Research Pulse Issue #47 01/10/22

1. Gas Gauge: A Security Analysis Tool for Smart Contract Out-of-Gas Vulnerabilities
   Authors: Behkish Nassirzadeh, Vijay Ganesh, Huaiying Sun, and Sebastian Banescu

In recent years we have witnessed a dramatic increase in the adoption and application of smart contracts in a variety of contexts such as decentralized finance, supply chain management, and identity management. However, a critical stumbling block to the further adoption of smart contracts is their security (or more precisely, the lack thereof). A particularly widespread class of security vulnerabilities that afflicts Ethereum smart contracts is the gas limit denial of service (DoS) on a contract via unbounded operations. These vulnerabilities result in a failed transaction with an ”out-of-gas” error and are often present in contracts containing loops whose bounds are affected by end-user input. Note that such vulnerabilities differ from gas limit DoS on the network via block stuffing.
To address the above-described problem, we present Gas Gauge, a tool aimed at detecting Out-of-Gas DoS vulnerabilities in Ethereum smart contracts. Gas Gauge consists of three major components: the Detection, Identification, and Correction Phases. The Detection Phase consists of an accurate static analysis approach that finds and summarizes all the loops in a smart contract. The Identification Phase, which follows the Detection Phase, uses a white-box fuzzing approach to generate a set of inputs that causes the contract to run out of gas. The Correction Phase uses static analysis and run-time verification to predict the maximum loop bounds consistent with allowable gas usage and suggest appropriate repairs to the user of the tool. Each part of the tool can be used separately for different purposes or all together to detect, identify and help repair the contracts vulnerable to Out-of-Gas DoS vulnerabilities. Gas Gauge was tested on 1,000 real-world solidity smart contracts deployed on the Ethereum Mainnet. The results were compared to seven stateof-the-art static and symbolic tools, including Mythril, Slither, SmartCheck, Securify 2.0, GasTap/Gasol, Madmax, and MPro, and it was empirically demonstrated that Gas Gauge is far more effective than competing state-of-the-art tools.

Link: https://arxiv.org/pdf/2112.14771.pdf

2. MSCCS: A Monero-Based Security-Enhanced Covert Communication System
   Authors: Liang Liu, Lin Liu, Beibei Li, Yi Zhong, Shan Liao, and Lei Zhang

Existing public blockchain-based covert communication systems are suffering the issues of insufficient robustness, anti-temper modification, and anonymity at both the transaction and network layers. In this paper, to overcome this problem, we propose a novel Monero-based security-enhanced covert communication system, in which a new storage-type covert channel is developed. This channel makes Monero transaction amount as data carrier for covert communication. Then, we devise two new algorithms, respectively for resisting Eclipse attacks and the two existing node crawling attacks. Extensive simulation experiments show that the developed new covert communication channel can achieve higher robustness, anti-detection, and anonymity. The new security-enhanced algorithms can effectively mitigate Eclipse attacks by 37.6%, and the two existing node crawling attacks by 21.1% and 17.1% respectively.

Link: https://www.sciencedirect.com/science/article/abs/pii/S1389128621006010

3. A Multipath Payment Scheme Supporting Proof of Payment
   Authors: Hangguan Qian and Lin You

Blockchain technology has always been plagued by performance problems. Given this problem, many scaling schemes have been put forward. A layer 2 network is a technology that solves the performance problem of blockchain. Connected parties in this network can set up channels to send digital currency to each other. Since the interaction with the blockchain is only required when the channel is established and closed, a large number of transactions do not need to be recorded on the blockchain, thus reducing the blockchain capacity. Due to the special structure of the payment channel, the distribution of funds in the channel is often unbalanced, which limits the route payment to a certain extent. This paper improves the original payment method in the second layer network by introducing new scripts. The new payment scheme supports proof of payment which is integral to the nature of the lightning network and divides the payment into several subpayments, so the large payment can be divided into relatively small payments. Due to the capacity limitation of the payment channel, theoretically, the success rate of the micropayment route is higher. This paper tests the new payment scheme on the simulated network and validates the nature of this solution to have a high routing success rate while supporting proof of payment.

Link: A Multipath Payment Scheme Supporting Proof of Payment

Thanks for publishing this research pulse. I found the Multipath Payment Scheme Supporting Proof of Payment paper particularly interesting. The distributed nature of Blockchain makes it less stellar in performance than traditional centralized systems. Several schemes have been employed to resolve its performance issues. The Layer 2 payment network technology is one of the solutions used to solve them. Here, the authors propose to improve the original payment method by adding new scripts to the layer.

The continuous progress of blockchain-related technology has led to a tremendous increase in blockchain-related applications. The increased usage of Blockchain has caused performance issues to arise. Solutions proposed to address performance issues in Blockchain include capacity expansion on the first layer chain and the improvement of the off-chain layer - which is the use of the second layer to reduce the burden on the first layer. The lightning network is a layer 2 network protocol based on Blockchain that has been proposed as a solution to the first layer’s scalability performance problem. The lighting network is a peer-to-peer system that allows users to make payments from one channel to another without trusting intermediaries. The network relies heavily on a single path payment system. The Atomic Multipath Payments (AMP) were proposed to solve the problems of; one, the non-guaranty of atomicity of multiple payments; second, the ceiling on the number of channels that can be paid by users, which leads to payment failure. Basic Atomic Multipath payments are another multipath payment scheme that uses the same payment hash in all paths. Here, the recipient only releases the parent secret preimage after receiving all child payments. Rapido, introduced by Lin et al., is another multipath payment mechanism that implements a multipath payment system by designing a D_HTLC smart contract.

In the paper, the authors designed a new atomic multipath scheme. The scheme supports proof of payment and conforms to the definition of atomicity of payment. In addition, the new scheme includes a sender and receiver scheme. The implication of these schemes is that the recipient must wait for all transactions to arrive before the parent secret can be concatenated, ensuring the payment’s atomicity. The new payment protocol mainly acts on Layer 2; thus, the operations in this scheme do not affect the main channel in any way.

This paper addresses the issues of scalability performance in Blockchain, examines solutions that have been proposed and propose a new solution that reduces the burden on the first layer and supports proof of payment by introducing new scripts to the original solution. The new scheme proposed seems to be advantageous in terms of the higher success rate of large payments when compared to payments in a non-multipath scheme. However, some important questions must be raised. First, What are the problems with the lightning network that the Atomic Multipath Payment scheme solves - is the AMP complementary to the lightning network, or does it solve some unresolved performance problems that are unsolved by the lightning network? Second, how does the new scheme address the risk of malicious attacks that are common to the lightning network?{1}

{1} Lightning Network Whitepaper. “The Bitcoin Lightning Network: Scalable Off-Chain Instant Payments,”