest decentralized exchanges with a liquidity balance of over 3 billion USD and daily trading volume of over 700 million USD. It is designed as a system of smart contracts on the Ethereum blockchain, and is a new model of liquidity provision, so called automated market making. We collect and analyze data on all 19 million Uniswap interactions from 2018 to the current time. For this new market, we analyze returns to liquidity provision and returns. We document return chasing in liquidity provision and cross-sectional heterogeneity in returns to liquidity.
Empirically comparing the performance of blockchain’s consensus algorithms
Authors: Ashar Ahmad, Abdulrahman Alabduljabbar, Muhammad Saad, DaeHun Nyang, Joongheon Kim, David Mohaisen
Blockchain-based audit systems suffer from low scalability and high message complexity. The root cause of these shortcomings is the use of “Practical Byzantine Fault Tolerance” (PBFT) consensus protocol in those systems. Alternatives to PBFT have not been used in blockchain-based audit systems due to the limited knowledge about their functional and operational requirements. Currently, no blockchain testbed supports the execution and benchmarking of different consensus protocols in a unified testing environment. This paper demonstrates building a blockchain testbed that supports the execution of five state-of-the-art consensus protocols in a blockchain system; namely PBFT, Proof-of-Work (PoW), Proof-of-Stake (PoS), Proof-of-Elapsed Time (PoET), and Clique. Performance evaluation of those consensus algorithms is carried out using data from a real-world audit system. These results show that the Clique protocol is best suited for blockchain-based audit systems, based on scalability features.
On the Cost of ASIC Hardware Crackers: A SHA-1 Case Study
Authors: Anupam Chattopadhyay, Mustafa Khairallah, Gaëtan Leurent, Zakaria Najm, Thomas Peyrin
In February 2017, the SHA-1 hashing algorithm was practically broken using an identical-prefix collision attack implemented on a GPU cluster, and in January 2020 a chosen-prefix collision was first computed with practical implications on various security protocols. These advances opened the door for several research questions, such as the minimal cost to perform these attacks in practice. In particular, one may wonder what is the best technology for software/hardware cryptanalysis of such primitives. In this paper, we address some of these questions by studying the challenges and costs of building an ASIC cluster for performing attacks against a hash function. Our study takes into account different scenarios and includes two cryptanalytic strategies that can be used to find such collisions: a classical generic birthday search, and a state-of-the-art differential attack using neutral bits for SHA-1.
We show that for generic attacks, GPU and ASIC poses a serious practical threat to primitives with security level ∼64 bits, with rented GPU a good solution for a one-off attack, and ASICs more efficient if the attack has to be run a few times. ASICs also pose a non-negligible security risk for primitives with 80-bit security. For differential attacks, GPUs (purchased or rented) are often a very cost-effective choice, but ASIC provides an alternative for organizations that can afford the initial cost and look for a compact, energy-efficient, reusable solution. In the case of SHA-1, we show that an ASIC cluster costing a few millions would be able to generate chosen-prefix collisions in a day or even in a minute. This extends the attack surface to TLS and SSH, for which the chosen-prefix collision would need to be generated very quickly.