Research Pulse Issue #20 07/06/21

  1. A Bytecode-based Approach for Smart Contract Classification
    Authors: Chaochen Shi, Yong Xiang, Robin Ram Mohan Doss, Jiangshan Yu, Keshav Sood, and Longxiang Gao

With the development of blockchain technologies, the number of smart contracts deployed on blockchain platforms is growing exponentially, which makes it difficult for users to find desired services by manual screening. The automatic classification of smart contracts can provide blockchain users with keyword-based contract searching and helps to manage smart contracts effectively. Current research on smart contract classification focuses on Natural Language Processing (NLP) solutions which are based on contract source code. However, more than 94% of smart contracts are not open-source, so the application scenarios of NLP methods are very limited. Meanwhile, NLP models are vulnerable to adversarial attacks. This paper proposes a classification model based on features from contract bytecode instead of source code to solve these problems. We also use feature selection and ensemble learning to optimize the model. Our experimental studies on over 3,300 real-world Ethereum smart contracts show that our model can classify smart contracts without source code and has better performance than baseline models. Our model also has good resistance to adversarial attacks compared with NLP-based models. In addition, our analysis reveals that account features used in many smart contract classification models have little effect on classification and can be excluded.

Link: https://arxiv.org/pdf/2106.15497.pdf

  1. Donner: UTXO-Based Virtual Channels Across Multiple Hops
    Authors: Lukas Aumayr, Pedro Moreno-Sanchez, Aniket Kate, and Matteo Maffei

Payment channel networks are a promising solution to the scalability issues of current decentralized cryptocurrencies. They allow arbitrarily many payments between any two users connected through a path of intermediate payment channels while minimizing interaction with the blockchain only to open and close those channels. Yet, compromised intermediaries may make payments unreliable, slower, expensive, and privacy-invasive. Virtual channels mitigate these issues by allowing the two endpoints of a path to create a channel over the intermediaries such that after the channel is constructed, the intermediaries are no longer involved in payments. Unfortunately, existing UTXO-based virtual channel constructions are either limited to a single intermediary or only recursively build a virtual channel over multiple intermediaries. While the former single-hop channels are overly restrictive, the latter recursive constructions introduce issues such as forced closure and virtual griefing attacks.
This work presents Donner, the first virtual channel construction over multiple intermediaries in a single round of communication. We formally define the security and privacy in the Universal Composability framework and show that Donner is a realization thereof. Our experimental evaluation shows that Donner reduces the on-chain number of transactions for disputes from linear in the path length to a single one. Moreover, Donner reduces the storage overhead from logarithmic in the path length to constant. Donner is an efficient virtual channel construction that is backward compatible with the prominent, 50K channels strong Lightning network.

Link: https://eprint.iacr.org/2021/855.pdf

  1. Improving the Anonymity of the Lightning Network using Sub-Optimal Routes
    Author: Mihai Plotean

The Lightning Network is a second layer payment protocol built on top of Bitcoin, which is scalable and has reduced transaction fees. It does so by eliminating the need to broadcast every transaction to the whole network. When one user wants to send a payment to another, the routing protocol generates a path between them that is always fast and cost efficient. The low degree of randomness in the existing routing protocols during path selection allows an adversary to compromise the anonymity of the sender and recipient.In this work, we propose a new routing algorithm that is less predictable when creating a transaction path. We show that this increases the anonymity of the users of the Lightning Network by creating an attack on the new routing protocol. The attacker tries to identify the potential source and recipient of a transaction. Our results suggest that there is a trade-off between the offered anonymity and transaction fees; it is not possible to get higher anonymity at no cost by designing a non-deterministic routing algorithm.

Link: Improving the Anonymity of the Lightning Network using Sub-Optimal Routes | TU Delft Repositories

  1. Investigating Arbitrageurs and Oracle Manipulators in Ethereum
    Author: Kevin Tjiam

Smart contracts on Ethereum enable billions of dollars of value to be transacted in a decentralised, transparent and trustless environment. However, adversaries lie await in the Dark Forest, waiting to exploit any and all smart contract vulnerabilities in order to extract profits from unsuspecting victims in this new financial system. As the blockchain space moves at breakneck pace, exploits on smart contract vulnerabilities rapidly evolve, and existing research quickly becomes obsolete. It is imperative that smart contract developers stay up to date on the current most damaging vulnerabilities and countermeasures to ensure the security of users’ funds, and to collectively ensure the future of Ethereum as a financial settlement layer. This research focuses on two smart contract vulnerabilities: transaction-ordering dependency and oracle manipulation. Combined, these two vulnerabilities have been exploited to extract hundreds of millions of dollars from smart contracts in the past year (2020-2021). For each vulnerability, this research presents: (1) a literary survey from recent (as of 2021) formal and informal sources; (2) a reproducible experiment as code demonstrating the vulnerability and, where applicable, countermeasures to mitigate the vulnerability; and (3) analysis and discussion of proposed countermeasures. To conclude, strengths, weaknesses and trade-offs of these countermeasures are summarised, presenting direction for future research.

Link: Investigating Arbitrageurs and Oracle Manipulators in Ethereum | TU Delft Repositories

  1. Protecting smart contracts of Decentralized Finance systems against Reentrancy attacks
    Author: Nafie El Coudi El Amrani

Reentrancy attacks target smart contracts of Decentralized Finance systems that contain coding errors caused by developers. This type of attacks caused, in the past 5 years, the loss of over 400 million USD. Several countermeasures were developed that use patterns to detect reentrancy attacks on smart contracts before deployment on the Ethereum blockchain. However, the smart contracts are by default public and immutable once deployed on the blockchain. That is why the research question is: How can we protect smart contracts of DeFi systems deployed on the Ethereum blockchain that are known to be vulnerable to reentrancy attacks? A solution that detects reentrancy attacks on smart contracts after their deployment is presented in this paper. It flags transactions when a difference is found between the users’ funds on both the application and protocol layers before and after each transaction using special made smart wallets. A proof of concept shows that the proposed solution can detect reentrancy attempts and stop them during the execution phase of smart contracts.

Link: Protecting smart contracts of Decentralized Finance systems against Reentrancy attacks | TU Delft Repositories

  1. Mitigating sandwich attacks in Kyber DMM
    Authors: Arif Akif Yuksel, Oguzhan Ersoy, and Zekeriya Erkin

Kyber is a Decentralized Finance (DeFi) system which runs on the Ethereum blockchain. DeFi aims to remove centralized intermediaries such as Market Makers. An Automated Market Maker (AMM), implemented in a smart contract, is a decentralized version of these. Kyber’s Dynamic Market Maker (DMM) is a next-generation AMM which solves two issues: Capital Inefficiency (CI) and Impermanent Loss (IL). CI is decreased by an amplification factor which a Liquidity Provider sets upon creaton of a liquidity pool, whereas IL is decreased by dynamic fees. A DMM features two reserves: one real reserve that reflects the true amounts of the two tokens in the pool and one virtual reserve that reflects the amounts after the amplification factor is applied. The vulnerability to a sandwich attack exists because the virtual reserve ratio can be unbalanced by an attacker. This results in slippage for the victim when their transaction gets executed. Finally, the attacker can perform a swap using the incorrect ratio. The research question of this paper is: How can one mitigate sandwich attacks in Kyber DMM? Kyber’s current mitigation features slippage protection to protect users from sandwich attacks. The slippage protection is implemented by adding two parameters to the function used when adding liquidity: one for specifying a lower bound for the virtual reserve ratio and one for specifying the upper bound. However, this mitigation is only present in the router. Therefore, users interacting with the pool contract directly remain vulnerable. To show that this is true, we modify Kyber’s test case for sandwich attacks to encompass the mint function in the pool contract. The existing mitigation can be broadened by implementing a code correction in the mint function like the one present in the function used when adding liquidity.

Link: http://scholar.google.com/scholar_url?url=https://repository.tudelft.nl/islandora/object/uuid:58ac3b00-10fb-44cd-b1eb-1e1139c39fd7/datastream/OBJ1/download&hl=en&sa=X&d=15365418864786503009&ei=BPDhYKL2D5uL6rQPz5CuwAU&scisig=AAGBfm2-Mwu4CbGQvQQpFTY7eVvav2fGzQ&nossl=1&oi=scholaralrt&hist=un4EGkAAAAAJ:250655211781993447:AAGBfm3MR7FecyOwGS9gPFwRJKGYti8T6Q&html=&folt=kw

  1. Mitigation of Transaction Manipulation Attacks in UniSwap
    Author: Ana Tatabitovska

Front-running is the illegal practice of obtaining information unavailable to the general public with regards to upcoming transactions and performing actions based on this knowledge as to gain profit. This type of attack has been an issue since the introduction of the first stock market and it is not a surprise it has spread into blockchain technologies. With the invention of Decentralized Exchange Systems, this type of exploit has been an even more common occurrence that puts both the user and system at a disadvantage. This paper aims to explore the circumstances that enable front-running in UniSwap, one of the most used DeFi Systems as of the writing of this paper. Factors such as lack of privacy, slippage, as well as a miner’s role in the exploit are analysed in a broad and UniSwap-centered context to provide more insight to the problem. Moreover, this paper analyses a potential adjustment of a commit-reveal scheme, a time lock scheme, and off-chain slippage limit as possible solutions and an overall analysis of the proposed solutions. Through comparison and adjustments of different solutions, this paper strives to expose where the root of the problem lies - the Ethereum blockchain itself.

Link: Mitigation of Transaction Manipulation Attacks in UniSwap | TU Delft Repositories

  1. LEES: a Hybrid Lightweight Elliptic ElGamal-Schnorr-Based Cryptography for Secure D2D Communications
    Authors: Javeria Ambareen, M. Prabhakar, and Tabassum Ara

Device-to-device (D2D) communications in 5G networks will provide greater coverage, as devices will be acting as users or relays without any intermediate nodes. However, this arrangement poses specific security issues, such as rogue relays, and is susceptible to various types of attacks (impersonation, eavesdropping, denial-of-service), due to the fact that communication occurs directly. It is also recommended to send fewer control messages, due to authenticity- and secrecyrelated prevailing requirements in such scenarios. Issues related to IoT applications need to be taken into consideration as well, as IoT networks are inherently resource-constrained and susceptible to various attacks. Therefore, novel signcryption algorithms which combine encryption with digital signatures are required to provide secure 5G IoT D2D communication scenarios in order to protect user information and their data against attacks, without simultaneously increasing communication costs. In this paper, we propose LEES, a secure authentication scheme using public key encryption for secure D2D communications in 5G IoT networks. This lightweight solution is a hybrid of elliptic curve ElGamal-Schnorr algorithms. The proposed scheme is characterized by low requirements concerning computation cost, storage and network bandwidth, and is immune to security threats, thus meeting confidentiality, authenticity, integrity and non-repudiation-related criteria that are so critical for digital signature schemes. It may be used in any 5G IoT architectures requiring enhanced D2D security and performance.

Link: https://www.itl.waw.pl/czasopisma/JTIT/2021/2/24.pdf

  1. Comparing Lightning Routing Protocols to Routing Protocols with Splitting
    Author: Dan Andreescu

The largest payment channel network, Bitcoin Lightning, shows a potential alternative to cur- rent financial systems, overcoming the scalability limitations of blockchain. Source onion routing is used to route payments, but novel routing protocols claim improved effectiveness by employ- ing strategies not compatible with the current state of affairs. In this paper, we compare the current implementations deployed in the Lightning Network, with a novel routing algorithm with splitting and local routing. We find the latter option to significantly boost the success ratio of payments, while inducing some monetary overhead. Then, we propose future directions of research on Lightning protocols to boost their performance.

Link: Comparing Lightning Routing Protocols to Routing Protocols with Splitting | TU Delft Repositories

  1. Liquidity risks in the decentralized finance protocol Aave
    Author: Selim Cirikka

Protocols for Loanable Funds (PLFs) are lending protocols that exist in the decentralized finance (DeFi) ecosystem. They provide users the opportunity of lending and borrowing of cryptocurrencies. The economic model used to ensure liquidity in these protocols are variable parameters and incentives to reach an optimal equilibrium and overcollateralization to make trust between participants unnecessary. However, the design of this protocol can show signs of illiquidity in which the safeguards of the protocol do not function as expected in times of an unfavourable market. In this paper, the liquidity of Aave, one of the biggest PLFs, is empirically examined. A game theoretical model is used to analyze the behaviour of participants to the various incentives in the protocol. Firstly, the potential points of failure in case of a bear market with a volatile asset are evaluated. Secondly, the mechanisms for mitigation of illiquidity in the Aave protocol are examined. Ultimately, diversification of the assets in the safety module is proposed to increase the efficiency of the safety module and therefore decrease the risk of illiquidity in the protocol.

Link: Liquidity risks in the decentralized finance protocol Aave | TU Delft Repositories

  1. UNISWAP: Impermanent Loss and Risk Profile of a Liquidity Provider
    Authors: Andreas A Aigner and Gurvinder Dhaliwal

Uniswap is a decentralized exchange (DEX) and was first launched on November 2, 2018 on the Ethereum mainnet [1] and is part of an Ecosystem of products in Decentralized Finance (DeFi). It replaces a traditional order book type of trading common on centralized exchanges (CEX) with a deterministic model that swaps currencies (or tokens/assets) along a fixed price function determined by the amount of currencies supplied by the liquidity providers. Liquidity providers can be regarded as investors in the decentralized exchange and earn fixed commissions per trade. They lock up funds in liquidity pools for distinct pairs of currencies allowing market participants to swap them using the fixed price function. Liquidity providers take on market risk as a liquidity provider in exchange for earning commissions on each trade. Here we analyze the risk profile of a liquidity provider and the so called impermanent (unrealized) loss in particular. We provide an improved version of the commonly denoted impermanent loss function for Uniswap v2 on the semiinfinite domain. The differences between Uniswap v2 and v3 are also discussed.

Link: https://arxiv.org/pdf/2106.14404.pdf

  1. Mitigating game theoretic vulnerabilities in Chainlink
    Author: Hans Dekker

Oracles are mechanisms that provide blockchain networks with data that only exists outside of the network, such as asset prices. Decentralized Finance (DeFi) protocols use this data, and therefore their usability depends on the reliability of oracles. One such oracle system, widely used by DeFi protocols for pricing feeds, is Chainlink. The Chainlink system mitigates the risk of oracle manipulation attacks that have occurred in various DeFi protocols with a decentralized data aggregation infrastructure. The participants of the Chainlink system are incentivized by a coordination game, which poses game theoretic risks. While some game theoretic analyses of blockchain based systems exist, no formal study has been done on the incentives securing the Chainlink system. In this paper, we present a formal incentive model of the participants in the Chainlink system. We show that users can not detect whether incentives are aligned such that honest node behaviour is a strictly dominant strategy, making it impossible for users to assess the security of the system. We propose a mitigation which enables users to assess the agent incentives of Chainlink nodes such that they can verify whether honest behaviour is a strictly dominant strategy for all participants.

Link: Mitigating game theoretic vulnerabilities in Chainlink | TU Delft Repositories

  1. Improving the Anonymity of Blockchains: The Case of Payment Channel Networks with Length-bounded Random Walk Insertion
    Author: Emre Özkan

The LND is currently the most popular routing algorithm used in the Lightning Network, the second layer solution to Bitcoin’s scalability. Despite its popularity, recent studies demonstrate that its deterministic nature compromises the anonymity of the Lightning Network. In other words, threatening parties present in the transaction path can guess the sending and receiving parties of transactions easier than in the absence of such strong determinism. As a solution, we propose augmenting the LND with a length bounded random walk insertion to include randomness into the transaction path and regain anonymity. Most importantly, we found that for generated network simulations and the snapshot network, including the random walk into the transaction path improves anonymity. In simulations with LND routing, attackers could identify senders orreceivers for 70% of transactions. For simulations of networks with 100 nodes and an average of 2 edges per node with the weighted random walk insertion, attackers could identify senders or receivers around 65% of the time. However, for simulations of networks with 500 nodes and an average of 10 edges per node with the weighted random walk insertion, attackers could never identify senders or receivers. Besides, for the snapshot simulation, they could only identify either in around 4% of transactions. Thus, we overall believe that the random walk insertion into the LND algorithm addresses the anonymity issue of the unmodified algorithm.

Link: Improving the Anonymity of Blockchains: The Case of Payment Channel Networks with Length-bounded Random Walk Insertion | TU Delft Repositories

3 Likes

This week’s research pulse was inundated by papers from the Delft University of Technology (TU Delft)!

On July 1st, the University published an incredibly rich set of papers written by its recent grads, covering everything from DeFi to the Lightning Network.

In Donner: UTXO-Based Virtual Channels Across Multiple Hops, the authors provide an interesting construct for multi-party payment channels. Beyond reducing storage overheads, Donner is backwards compatible in that its architecture could potentially support all previous structural iterations of the Lightning Network. Definitely worth a read.

The topic of Miner Extractable Value (MEV) continues to be top of mind. In Investigating Arbitrageurs and Oracle Manipulators in Ethereum, the author provides a thorough overview of value extraction in Ethereum and provides an expose of existing vulnerabilities. For each vulnerability, the author presents: (1) a literary survey from recent (as of 2021) formal and informal sources; (2) a reproducible experiment as code demonstrating the vulnerability and, where applicable, countermeasures to mitigate the vulnerability; and (3) analysis and discussion of proposed countermeasures.

Still in the topic of MEV, in Mitigating sandwich attacks in Kyber DMM, the authors showcase how MEV is exploited in the context of the Kyber Decentralized Exchange. As in other AMMs, Kyber users are susceptible to sandwich attacks whereby transactions are front-run by arbitrageurs that can pay high fees. The authors do an excellent job evaluating potential solutions and, most importantly, showcasing where potential remediation techniques all short.

4 Likes

@rncd - I remember you mentioning an interest in NLP, perhaps the Bytecode-based approach for smart contract classification (#1) might be of interest?

1 Like

I’m interested in doing summary of the paper "the Bytecode-based approach for smart contract classification.” If anyone is also interested in NLP, feel free to join~

1 Like