Research Pulse Issue #44 12/20/21

  1. Trade or Trick?: Detecting and Characterizing Scam Tokens on Uniswap Decentralized Exchange
    Authors: Pengcheng Xia, Haoyu Wang, Bingyu Gao, Weihang Su, Zhou Yu, Xiapu Luo, Chao Zhang, Xusheng Xiao, and Guoai Xu

The prosperity of the cryptocurrency ecosystem drives the need for digital asset trading platforms. Beyond centralized exchanges (CEXs), decentralized exchanges (DEXs) are introduced to allow users to trade cryptocurrency without transferring the custody of their digital assets to the middlemen, thus eliminating the security and privacy issues of traditional CEX. Uniswap, as the most prominent cryptocurrency DEX, is continuing to attract scammers, with fraudulent cryptocurrencies flooding in the ecosystem. In this paper, we take the first step to detect and characterize scam tokens on Uniswap. We first collect all the transactions related to Uniswap V2 exchange and investigate the landscape of cryptocurrency trading on Uniswap from different perspectives. Then, we propose an accurate approach for flagging scam tokens on Uniswap based on a guilt-by-association heuristic and a machine-learning powered technique. We have identified over 10K scam tokens listed on Uniswap, which suggests that roughly 50% of the tokens listed on Uniswap are scam tokens. All the scam tokens and liquidity pools are created specialized for the “rug pull” scams, and some scam tokens have embedded tricks and backdoors in the smart contracts. We further observe that thousands of collusion addresses help carry out the scams in league with the scam token/pool creators. The scammers have gained a profit of at least $16 million from 39,762 potential victims. Our observations in this paper suggest the urgency to identify and stop scams in the decentralized finance ecosystem, and our approach can act as a whistleblower that identifies scam tokens at their early stages.


  1. Alpha-Rays: Key Extraction Attacks on Threshold ECDSA Implementations
    Authors: Dmytro Tymokhanov and Omer Shlomovits

In this paper we provide technical details on two new attack vectors, relevant to implementations of [GG18] and [GG20] threshold ECDSA protocols. Both attacks lead to a complete secret key extraction by exploiting different parts of the Multiplicative-to-Additive (MtA) sub-protocol the parties run during signing. Our first attack applies to the setting of ”fast” MtA, which runs the protocol with no range proofs. We leverage a powerful oracle, much stronger than originally anticipated in [GG18], to reveal a part of the secret key with each signature we run. The number of required signatures depends on the implementation under attack and the number of parties controlled by the attacker. Our proof of concept demonstrates a full key extraction by a single malicious party using eight signatures. Our second attack deals with the more common setting of “full” MtA, that is, including ZK proofs. The only requirement for mounting a successful attack is to use a small Paillier encryption key. The key size check was not specified in the protocol and therefore missing from most existing threshold ECDSA implementations, making them vulnerable. As we show, choosing a small key completely eliminates a specific hiding property in one of the values sent from the victim to the attacker during one of ZK proofs. This allows a single malicious party to extract the full secret key after a single valid signature. We provide a proof of concept for this attack as well.


  1. Practical Deanonymization Attack in Ethereum Based on P2P Network Analysis
    Authors: Yue Gao, Jinqiao Shi, Xuebin Wang, Ruisheng Shi, Zelin Yin, and Yanyan Yang

Ethereum is the second-largest cryptocurrency, which is an open-source public blockchain platform with smart contract functionality. With the increasing popularity of Ethereum, considerable attention has been paid to its privacy and anonymity. Previous work in Ethereum deanonymization mostly focused on the analysis of its transaction graph and user behaviors. In this paper, for the first time we explored the feasibility of deanonymizing Ethereum users based on P2P network analysis. By measurement and analysis, we observed that the attacker can make connections with approximately 90% mainnet synced full nodes. Based on the well-connected supernode, the deanonymization experiments with basic estimators preliminarily indicate that the anonymity of Ethereum P2P network is pretty limited. To further improve the effect of deanonymization, we implemented and evaluated a machine learning based estimator, which reduces the influence of network delay on deanonymization and thus increases the success rate to 88%. At last, we provide the discussion about the anonymity and efficiency of the propagation mechanisms.


  1. Improving Anonymous Whistleblower Credibility with Self-Sovereign Identity
    Authors: Jacob A. Young and Sahar Farshadkhah

Anonymity affords whistleblowers the best protection against retaliation. Yet, prior theory has suggested that anonymous whistleblowers are perceived by investigators to be less credible than identified sources. To address this issue, we propose and assess the use of self-sovereign identity (SSI) in whistleblowing reporting systems. SSI would allow whistleblowers to include a verifiable claim regarding employment without revealing any additional identifying information. Therefore, investigators could receive anonymous reports submitted through publicly accessible reporting systems without sacrificing the ability to verify that the whistleblower was employed by the organization. First, we review relevant whistleblowing research, paying particular attention to anonymity and credibility issues. Second, we introduce SSI and discuss how it can be used to enhance credibility for anonymous whistleblowers. Third, we outline our formal hypotheses. Fourth, we explain our planned methodology. Lastly, we discuss the implications of our study.

Link: Improving Anonymous Whistleblower Credibility with Self-Sovereign Identity

  1. D-LNBot: A Scalable, Cost-Free and Covert Hybrid Botnet on Bitcoin’s Lightning Network*
    Authors: Ahmet Kurt, Enes Erdin, Kemal Akkaya, A. Selcuk Uluagac, and Mumin Cebe

While various covert botnets were proposed in the past, they still lack complete anonymization for their servers/botmasters or suffer from slow communication between the botmaster and the bots. In this paper, we first propose a new generation hybrid botnet that covertly and efficiently communicates over Bitcoin Lightning Network (LN), called LNBot. Exploiting various anonymity features of LN, we show the feasibility of a scalable two-layer botnet which completely anonymizes the identity of the botmaster. In the first layer, the botmaster anonymously sends the commands to the command and control (C&C) servers through regular LN payments. Specifically, LNBot allows botmaster’s commands to be sent in the form of surreptitious multi-hop LN payments, where the commands are either encoded with the payments or attached to the payments to provide covert communications. In the second layer, C&C servers further relay those commands to the bots in their mini-botnets to launch any type of attacks to victim machines. We further improve on this design by introducing D-LNBot; a distributed version of LNBot that generates its C&C servers by infecting users on the Internet and forms the C&C connections by opening channels to the existing nodes on LN. In contrary to the LNBot, the whole botnet formation phase is distributed and the botmaster is never involved in the process. By utilizing Bitcoin’s Testnet and the new message attachment feature of LN, we show that D-LNBot can be run for free and commands are propagated faster to all the C&C servers compared to LNBot. We presented proof-of-concept implementations for both LNBot and D-LNBot on the actual LN and extensively analyzed their delay and cost performance. Finally, we also provide and discuss a list of potential countermeasures to detect LNBot and D-LNBot activities and minimize their impacts.


  1. Short Paper: A Centrality Analysis of the Lightning Network
    Authors: Philipp Zabka, Klaus-T. Foerster, Christian Decker, and Stefan Schmid

Payment channel networks (PCNs) such as the Lightning Network offer an appealing solution to the scalability problem faced by many cryptocurrencies operating on a blockchain such as Bitcoin. However, PCNs also inherit the stringent dependability requirements of blockchain. In particular, in order to mitigate liquidity bottlenecks as well as on-path attacks, it is important that payment channel networks maintain a high degree of decentralization. Motivated by this requirement, we conduct an empirical centrality analysis of the popular Lightning Network, and in particular, the betweenness centrality distribution of the routing system. Based on our extensive data set (using several millions of channel update messages), we implemented a TimeMachine tool which enables us to study the network evolution over time. We find that although the network is generally fairly decentralized, a small number of nodes can attract a significant fraction of the transactions, introducing skew. Furthermore, our analysis suggests that over the last two years, the centrality has increased significantly, e.g., the inequality (measured by the Gini index) has increased by more than 10%.


  1. CCGIR: Information retrieval-based code comment generation method for smart contracts
    Authors: Guang Yang, Ke Liu, Xiang Chen, Yanlin Zhou, Chi Yu, and Hao Lin

A smart contract is a computer program, which is intended to automatically execute, control or document legally relevant events and actions according to the terms of a contract. About 10% of the security vulnerabilities in smart contracts are caused by misuse of codes without comments. Therefore, there is a need to design effective automatic code comment generation methods for smart contracts. In this study, we propose an information retrieval-based code comment generation method CCGIR for smart contracts. Since code clones are common in smart contract development, CCGIR finds the most similar code in the code repository and reuses its comment through an information retrieval approach from three aspects: semantic similarity, lexical similarity, and syntactic similarity of smart contract codes. We select a corpus, which contains 57,676 unique pairs of <method, comment> from 40,932 real-world smart contracts, as our experimental subject. Then we conduct empirical studies to evaluate the effectiveness of our proposed method. Experimental results show that CCGIR can outperform nine state-of-the-art baselines in terms of three performance measures. Moreover, we perform a human study to further verify that CCGIR can generate higher quality comments. Finally, we find CCGIR can achieve promising performance on the other two code comment generation tasks (i.e., code comment generation for Java and code comment generation for Python). Due to the simplicity and effectiveness of our proposed method, we recommend researchers can use our proposed method as the baseline when evaluating their proposed novel code comment generation methods.

Link: CCGIR: Information retrieval-based code comment generation method for smart contracts - ScienceDirect

  1. An On-Chain Analysis-Based Approach to Predict Ethereum Prices
    Authors: Nishant Jagannath, Tudor Barbulescu, Karam Sallam, Ibrahim Elgendi, Braden McGrath, Abbas Jamalipour, Mohamed Abdel-Basset, and Kumudu Munasinghe

The Ethereum blockchain generates a significant amount of data due to its intrinsic transparency and decentralized nature. It is also referred to as on-chain data and is openly accessible to the world. Moreover, the on-chain data is timestamped, integrated, and validated into an open ledger. This important blockchain feature enables us to assess the network’s health and usage. It serves as a massive data warehouse for complex prediction algorithms that can effectively detect systemic trends and forecast future behavior. We adopt a quantitative approach using a subset of these metrics to determine the network’s true monetary value by developing a Long Short-Term Memory Recurrent Neural Network (LSTM-RNN) with the metrics most closely associated with the price as inputs. Since several hyperparameters regulate the learning process in an RNN, they are highly sensitive to their values. It is thus critical, to select optimal hyperparameters so that the training is quick and effective. Determining the optimal parameters of an RNN model is a tedious and complex process. Hence, previous studies have developed several self-adaptive approaches to determine the optimal values for various parameters effectively. However, none of the prior studies explore self-adaptive algorithms in deep learning models in conjunction with on-chain data to predict cryptocurrency prices. In this paper, we propose three self-adaptive techniques, each of which converges on a set of optimal parameters to predict the price of Ethereum accurately. We compare our results to a traditional LSTM model. Our approach exhibits 86.94% accuracy while maintaining a minimum error rate.

Link: IEEE Xplore Full-Text PDF:

  1. Tuxedo: Maximizing Smart Contract computation in PoW

    Authors: Sourav Das, Nitin Awathare, Ling Ren, Vinay J. Ribeiro, and Umesh Bellur

Proof-of-Work (PoW) based blockchains typically allocate only a tiny fraction (e.g., less than 1% for Ethereum) of the average interarrival time (I) between blocks for validating smart contracts present in transactions. In such systems, block validation and PoW mining are typically performed sequentially, the former by CPUs and the latter by ASICs. A trivial increase in validation time (𝜏) introduces the popularly known Verifier’s Dilemma, and as we demonstrate, causes more forking and hurts fairness. Large 𝜏 also reduces the tolerance for safety against a Byzantine adversary. Solutions that offload validation to a set of non-chain nodes (a.k.a. off-chain approaches) suffer from trust and performance issues that are non-trivial to resolve.
In this paper, we present Tuxedo, the first on-chain protocol to theoretically scale 𝜏/I ≈ 1 in PoW blockchains. The key innovation in Tuxedo is to perform CPU-based block processing in parallel to ASIC mining. We achieve this by allowing miners to delay validation of transactions in a block by up to 𝜁 blocks, where 𝜁 is a system parameter. We perform security analysis of Tuxedo considering all possible adversarial strategies in a synchronous network with maximum end-to-end delay ∆ and demonstrate that Tuxedo achieves security equivalent to known results for longest chain PoW Nakamoto consensus. Our prototype implementation of Tuxedo atop Ethereum demonstrates that it can scale 𝜏 without suffering the harmful effects of naïve scaling up of 𝜏/I in existing blockchains.


1 Like

Research Pulse #44 is out!

In Alpha-Rays: Key Extraction Attacks on Threshold ECDSA Implementations, the authors present two novel attacks on Multi-Party Computation (MPC) custody schemes based on Threshold ECDSA. For context, Threshold ECDSA enables multisigs to be implemented off-chain and is now a leading method to structure custody schemes by certain user archetypes such as exchanges and funds. According to the paper, the PoC presented would have enabled attackers to compromise the funds of an entire wallet implemented under this scheme by extracting a single MPC constituent key.

Network topology analysis continues to enable privacy attacks across crypto networks. In Practical Deanonymization Attack in Ethereum Based on P2P Network Analysis, authors present a methodology to deanonymize broadcasters of Ethereum transactions through the use of well-established Machine Learning schemes. The authors then demonstrate how an attacker could use their model to make connections with roughly 90% of mainnet nodes and potentially compromise their privacy.

Finally, in Tuxedo: Maximizing Smart Contract computation in PoW Blockchains, authors experiment with the implementation of smart contract functionality in Proof-of-Work blockchains. Most importantly, they pursue the implementation of this key functionality while maintaining and relying on the backward-compatible rules of Nakamoto consensus.


For Improving Anonymous Whistleblower Credibility with Self-Sovereign Identity Authors: Jacob A. Young and Sahar Farshadkhah

The linke should be changed to:

The original one’s dead.


Thanks for flagging @Jerry_Ho!

1 Like