Authors: Andrew Kirillov and Sehyun Chung
The StableSims project set out to determine optimal parameters for the new auction mechanism, Liquidations 2.0, used by MakerDAO, a protocol built on Ethereum offering a decentralized, collateralized stablecoin called Dai. We developed an agent-based simulation that emulates both the Maker protocol smart contract logic, and how profit-motivated agents (“keepers”) will act in the real world when faced with decisions such as liquidating “vaults” (collateralized debt positions) and bidding on collateral auctions. This research focuses on the incentive structure introduced in Liquidations 2.0, which implements both a constant fee (tip) and a fee proportional to vault size (chip) paid to keepers that liquidate vaults or restart stale collateral auctions. We sought to minimize the amount paid in incentives while maximizing the speed with which undercollateralized vaults were liquidated. Our findings indicate that it is more cost-effective to increase the constant fee, as opposed to the proportional fee, in order to decrease the time it takes for keepers to liquidate vaults.
Towards Trustworthy DeFi Oracles: Past, Present and Future
Authors: Yinjie Zhao, Xin Kang, Tieyan Li, Cheng-Kang Chu, and Haiguang Wang
With the rapid development of blockchain technology in recent years, all kinds of blockchain-based applications have emerged. Among them, the decentralized finance (DeFi) is one of the most successful applications, which is regarded as the future of finance. The great success of DeFi relies on the real-world data which is not directly available on the blockchain. Besides, due to the deterministic nature of blockchain, the blockchain cannot directly obtain indeterministic data from the outside world (off-chain). Thus, oracles have appeared as a viable solution to feed off-chain data to blockchain applications. In this paper, we carry out a comprehensive study on oracles, especially on DeFi oracles. We first briefly introduce the application scenarios of DeFi oracles, and then we talk about the past of DeFi oracles by categorizing them into several types based on their design features. After that, we introduce five popular DeFi oracles currently in use (such as Chainlink and Band Protocol), with the focus on their system architecture, data validation process, and their incentive mechanisms. We compare these present DeFi oracles from their data trustworthiness, data source trustworthiness and their overall trust models. Finally, we propose a set of metrics for designing trustworthiness DeFi oracles, and propose a potential trust architecture and a few promising techniques for building trustworthiness oracles.
Inferring Sensitive Information in Cryptocurrency Off-Chain Networks Using Probing and Timing Attacks
Authors: Utz Nisslmueller, Klaus-Tycho Foerster, Stefan Schmid, and Christian Decker
Off-chain networks have recently emerged as a scalable solution for blockchains, allowing to increase the overall transaction throughput by reducing the number of transactions on the blockchain. However, off-chain networks typically require additional bootstrapping and route discovery functionality to determine viable routes. For example, the Lightning Network (LN) uses two mechanisms in conjunction: gossiping and probing. This paper shows that these mechanisms introduce novel vulnerabilities. In particular, we present two attacks. The first one, which we shall call a probing attack, enables an adversary to determine the (hidden) balance of a channel or route through active probing and differentiating the response messages from the route participants. The second one, which we shall call a timing attack, enables the adversary to determine the logical distance to the target in hops, given that geographical data of LN nodes is often publicly listed, or can be inferred from allocated IP addresses. We explore the setup and implementation of these attacks and address both the theoretical and practical limitations these attacks are subject to. Finally, we propose possible remediations and offer directions for further research on this topic.
Distributed Zero-Knowledge Proofs Over Networks
Authors: Aviv Bick, Gillat Kol, and Rotem Oshman
Zero knowledge proofs are one of the most influential concepts in theoretical computer science. In the seminal definition due to Goldwasser, Micali and Rackoff dating back to the 1980s, a computationally-bounded verifier interacts with a powerful but untrusted prover, with the goal of becoming convinced that the input is in some language. In addition to the usual requirements of completeness and soundness, in a zero knowledge proof, we protect the prover’s knowledge: assuming the prover is honest, anything that the verifier can deduce after interacting with the prover, it could have deduced by itself. Zero knowledge proofs have found many applications within theoretical computer science and beyond, e.g., in cryptography, client-cloud computing, blockchains and cryptocurrencies, electronic voting and auctions, and in the financial industry.
We define and study the notion of distributed zero knowledge proofs, reconciling the computational notion of zero-knowledge with the communication-based paradigm of distributed graph algorithms. In our setting, a network of verifiers interacts with an untrusted prover to decide some distributed language. As is usually the case in distributed graph algorithms, we assume that the verifiers have local views of the network and each only knows its neighbors. The prover, on the other hand, is assumed to know the entire network graph, as well as any input that the verifier may possess. As in the computational centralized setting, the protocol we design should protect this knowledge. In particular, due to the dual role of the underlying graph in distributed graph algorithms, serving as both the communication topology and the input to the problem, our protocol must protect the graph itself.
We construct communication-efficient distributed zero knowledge proofs for two central problems: the 3-coloring problem, one of the poster children of computational zero-knowledge, and for the spanning-tree verification problem, a fundamental building block for designing graph algorithms. We also give a general scheme for converting proof labeling-schemes to distributed zero-knowledge protocols with related parameters. Our protocols combine ideas from computational complexity, distributed computing, and cryptography.
Uncovering Smart Contract VM Bugs Via Differential Fuzzing
Authors: Dominik Maier, Fabian Fäßler, and Jean-Pierre Seifert
The ongoing public interest in blockchains and smart contracts has brought a rise to a magnitude of different blockchain implementations. The rate at which new concepts are envisioned and implemented makes it hard to vet their impact on security. Especially smart contract platforms, executing untrusted code, are very complex by design. Still, people put their trust and money into chains that may lack proper testing. A behavior deviation for edge cases of single op-codes is a critical bug class in this brave new world. It can be abused for Denial of Service against the blockchain, chain splits, double-spending, or direct attacks on applications operating on the blockchain. In this paper, we propose an automated methodology to uncover such differences. Through coverage-guided and state-guided fuzzing, we explore smart contract virtual machine behavior against multiple VMs in parallel. We develop NeoDiff, the first framework for feedback-guided differential fuzzing of smart contract VMs. We discuss real, monetary consequences our tool prevents. NeoDiff can be ported to new smart contract platforms with ease. Apart from fuzzing Ethereum VMs, NeoDiff found a range of critical differentials in VMs for the Neo blockchain. Moreover, through a higher-layer semantics mutator, we uncovered semantic discrepancies between Neo smart contracts written in Python when executed on the blockchain vs. classic CPython. Along the way, NeoDiff uncovered memory corruptions in the C# Neo VM.
EXGEN: Cross-platform, Automated Exploit Generation for Smart Contract Vulnerabilities
Authors: Ling Jin, Yinzhi Cao, Yan Chen, Di Zhang, and Simone Campanoni
Smart contracts, just like other computer programs, are prone to a variety of vulnerabilities, which lead to severe consequences including massive token and coin losses. Prior works have explored automated exploit generation for vulnerable Ethereum contracts. However, the scopes of prior works are limited in both vulnerability types and contract platforms. In this paper, we propose a cross-platform framework, called EXGEN, to generate multiple transactions as exploits to given vulnerable smart contracts. EXGEN first translates either Ethereum or EOS contracts to an intermediate representation (IR). Then, EXGEN generates symbolic attack contracts with transactions in a partial order and then symbolically executes the attack contracts together with the target to find and solve all the constraints. Lastly, EXGEN concretizes all the symbols, generates attack contracts with multiple transactions, and verifies the generated contracts’ exploitability on a private chain with values crawled from the public chain. We implemented a prototype of EXGEN and evaluated it on Ethereum and EOS benchmarks. EXGEN successfully exploits 1,258/1,399 (89.9%) Ethereum and 126/130 (96.9%) EOS vulnerabilities. EXGEN is also able to find zero-day vulnerabilities on EOS.