DeFi Protocol Risks: the Paradox of DeFi
Authors: Nic Carter and Linda Jeng
Decentralized Finance (or “DeFi”) is growing in volume and in importance. DeFi promises cheaper and more open access to financial services by reducing the costs and risks of using centralized intermediaries. DeFi also holds the promise of interoperability across blockchains that could help tear down financial sector silos, greatly promoting innovation and building vibrant financial ecosystems. However, DeFi is not without its challenges, which are understudied. This article does not seek to provide a comprehensive list of DeFi but to help readers conceptually understand the drivers behind the risks inherent in DeFi. Many of the risks described above stem from the decentralized nature of blockchains. The goal of automating the delivery of financial services and reducing human dependencies also has the congruent effect of reducing oversight and control. Disintermediating traditional intermediaries reduces high fees and entry friction, but also creates new opportunities for new types of intermediaries. This article discusses some of the new types of risks introduced by DeFi that are inherent to blockchain systems along with traditional types of financial risks in DeFi that manifest in new ways: (i) interconnections with the traditional financial system, (ii) operational risks stemming from underlying blockchains, (iii) smart contract-based vulnerabilities, (iv) other governance and regulatory risks, and (v) scalability challenges. In an effort to remove humans and automate as much as possible through smart contracts, DeFi has introduced or amplified these risks. The growth of DeFi will depend on its ability to navigate and build compatibility with traditional finance and on how laws and regulations respond. Perhaps the biggest challenge of all is that the DeFi ecosystem continues to grow while its underlying base layer (public infrastructure such as Bitcoin or Ethereum) faces growing pains. As DeFi grows in importance and becomes more mainstream, policymakers and industry representatives need to better understand the economic and policy consequences of these new types of risks in order to build regulatory approaches and risk management practices that can support and facilitate a healthy and robust DeFi ecosystem and, ultimately, the financial stability of the greater financial system and real economy.
Towards Correct Smart Contracts: A Case Study on Formal Verification of Access Control
Authors: Jonas Schiffl, Matthias Grundmann, Marc Leinweber, Oliver Stengele, Sebastian Friebe, and Bernhard Beckert
Ethereum is a platform for deploying smart contracts, which due to their public nature and the financial value of the assets they manage are attractive targets for attacks. With asset management as a main task of smart contracts, access control aspects are naturally part of the application itself, but also of the functions implemented in a smart contract. Therefore, it is desirable to establish the correctness of smart contracts and their access control on application and single-function level through formal methods. However, there is no established methodology of formalising and verifying correctness properties of smart contracts. In this work, we make an attempt in this direction on the basis of a case study. We choose an existing smart contract application which aims to ascertain the integrity of binary files distributed over the Internet by means of decentralised identity management and access control. We formally specify and verify correctness at the level of single functions as well as temporal properties of the overall application. We demonstrate how to use verified low-level correctness properties for showing correctness at the higher level. In addition, we report on our experience with existing verification tools.
SoK: Applying Blockchain Technology in Industrial Internet of Things
Author: Gang Wang
The proliferation of the Internet of Things (IoT) technology has made ubiquitous computing a reality by broadening Internet connectivity across diverse application domains, thus bridging billions of devices and human beings as well for information collection, data processing, and decision-making. In recent years, IoT technology and its applications in various industrial sectors have grown exponentially. Most existing industrial IoT (IIoT) implementations, however, are still relying on a centralized architecture, which is vulnerable to the single point of failure attack and requires a massive amount of computation at the central entity. The emerging blockchain technology is currently undergoing rapid development and has the full potential to revolutionize the IIoT platforms and applications. As a distributed and decentralized tamper-resistant ledger, blockchain maintains the consistency of data records at different locations and holds the potential to address the issues in traditional IIoT networks, such as heterogeneity, interoperability, and security. Integrating the blockchain technology into IIoT platforms requires to address several critical challenges that are inherent in IIoT and blockchain themselves, such as standardization, scalability, and interoperability. This paper provides a comprehensive review on the recent advances in architecture design and technology development towards tackling these challenges. We further provide several representative industrial use cases that can benefit from the integration of blockchain technology, and discuss the recent research trends and open issues in blockchain-enabled IIoT platforms.
Scalable and Privacy-preserving Off-chain Computations
Authors: Jacob Eberhardt
Blockchains are distributed systems that allow mutually distrusting parties to process transactions in a censorship-resistant way while establishing an immutable transaction history without trusting a third party. These properties, however, do not come for free. Unlike other large scale distributed systems, blockchains do not scale. They suffer from low transaction throughput and high costs resulting from redundant transaction processing and consensus overhead. Furthermore, there is no privacy protection in blockchain networks: All transaction data is necessarily exposed to the network for independent validation, essentially making it public.
In this thesis, we introduce off-chaining to address the privacy and scalability challenges faced by today’s blockchains: Instead of technically modifying blockchains themselves, we propose to move computations and data off the blockchain — without compromising its desirable properties in the process. Off-chaining reduces the work a blockchain has to perform and improves its privacy properties by avoiding publishing data in the first place. As a first contribution, we identify off-chaining patterns that can be instantiated in the context of blockchain-based applications and provide solutions to recurring design problems. As a second contribution, we provide an in-depth analysis and comparison of off-chain computation approaches, which represent a particularly powerful privacy- and scalability-engineering abstraction. We identify zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARKs), a class of cryptographic protocols, as the most suitable approach.
Developers, however, are ill-equipped to instantiate zk-SNARK-based off-chain computations to address blockchain-based applications’ privacy and scalability needs. Their instantiation is complex and error-prone; suitable programming abstractions and software tools are missing. To bridge this gap, we present ZoKrates, the first language and toolbox for zk-SNARK-based verifiable off-chain computations that allows non-expert developers to specify and execute off-chain computations in a usable and efficient manner as our third contribution. As our fourth contribution, we demonstrate the viability of ZoKrates, and more generally, off-chaining, to address privacy and scalability concerns in an extensive evaluation in the context of three relevant blockchain-based applications: decentralized energy trading, scalable blockchain relays, and privacy-preserving token transfers. Beyond these use cases, the open-source software that originated in the context of this thesis has found independent application in academia and industry.
LightBlock: Reducing Bandwidth Required to Synchronize Blocks in Ethereum Network
Author: Chonghe Zhao, Taotao Wang, and Shengli Zhang
Recently, with the vigorous development of Decentralized Finance (DeFi) on Ethereum blockchain, the economic value and user scale of Ethereum keep growing. However, the low transaction processing capability of Ethereum prevents its further development. One factor that limits the transaction processing capability is the bandwidth required to synchronize the blocks over the nodes in the Ethereum network. This work proposes a new block synchronization protocol, referred to as LightBlock, which is dedicated to reducing the bandwidth used by the Ethereum network to disseminate messages. The LightBlock protocol is of great significance to the improvement of TPS. Since Ethereum’s block synchronization protocol is a kind of gossip protocol, the redundant message propagation is its inherent shortcoming. In the LightBlock protocol, we use transaction Hash to replace the transaction of the original block to form a LightBlock structure. The propagation of LightBlock structure requires a much smaller bandwidth resource than the propagation of the original block has. Moreover, in order to reduce the communication overhead of the new protocol, each node needs to predict the missing transactions of its neighbor nodes before propagating the LightBlock structure. Therefore, we set up three models to measure the similarity of the current Ethereum node transaction pool and other parameters. Through analysis, the size of LightBlock is reduced by an average of 83.55% compared to the size of the current block; after adding the function of predicting missing transactions, the probability of not increasing the number of additional communications increases from 0.2 to 0.398.
Univariate and Multivariate GARCH Models Applied to Bitcoin Futures Option Pricing
Authors: Pierre J. Venter and Eben Maré
In this paper, the Heston–Nandi futures option pricing model is applied to Bitcoin futures options. The model prices are compared to market prices to give an indication of the pricing performance. In addition, a multivariate Bitcoin futures option pricing methodology based on a multivatiate GARCH model is developed. The empirical results show that a symmetric model is a better fit when applied to Bitcoin futures returns, and also produces more accurate option prices compared to market prices for two out of three expiry dates considered.
Link: Direct Download
Analyzing the Blockchain Attack Surface: A Top-down Approach
Author: Muhammad Saad
Blockchains enable secure asset exchange in a distributed system, thereby facilitating innovative applications such as cryptocurrencies and smart contracts. Although the cryptographic constructs of blockchains are highly secure, however, their practical deployments are vulnerable to various attacks due to their application-specific policies, and their peer-to-peer (P2P) network intricacies. In this work, we take a top-down approach towards exploring those attacks, starting with the application-specific abuse of blockchain-based cryptocurrencies and concluding with the network conditions that violate the blockchain consistency.
In the top-down approach, we first analyze the application-specific abuse of blockchain-based cryptocurrencies by uncovering (1) covert cryptocurrency mining in the web browsers, and (2) artificially inflating the transaction fee by attacking the blockchain memory pools. For both attacks, we show how the application policies are exploited to affect the benign users.
After exploring the application-specific attacks, we proceed towards a systematic analysis of inconsistencies in the blockchain P2P network. For this analysis, we focus on Bitcoin which is the most dominant blockchain system. Our analysis reveals that the biased distribution of resources in the Bitcoin network can be exploited to launch various partitioning attacks. Furthermore, through a root cause analysis, we discover that (1) the Bitcoin network is asynchronous in the real world, and (2) its security model does not embrace the risks associated with network churn.
The last two components in the dissertation consolidate our attack surface analysis by analyzing the impact of network asynchrony and network churn on the blockchain consistency property. We conduct theoretical analysis and measurements to show how various network characteristics can be exploited to reduce the cost of launching notable attacks that violate consistency.
Our top-down approach uncovers various novel attacks that have not been studied in the prior works. For each attack, we also propose countermeasures to harden the blockchain security.
Scalable blockchain execution via parallel block validation
Authors: Maya Leshkowitz, Olivia Benattasse, Oded Wertheim, and Ori Rottenstreich
A dominant part in blockchain networks is reaching an agreement on block transactions and their impact on the network state. We follow a common scenario where a node is selected to propose a block and its implied state updates. The proposal is then validated by other nodes that examine the block impact on the state. Typically, all validators execute the complete block and provide an indication based on comparing the results of their execution to the updated state in the proposal. With the increase in the number of participants in blockchain networks, we suggest a time-efficient block validation through splitting it into multiple disjoint tasks. This can be challenging due to possible dependencies between the block transactions. We describe the additional information the leader has to provide to enable that. Moreover, we describe a unique proof for the block partition computed by the leader such that when validated in part by the different committees guarantees the correctness of the execution by the leader. We compare the approach to traditional solutions based on real data of the Ethereum blockchain.
What determines interest rates for bitcoin lending?
Authors: Shuai Zhang, Xinyu Hou, and Shusong Ba
This study analyses the determinants of interest rates in the cryptocurrency lending market using a unique database from the Decentralised Finance platform. We confirm the existence of both mediation and moderation effects in the cryptocurrency lending market by employing a moderated mediation model. First, the empirical results show that the interest rate is closely related to the loan-to-value ratio, which works as the mediation variable in lending. Second, the interest rate reveals a clear connection with price fluctuations of Bitcoin. This brings up the momentum phenomenon in the lending process and incentives borrowers to acquire more money, leading to pro-cyclical speculation. Third, the lending amount reflects a moderation effect in the lending market, and the net effect of the currency price on the interest rate turns negative when the loan amount exceeds a threshold, resulting in the ‘seesaw’ effect in cryptocurrency lending. The above findings confirm that cryptocurrency lending reflects a certain degree of option characteristics and complies with the risk-debt model, which provides more evidence for understanding the momentum phenomenon and investor behaviour in the cryptocurrency lending market.
Mystique: Efficient Conversions for Zero-Knowledge Proofs with Applications to Machine Learning
Authors: Chenkai Weng, Kang Yang, Xiang Xie, Jonathan Katz, and Xiao Wang
Recent progress in interactive zero-knowledge (ZK) proofs has improved the efficiency of proving large-scale computations significantly. Nevertheless, real-life applications (e.g., in the context of private inference using deep neural networks) often involve highly complex computations, and existing ZK protocols lack the expressiveness and scalability to prove results about such computations efficiently.
In this paper, we design, develop, and evaluate a ZK system (Mystique) that allows for efficient conversions between arithmetic and Boolean values, between publicly committed and privately authenticated values, and between fixed-point and floating-point numbers. Targeting large-scale neural-network inference, we also present an improved ZK protocol for matrix multiplication that yields a 7× improvement compared to the state-of-the-art. Finally, we incorporate Mystique in Rosetta, a TensorFlow-based privacy-preserving framework.
Mystique is able to prove correctness of an inference on a private image using a committed (private) ResNet-101 model in 28 minutes, and can do the same task when the model is public in 5 minutes, with only a 0.02% decrease in accuracy compared to a non-ZK execution when testing on the CIFAR-10 dataset. Our system is the first to support ZK proofs about neural-network models with over 100 layers with virtually no loss of accuracy.