Research Pulse Issue #35 10/18/21

  1. Analysis of Decentralized Mixing Services in the Greater Bitcoin Ecosystem
    Authors: Johann Stockinger

With the rising popularity of Bitcoin, the desire for effective privacy preserving techniques rises as well. Wasabi Wallet and Samourai Wallet are two often recommended wallet services based on decentralized CoinJoins which promise robust and secure mixing of bitcoins. This thesis investigates the role of both wallet services in the greater Bitcoin ecosystem, how it has evolved over time, and whether it is possible to de-anonymize participants. In order to analyze the role of both wallet services, heuristics are developed which detect CoinJoin transactions by both services. The discovered transactions are subsequently analyzed, showing that the number of transactions and the amount of mixed coins is steadily increasing, indicating a growing user base. Furthermore, addresses of entities which are connected to various criminal activities, such as service hacks and ransomware, have been observed within two hops of CoinJoin transactions conducted by both Wasabi Wallet and Samourai Wallet. Finally, the underlying framework used by both wallet services is analyzed in regards to the dangers of coin theft, denial-of-service, and de-anonymization. We show that while an adversarial coordinator could potentially de-anonymize users, such actions would likely lead to retroactive suspicions as they would need to be conducted in an overt fashion. Furthermore, both wallet services are robust against coin theft from any party, and feature measures against denial-of-service attacks

Link: Analysis of Decentralized Mixing Services in the Greater Bitcoin Ecosystem

  1. Time-Dilation Attacks on Lightning Network
    Authors: Gleb Naumenko, Antoine Riard, Reuben Youngblom

Lightning Network (LN) is a widely-used peer-to-peer network enabling faster and cheaper Bitcoin transactions. In this paper we outline the ways to steal funds from LN users, per which users cannot detect that they are victims, and thus cannot act. These are the first attacks based on eclipsing a Bitcoin node, which allows stealing funds without access to mining hashrate. The attacks involve dilating the time of the blockchain view of the victims by feeding the blocks at a slower, yet, hardly distinguishable from normal rate. In this paper, we discuss the difference between the security of LN and Bitcoin. We demonstrate three different attack scenarios, which are possible against many LN users today. With a moderate access to resources (in some cases couple hundreds of distinct IPs and a medium-tier VM), the attacks we discuss can allow stealing funds after keeping a node eclipsed for as small as 4 hours. This makes the attacks very practical. We also suggest countermeasures to make time- dilation attacks less feasible and minimize the consequences.


  1. Pluto: Exposing Vulnerabilities in Inter-Contract Scenarios
    Authors: Fuchen Ma, Zhenyang Xu, Meng Ren, Zijing Yin, Yuanliang Chen, Lei Qiao, Bin Gu, Huizhong Li, Yu Jiang, Jiaguang Sun

Attacks on smart contracts have caused considerable losses to digital assets. Many techniques based on symbolic execution, fuzzing, and static analysis are used to detect contract vulnerabilities. Most of the current analyzers only consider vulnerability detection intra-contract scenarios. However, Ethereum contracts usually interact with others by calling their functions. A bug hidden in a path that depends on information from external contract calls is defined as an inter-contract vulnerability. Failure to deal with this kind of bug can result in potential false negatives and false positives. In this work, we propose Pluto, which supports vulnerability detection in inter-contract scenarios. It first builds an Inter-contract Control Flow Graph (ICFG) to extract semantic information among contract calls. Afterward, it symbolically explores the ICFG and deduces Inter-Contract Path Constraints (ICPC) to check the reachability of execution paths more accurately. Finally, Pluto detects whether there is a vulnerability based on some predefined rules. For evaluation, we compare Pluto with five state-of-the-art tools, including Oyente, Mythril, Securify, ILF, and Clairvoyance on a labeled benchmark and 39,443 real-world Ethereum smart contracts. The result shows that other tools can only detect 10% of the inter-contract vulnerabilities, while Pluto can detect 80% of them on the labeled dataset. Beyond that, Pluto has detected 451 confirmed vulnerabilities on real-world contracts, including 36 vulnerabilities in inter-contract scenarios. Two bugs have been assigned with unique CVE identifiers by the US National Vulnerability Database (NVD). On average, Pluto costs 16.9 seconds to analyze a contract, which is as fast as the state-of-the-art tools.

Link: Pluto: Exposing Vulnerabilities in Inter-Contract Scenarios | IEEE Journals & Magazine | IEEE Xplore

  1. Penetration Testing a US Election Blockchain Prototype
    Authors: Shawn M. Emery, Edward Chow, and Richard White

With electronic voting (e-voting) systems under increased cyber-attack by malicious agents, it is critical that the security of these systems be thoroughly evaluated. This article describes techniques used to comprehensively analyze a prototype mobile voting system utilizing blockchain technology. For identified vulnerabilities, an attack method is described in order to exploit these issues and suggestions are made in order to help resolve the security implications of the attack. This analysis considers multiple layers of the network stack, including the voting appli- cation suite of software, as attack vectors. From this, the lessons learned can be used to improve future electronic voting systems by identifying the various attack surfaces regardless if they were successfully exploited or not. This in itself will help add to specific domain knowledge of at- tacking e-voting systems to utilize blockchain technology.

Link: Penetration Testing a US Election Blockchain Prototype

  1. Replicating Monotonic Payoffs Without Collateral
    Authors: Guillermo Angeris, Alex Evans, Tarun Chitra

In this paper, we show that any monotonic payoff can be replicated using only liquidity provider shares in constant function market makers (CFMMs), without the need for additional collateral or oracles. Such payoffs include cash-or-nothing calls and capped calls, among many others, and we give an explicit method for finding a trading function matching these payoffs. For example, this method provides an easy way to show that the trading function for maintaining a portfolio where 50% of the portfolio is allocated in one asset and 50% in the other is exactly the constant product market maker (e.g., Uniswap) from first principles. We additionally provide a simple formula for the total earnings of an arbitrageur who is arbitraging against these CFMMs.


  1. A Decentralized Framework for Patents and Intellectual Property as NFT in Blockchain Networks
    Authors: Seyed Mojtaba Hosseini Bamakan, Nasim Nezhadsistani, Omid Bodaghi, Qiang Qu

With the explosive development of decentralized finance (DeFi), we witness a phenomenal growth in tokenization of all kinds of assets, including equity, funds, debt, and real estate. By taking advantage of blockchain technology, digital assets are broadly grouped into fungible and non-fungible tokens (NFT). Here non-fungible tokens refer to those with unique and non-substitutable properties. Although the application of NFT is currently limited to digital fantasy artwork, games, collectible, etc., due to its unique capabilities, protocols, and platforms, they could be utilized in more practical issues. The main objective of this paper is to examine the requirements of presenting intellectual property assets, specifically patents, as NFTs. Hence, we offer a layered conceptual NFT-based patent framework with a comprehensive discussion on each layer, including storage, decentralized authentication, decentralized verification, Blockchain, and application layer. Furthermore, a series of open challenges about NFT-based patents and the possible future directions are highlighted. The proposed framework provides fundamental elements and guidance for businesses in taking advantage of NFTs in real-world problems such as grant patents, funding, biotechnology, event ticketing, and so forth.



Research Pulse #35 is out!

In last week’s Research Pulse we highlighted the SoK: How private is Bitcoin? Classification and Evaluation of Bitcoin Mixing Techniques which provided a great overview of mixers. As covered previously, the goal of these services is to obfucate the transaction graph and ultimately enhance the privacy of users by mixing their funds with other users. This week, another excellent review of mixers has been published. In Analysis of Decentralized Mixing Services in the Greater Bitcoin Ecosystem, the authors provide yet another view of the state of UTXO mixers.

On-chain governance is a recurring topic of interest at SCRF, but what happens when on-chain governance frameworks are applied to general elections? In Penetration Testing a US Election Blockchain Prototype the authors evaluate the potential concerns in using blockchains in electoral systems. Beyond private & consortium blockchains, the authors also consider alternative environments, such as Ethereum, and highlight the trade-offs at play.

Finally, in Replicating Monotonic Payoffs Without Collateral the authors do an excellent job modeling payoffs from Liquidity Provider (LP) shares in constant function market makers (CFMMs), such as Uniswap. This work sheds light on the fundamental properties of CFMMs, especially as it relates to how arbitrageurs interface with these systems.


I will be selecting this for the Mentorship program assignment.

1 Like