Opportunistic Algorithmic Double-Spending: How I learned to stop worrying and hedge the Fork
Authors: Nicholas Stifter, Aljosha Judmayer, Philipp Schindler, and Edgar Weippl
In this paper we outline a novel form of attack we refer to as Opportunistic Algorithmic Double-Spending (OpAl). OpAl attacks not only avoid equivocation, i.e., do not require conflicting transactions, the attack is also carried out programmatically. Algorithmic double-spending is facilitated through transaction semantics that dynamically depend on the context and ledger state at the time of execution. Hence, OpAl evades common double-spending detection mechanisms and can opportunistically leverage forks, even if the malicious sender itself is not aware of their existence. Furthermore, the cost of modifying a regular transaction to opportunistically perform an OpAl attack is low enough to consider it a viable default strategy for most use cases. Our analysis suggests that while Bitcoin’s stateless UTXO model is more robust against OpAl, designs with expressive transaction semantics, especially stateful smart contract platforms such as Ethereum, are particularly vulnerable.
Decentralized Governance of Stablecoins with Option Pricing
Authors: Lucy Huo, Ariah Klages-Mundt, Andreea Minca, Frederik Christian Munter, and Mads Rude Wind
We model incentive security in non-custodial stablecoins and derive conditions for participation in a stablecoin system across risk absorbers (vaults/CDPs) and holders of governance tokens. We apply option pricing theory to derive closed form solutions to the stakeholders’ problems, and to value their positions within the capital structure of the stablecoin. We derive the optimal interest rate that is incentive compatible, as well as conditions for the existence of equilibria without governance attacks, and discuss implications for designing secure protocols.
Flexible Anonymous Transactions (Flax): Towards Privacy-Preserving and Composable Decentralized Finance
Author: Wei Dai
Decentralized finance (DeFi) refers to interoperable smart contracts running on distributed ledgers offering financial services beyond payments. Recently, there has been an explosion of DeFi applications centered on Ethereum, with close to a hundred billion USD in total assets deposited as of September 2021. These applications provide financial services such as asset management, trading, and lending. The wide adoption of DeFi has raised important concerns, and among them is the key issue of privacy—DeFi applications store account balances in the clear, exposing financial positions to public scrutiny.
In this work, we propose a framework of privacy-preserving and composable DeFi on publicstate smart contract platforms. First, we define a cryptographic primitive called a flexible anonymous transaction (Flax) system with two distinctive features: (1) transactions authenticate additional information known as “associated data” and (2) transactions can be applied flexibly via a parameter that is determined at processing time, e.g. during the execution time of smart contracts. Second, we design a privacy-preserving token standard (extending ERC20), which requires read access to the inter-contract call stack and admits composable usage by other contracts. Third, we demonstrate how the Flax token standard can realize privacy-preserving variants of the Ethereum DeFi ecosystem of today—we show contract designs for asset pools, decentralized exchanges, and lending, covering the largest DeFi projects to date including Curve, Uniswap, Dai stablecoin, Aave, Compound, and Yearn. Lastly, we provide formal security definitions for Flax and describe instantiations from existing designs of anonymous payments such as Zerocash, RingCT, Quisquis, and Zether.
Efcient Block Propagation in Wireless Blockchain Networks and Its Application in Bitcoin
Authors: Teng Long, Shan Qu, Qi Li, Huquan Kang, Luoyi Fu, Xinbing Wang, and Chenghu Zhou
As the supporting architecture of Bitcoin and other cryptocurrencies, blockchain is also showing its promising potential to be applied to mobile devices. Being WiFi supported, mobile devices nowadays are able to perform ad-hoc local communications in a multihop manner, thus can potentially extend cryptocurrency service into areas without stable Internet connection. However, traditional Internet-backed blockchain architecture suffers from the intolerably high block propagation delay which will be even trickier if adopted in wireless multi-hop networks (MWNs). This paper aims to reduce this delay by leveraging node weights to distinguish the feedback speed of different nodes and constructing a low-length multicast tree to select a subset of nodes with higher feedback speed to participate in the block verification. Thus, block propagation is depicted by the minimum length multicast tree, intrinsically the Steiner Tree problem. The primary challenge lies in that the MWN only allows local communication and that the distributed consensus protocol of the blockchain makes a predetermination of receiver nodes impossible. We design our algorithm via a toward source Steiner Tree approach in favor of the distributed environment.Tree construction proceeds by progressively enlarging the searching areas until the accumulated weight of receivers nodes reaches a threshold.
Stochastic Modelling and Analysis of the Bitcoin Protocol in Presence of Block Communication Delays
Authors: Stefano Bistarelli, Rocco de Nicola, Letterio Galletta, Cosimo Laneve, Ivan Mercanti, and Adele Veschetti
We analyze the protocol of the Bitcoin blockchain by using the PRISM probabilistic model checker. In particular, we (i) extend PRISM with the ledger data type, (ii) model the behaviour of the key participants in the protocol – the miners – and (iii) describe the whole protocol as a parallel composition of processes. The probabilistic analysis of the model highlights how forks happen and how they depend on specific parameters of the protocol, such as the difficulty of the cryptopuzzle and the network communication delays. Our results confirm that considering transactions in blocks at depth larger than 5 as permanent is reasonable because the majority of miners have consistent blockchains up-to that depth with probability of almost 1. We also study the behaviour of networks with churn miners, which may leave the network and rejoin afterwards, and with different topologies.
Liquidity Math In Uniswap v3
Author: Atis Elsts
Uniswap is the largest decentralized exchange (DEX) and one of cornerstones of Decentralized Finance (DeFi). Uniswap uses liquidity pools to provide Automated Market Making (AMM) functionality. Uniswap v3 is the most recent version of the protocol that introduces a number of new features, notably the concentrated liquidity feature, which allows the liquidity providers to concentrate their liquidity in a specific price range, leading to an increased capital efficiency. However, the mathematical relationship between the liquidity of a position, the amount of assets in that position, and its price range becomes somewhat complex. This technical note shows how derive some of the results from the Uniswap v3 whitepaper, as well as presents several other equations not discussed in the whitepaper, and shows how to apply these equations.
Towards Private On-Chain Algorithmic Trading
Authors: Ceren Kocaogullar, Arthur Gervais, and Benjamin Livshits
While quantitative automation related to trading cryptoassets such as ERC-20 tokens has become relatively commonplace, with services such as 3Commas and Shrimpy offering user-friendly web-driven services for even the average crypto trader, not the mention the specialist, we have not yet seen the emergence of on-chain trading as a phenomenon. We hypothesize that just like decentralized exchanges (DEXes) that by now are by some measures more popular than traditional exchanges, process in the space of decentralized finance (DeFi) may enable attractive online trading automation options.
In this paper we present ChainBot, an approach for creating algorithmic trading bots with the help of blockchain technology. We show how to partition the algorithmic computation into on- and off-chain components in a way that provides a measure of end-to-end integrity, while preserving the algorithmic “secret sauce”. The end result is a system where an enduser can sign-up for the services of a trading bot, with trust established via on-chain publicly readable contracts. Our system is enabled with a careful use of algorithm partitioning and zero-knowledge proofs together with standard smart contracts available on most modern blockchains.
Our approach offers more transparent access to liquidity and better censorship-resistance compared to traditional off-chain trading approaches both for crypto- and more traditional assets. We show that the end-to-end costs and execution times are affordable for regular use and that gas costs can be successfully amortized because trading strategies are executed on behalf of large user pools. Finally, we show that with modern layer-2 (L2) technologies, trades issued by the trading bot can be kept private, which means that algorithmic parameters are difficult to recover by a chain observer.
With ChainBot, we develop a sample trading bot and train it on historical data, resulting in returns that are up to 2.4× and on average 1.4× the buy-and-hold strategy, which we use as our baseline. Our measurements show that across 1000 runs, the end-to-end average execution time for our system is 48.4 seconds. We demonstrate that the frequency of trading does not significantly affect the rate of return and Sharpe ratio, which indicates that we do not have to trade at every block, thereby significantly saving in terms of gas fees. In our implementation, a user who invests $1,000 would earn $105, and spend $3 on gas; assuming a user pool of 1,000 subscribers.
Forerunner: Constraint-based Speculative Transaction Execution for Ethereum (Full Version)
Authors: Yang Chen, Zhongxin Guo, Runhuai Li, Shuo Chen, Lidong Zhou, Yajin Zhou, and Xian Zhang
Ethereum is an emerging distributed computing platform that supports a decentralized replicated virtual machine at a large scale. Transactions in Ethereum are specified in smart contracts, disseminated through broadcast, accepted into the chain of blocks, and then executed on each node. In this new Dissemination-Consensus-Execution (DiCE) paradigm, the time interval between when a transaction is known (during the dissemination phase) to when the transaction is executed (after the consensus phase) offers a window of opportunity to accelerate transaction processing through speculative execution. However, the traditional speculative execution, which hinges on the ability to predict the future accurately, is inadequate because of DiCE’s many-future nature.
Forerunner proposes a novel constraint-based approach for speculative execution on Ethereum. In contrast to the traditional approach of predicting a single future and demanding it to be perfectly accurate, Forerunner speculates on multiple futures and can leverage speculative results based on imperfect predictions whenever certain constraints are satisfied. Under these constraints, a transaction execution is substantially accelerated through a novel multi-trace program specialization enhanced by a new form of memoization. The fully implemented Forerunner is evaluated as a node connected to the worldwide Ethereum network. When processing 13 million transactions live in real time, Forerunner achieves an effective average speedup of 8.39× on the transactions that it hears during the dissemination phase, which accounts for 95.71% of all the transactions. The end-to-end speedup over all the transactions is 6.06×. The code and data sets are publicly available.
Evaluating the software frameworks for developing Decentralized Autonomous Organizations
Authors: María-Cruz Valiente, Juan Pavón, and Samer Hassan
First Bitcoin in 2008, and later Ethereum in 2014, held a powerful promise: online decentralized governance, without servers or central controllers, not just for finance applications like crypto-currencies but for any organization. The so called Decentralized Autonomous Organizations (DAOs) were expected to fulfill such a promise, enabling people to organize online relying on blockchain-based systems and smart contracts automatizing part of their governance. In 2016, three DAO software frameworks —Aragon, Colony and DAOstack— emerged aiming to facilitate development and experimentation in this field. To which extent do they facilitate DAO development today? This paper performs an analytical comparison of these three frameworks, focusing on their current functionalities for building DAOs. We find Aragon to be the most complete in several aspects. In order to provide more details on the challenges on building DAOs with current frameworks, we present a case study using the Aragon framework. Through this case study, we have piloted DAO development using this framework, and thus we may highlight the benefits, limitations and problems that developers face when adopting it. Our findings show that, even if Aragon does provide superior capabilities to other frameworks, it is still highly challenging to build a DAO with the current tools. Today, problems include issues on software engineering, instability, localization, documentation, lack of formalization and standards, and interoperability. Complementarily, this paper aims to provide some guidance to those developers aiming to face the challenges in developing a DAO, and to those aiming to fix the major weak points that make DAOs the organizations of a still distant future.
Security Review of Ethereum Beacon Clients
Authors: JP Aumasson, Denis Kolegov, and Evangelia Stathopoulou
The beacon chain is the backbone of the Ethereum’s evolution towards a proof-of-stake-based scalable network. Beacon clients are the applications implementing the services required to operate the beacon chain, namely validators, beacon nodes, and slashers. Security defects in beacon clients could lead to loss of funds, consensus rules violation, network congestion, and other inconveniences.
We reported more than 35 issues to the beacon client developers, including various security improvements, specication inconsistencies, missing security checks, exposure to known vulnerabilities. None of our ndings appears to be high-severity. We covered the four main beacon clients, namely Lighthouse (Rust), Nimbus (Nim), Prysm (Go), and Teku (Java).
We looked for bugs in the logic and implementation of the new security-critical components (BLS signatures, slashing, networking protocols, and API) over a 3-month project that followed a preliminary analysis of BLS signatures code. We focused on Lighthouse and Prysm, the most popular clients, and thus the highest-value targets. Furthermore, we identify protocol-level issues, including replay attacks and incomplete forward secrecy.
In addition, we reviewed the network fingerprints of beacon clients, discussing the information obtainable from passive and active searches, and we analyzed the supply chain risk related to thirdparty dependencies, providing indicators and recommendations to reduce the risk of backdoors and unpatchable vulnerabilities.
Our results suggest that despite intense scrutiny by security auditors and independent researchers, the complexity and constant evolution of a platform like Ethereum requires regular expert review and thorough SSDLC practices.