Research Pulse Issue #38 11/08/21

  1. Chaos Engineering of Ethereum Blockchain Clients
    Authors: Long Zhang, Javier Ron, Benoit Baudry, and Martin Monperrus

The Ethereum blockchain is the operational backbone of major decentralized finance platforms. As such, it is expected to be exceptionally reliable. In this paper, we present CHAOSETH, a chaos engineering tool for resilience assessment of Ethereum clients. CHAOSETH operates in the following manner: First, it monitors Ethereum clients to determine their normal behavior. Then, it injects system call invocation errors into the Ethereum clients and observes the resulting behavior under perturbation. Finally, CHAOSETH compares the behavior recorded before, during, and after perturbation to assess the impact of the injected system call invocation errors. The experiments are performed on the two most popular Ethereum client implementations: GoEthereum and OpenEthereum. We experiment with 22 different types of system call invocation errors. We assess their impact on the Ethereum clients with respect to 15 applicationlevel metrics. Our results reveal a broad spectrum of resilience characteristics of Ethereum clients in the presence of system call invocation errors, ranging from direct crashes to full resilience. The experiments clearly demonstrate the feasibility of applying chaos engineering principles to blockchains.


  1. Where is the Light(ning) in the Taproot Dawn? Unveiling the Bitcoin Lightning (IP) Network
    Authors: Pedro Casas, Matteo Romiti, Peter Holzer, Sami Ben Mariem, Benoit Donnet, and Bernhard Haslhofer

Proposed in 2016 and launched in 2018, the Bitcoin (BTC) Lightning Network (LN) can scale-up the capacity of the BTC blockchain network to process a significantly higher amount of transactions, in a faster, cheaper, and more privacy preserving manner. The number of LN nodes has been significantly increasing since 2018, and today there are more than twelve thousand nodes actively participating of so-called LN payment channels. The upcoming Taproot upgrade to the Bitcoin protocol would further boost the development and adoption of the LN. Taproot is the most significant upgrade to the Bitcoin network since the block size increase of 2017, and it will make LN transactions cheaper, more flexible, and more private. We focus on the characterization of the LN network topology, using network active measurements. By crawling the underlying P2P network supporting the Bitcoin LN over a span of 10-months, we unveil the LN in terms of size and location of its nodes as well as connectivity protocols, comparing it to the P2P IP network supporting the BTC blockchain. Among our findings, we show that IP addresses exposed by LN nodes correspond mainly to customer networks, even if most BTC nodes are actually deployed at major cloud providers, and that LN nodes significantly rely on anonymized networks and protocols such as Onion, with more than 40% of LN nodes connect through Tor.


  1. Sleepy Channels: Bitcoin-Compatible Bi-directional Payment Channels without Watchtowers
    Authors: Lukas Aumayr, Sri AravindaKrishnan Thyagarajan, Giulio Malavolta, Pedro Moreno-Sánchez, and Matteo Maffei

Payment channels (PC) are a promising solution to the scalability issue of cryptocurrencies, allowing users to perform the bulk of the transactions off-chain without needing to post everything on the blockchain. Many PC proposals however, suffer from a severe limitation: Both parties need to constantly monitor the blockchain to ensure that the other party did not post an outdated transaction. If this event happens, the honest party needs to react promptly and engage in a punishment procedure. This means that prolonged absence periods (e.g., due to a power outage) may be exploited by malicious users. As a mitigation, the community has introduced watchtowers, a third-party monitoring the blockchain on behalf of offline users. Unfortunately, watchtowers are either trusted, which is critical from a security perspective, or they have to lock a certain amount of coins, called collateral, for each monitored PC in order to be held accountable, which is financially infeasible for a large network.
We present Sleepy Channels, the first bi-directional PC protocol without watchtowers (or any other third party) that supports an unbounded number of payments and does not require parties to be persistently online. The key idea is to confine the period in which PC updates can be validated on-chain to a short, pre-determined time window, which is where the PC parties have to be online. This behavior is incentivized by letting the parties lock a collateral in the PC, which can be adjusted depending on their mutual trust and which they get back much sooner if they are online during this time window. Our protocol is compatible with any blockchain that is capable of verifying digital signatures (e.g., Bitcoin), as shown by our proof of concept. Moreover, Sleepy Channels impose a communication and computation overhead similar to state-of-the-art PC protocols while removing watchtower’s collateral and fees for the monitoring service.


  1. Aroc: An Automatic Repair Framework for On-chain Smart Contracts
    Authors: Hai Jin, Zeli Wang, Ming Wen, Weiqi Dai, Yu Zhu, and Deqing Zou

Ongoing smart contract attack events have seriously impeded the practical application of blockchain. Although lots of researches have been conducted, they mostly focus on off-chain vulnerability detection. However, smart contract cannot be modified once they have been deployed on chain, and thus existing techniques cannot protect those deployed contracts from being attacked. To mitigate this problem, we propose Aroc, a general repairer that can automatically patch vulnerable deployed smart contracts. The core insight of Aroc is to generate a patch contract leveraging static analysis techniques to verify whether transactions obey secure states of the vulnerable contracts, and then abort those deviated transactions in advance. Take the three most serious bug types (i.e., reentrancy, arithmetic bugs, and unchecked low-level checks) as examples, we present how Aroc is able to automatically repairs them on chain. Experimental results show that Aroc can automatically repair 84.95% of the vulnerable contracts with an average correctness ratio of 91.43%. Meanwhile, Aroc introduces acceptable additional overheads to smart contract users and blockchain miners.

Link: Aroc: An Automatic Repair Framework for On-chain Smart Contracts | IEEE Journals & Magazine | IEEE Xplore

  1. Efficient Zero-Knowledge Argument in Discrete Logarithm Setting: Sublogarithmic Proof or Sublinear Verifier
    Authors: Hyoenbum Lee and Jae Hong Seo

We propose two zero-knowledge arguments for arithmetic circuits with fan-in 2 gates in the uniform random string model. Our first protocol features O( p log2 N) communication and round complexities and O(N) computational complexity for the verifier, where N is the size of the circuit. Our second protocol features O(log2 N) communication and O( √ N) computational complexity for the verifier. We prove the soundness of our arguments under the discrete logarithm assumption or the double pairing assumption, which is at least as reliable as the decisional Diffie-Hellman assumption.
The main ingredient of our arguments is two different generalizations of B¨unz et al.’s Bulletproofs inner-product argument (IEEE S&P 2018) that convinces a verifier of knowledge of two vectors satisfying an inner-product relation. For a protocol with sublogarithmic communication, we devise a novel method to aggregate multiple arguments for bilinear operations such as multi-exponentiations, which is essential for reducing communication overheads. For a protocol with a sublinear verifier, we develop a generalization of the discrete logarithm relation assumption, which is essential for reducing verification overhead while keeping the soundness proof solely relying on the discrete logarithm assumption. These techniques are of independent interest.


  1. DisCO: Peer-to-Peer Random Number Generator in Partial Synchronous Systems
    Authors: Mikhail Krasnoselskii, Grigorii Melnikov, and Yury Yanovich

Random number generators (RNG) are an underlying part of Proof-of-Stake consensus protocols and are critically important for many distributed applications on blockchains and directed acyclic graphs (DAGs). A fault-tolerant approach needs the communication and computation synchronicity assumptions to resolve it. The authors present DisCO-an upgraded version of the No-Dealer algorithm. DisCO works under the partial synchronous assumption and guarantees output per run, compared to No-Dealer, which works in a synchronous model and either generates output or detects a faulty participant. DisCO’s communication model is more practical than NoDealer’s as it meets the Internet. We implemented DisCO as a decentralized application on Hedera Hashgraph DAG. The source code and performance tests are provided.

Link: DisCO: Peer-to-Peer Random Number Generator in Partial Synchronous Systems | IEEE Conference Publication | IEEE Xplore

  1. R3V: Robust Round Robin VDF-based Consensus
    Authors: Mayank Raikwar and Danilo Gligoroski

Proof of Stake (PoS) based consensus provides a better mechanism than Proof of Work (PoW) consensus for extending the blockchain without significant energy waste. Most of the PoS consensus protocols derive or use some randomness to elect a leader candidate. This makes the consensus weaker and attracts more attackers to mount different attacks, e.g., long-range attacks and block withholding attacks. In PoS consensus, having more stakes gives more chances to be a leader among participating stakeholders. Therefore, most PoS protocols do not provide better fairness for the stakeholders participating in the consensus protocol. Moreover, these protocols suffer from high communication complexity for selecting a leader candidate in each consensus round. In this work, we propose a novel consensus protocol “R3V” that selects a set of leader candidates in a round-robin manner according to age. Finally, these leader candidates compete to be the block leader by solving a Verifiable Delay Function (VDF) based puzzle. We propose different methods to generate verifiable identities for the stakeholders. The identities are enrolled in the blockchain, which provides the age norm needed for the consensus. Compared with the other PoS consensus protocols, our protocol shows better resilience against most of the common attacks on PoS protocols. Additionally, it proclaims low energy consumption, less communication complexity, and better fairness.

Link: R3V: Robust Round Robin VDF-based Consensus | IEEE Conference Publication | IEEE Xplore

  1. SC-VDM: A Lightweight Smart Contract Vulnerability Detection Model
    Authors: Ke Zhou, Jieren Cheng, Hui Li, Yuming Yuan, Le Liu, and Xiulai Li

The smart contract technology of blockchain is being applied in many industries, but its security issues have also caused huge economic losses, so it is very important to conduct security audits on them before smart contracts’ deployment. The existing smart contract security audit methods rely heavily on the rules formulated by experts based on their own knowledge and experience, require high hardware resources and the detection procedure is time-consuming. To address these problems mentioned above, we propose a lightweight smart contract vulnerability detection model(SC-VDM) based on Convolutional Neural Networks(CNN), which can automatically detect the vulnerabilities in the smart contract on a lightweight computer without expert knowledge. We first convert the smart contract bytecode into smart contract bytecode grayscale matrix pictures and then use CNN for vulnerability detecting. We test SC-VDM on two datasets which each contain four types of smart contract vulnerabilities. The experimental results show that the accuracy and F1-score can reach more than 81% and 86% on two datasets. It performs best on the Reentrancy vulnerability which had caused The DAO attack in 2016, and the accuracy and F1-score is 89.52% and 93.96%. Moreover, the detection time is greatly shortened than traditional tools, it costs only 0.021 s for each smart contract.

Link: SC-VDM: A Lightweight Smart Contract Vulnerability Detection Model | SpringerLink

  1. ProMutator: Detecting Vulnerable Price Oracles in DeFi by Mutated Transactions
    Authors: Shih-Hung Wang, Chia-Chien Wu, Yu-Chuan Liang, Li-Hsun Hsieh, and Hsu-Chun Hsiao

This paper presents ProMutator, a scalable security analysis framework that detects price oracle vulnerabilities before attacks occur. ProMutator’s core idea is to simulate price oracle attacks locally by mutating the data needed for price calculation. ProMutator analyzes existing transactions to reconstruct probable DeFi use patterns, thereby reducing the required simulation runs drastically. ProMutator does not require any examined contracts’ high-level source code. Additionally, ProMutator generates a report for each detected vulnerability to facilitate further investigation. In our evaluation, ProMutator successfully discovered five out of six known and 27 new price oracle vulnerabilities in DeFi protocols.

Link: CSDL | IEEE Computer Society