On the brink of a second financial system: modelling and mitigating risk in decentralised finance

This thesis focuses on risk and fragility within Decentralised Finance (DeFi). This thesis presents new evidence on the interconnected and fragile nature of DeFi protocols and develops an approach to mitigate risk in DeFi that relies upon redundancy. Within this context, our contributions are threefold. Firstly, we focus on a subset of DeFi protocols: Protocols for Loanable Funds (PLFs). PLFs use smart contract code to facilitate the intermediation of loanable funds and, in doing so, allow agents to borrow and save programmatically. Within these protocols, interest rate mechanisms seek to equilibrate the supply and demand for funds. After reviewing methodologies used to set interest rates in PLFs and examining how these interest rate rules have changed in response to changes in liquidity, our main contribution is to model the market efficiency and inter-connectedness between protocols. Second, we make two contributions by focusing on one particular DeFi protocol, MakerDAO’s DAI. The first is to examine how governance system design weaknesses could enable an attacker to take complete control of the protocol. We present a novel strategy utilising flash loans that enables the execution of a governance attack in just two transactions without locking any assets. Second, we develop a stress-testing framework for a stylised DeFi lending protocol, focusing on the impact of a drying-up of liquidity on protocol solvency. Our third contribution is to develop an approach to minimising the frequency and severity of exploits in DeFi attacks. The idea is to implement a program logic more than once, ideally using different programming languages. Then, for each implementation, the results should match before allowing the state of the blockchain to change. We provide a novel algorithm for implementing dissimilar redundancy for smart contracts. Taking these contributions together, this thesis presents new methods for modelling and mea- suring financial risk in DeFi, and — focussing on smart contract risk alone — develops an approach to mitigating it.Open Acces

Integrated testing and verification system for research flight software design document

The NASA Langley Research Center is developing the MUST (Multipurpose User-oriented Software Technology) program to cut the cost of producing research flight software through a system of software support tools. The HAL/S language is the primary subject of the design. Boeing Computer Services Company (BCS) has designed an integrated verification and testing capability as part of MUST. Documentation, verification and test options are provided with special attention on real time, multiprocessing issues. The needs of the entire software production cycle have been considered, with effective management and reduced lifecycle costs as foremost goals. Capabilities have been included in the design for static detection of data flow anomalies involving communicating concurrent processes. Some types of ill formed process synchronization and deadlock also are detected statically

An Abstract Machine for Unification Grammars

This work describes the design and implementation of an abstract machine, Amalia, for the linguistic formalism ALE, which is based on typed feature structures. This formalism is one of the most widely accepted in computational linguistics and has been used for designing grammars in various linguistic theories, most notably HPSG. Amalia is composed of data structures and a set of instructions, augmented by a compiler from the grammatical formalism to the abstract instructions, and a (portable) interpreter of the abstract instructions. The effect of each instruction is defined using a low-level language that can be executed on ordinary hardware. The advantages of the abstract machine approach are twofold. From a theoretical point of view, the abstract machine gives a well-defined operational semantics to the grammatical formalism. This ensures that grammars specified using our system are endowed with well defined meaning. It enables, for example, to formally verify the correctness of a compiler for HPSG, given an independent definition. From a practical point of view, Amalia is the first system that employs a direct compilation scheme for unification grammars that are based on typed feature structures. The use of amalia results in a much improved performance over existing systems. In order to test the machine on a realistic application, we have developed a small-scale, HPSG-based grammar for a fragment of the Hebrew language, using Amalia as the development platform. This is the first application of HPSG to a Semitic language.Comment: Doctoral Thesis, 96 pages, many postscript figures, uses pstricks, pst-node, psfig, fullname and a macros fil

Verification of Smart Contracts using the Interactive Theorem Prover Agda

The goal of this thesis is to verify smart contracts in Blockchain. In particular, we focus on smart contracts in Bitcoin and Solidity. In order to specify the correctness of smart contracts, we use weakest preconditions. For this, we develop a model of smart contracts in the interactive theorem prover and dependent type programming language Agda and prove the correctness of smart contracts in it. In the context of Bitcoin, our verification of Bitcoin scripts consists of non-conditional and conditional scripts. For Solidity, we refer to programs using object-oriented features of Solidity, such as calling of other contracts, full recursion, and the use of gas in order to guarantee termination while having a Turing-complete language. We have developed a simulator for Solidity-style smart contracts. As a main example, we executed a reentrancy attack in our model. We have verified smart contracts in Bitcoin and Solidity using weakest precondition in Agda. Furthermore, Agda, combined with the fact that it is a theorem prover and programming language, allows the writing of verified programs, where the verification takes place in the same language in which the program is written, avoiding the problem of translation from one language to another (with possible translation mistakes)

Vulnerability Analysis of Ethereum Smart Contracts

Η αλυσίδα κατανεμημένης εγγραφής (blockchain) έγινε αρχικά γνωστή ως η τεχνολογία πίσω από το Bitcoin, το πρώτο και πιο ευρέως διαδεδομένο κρυπτονόμισμα. Έκτοτε, έχει εξελιχθεί σε ένα ευέλικτο εργαλείο με ποικίλες εφαρμογές πέρα από τα ψηφιακά νομίσματα. Η κατανεμημένη και αποκεντρωμένη φύση της αλυσίδας κατανεμημένης εγγραφής χρησιμοποιείται για τη δημιουργία αδιάβλητων και διάφανων βάσεων δεδομένων, επιτρέποντας ασφαλείς και αξιόπιστες συναλλαγές χωρίς μεσάζοντες. Αυτό το χαρακτηριστικό έχει οδηγήσει στην υιοθέτηση της τεχνολογίας σε πεδία όπως τα οικονομικά, τα συστήματα υγείας, τα συστήματα διαχείρισης αλυσίδων εφοδιασμού και τα συστήματα ηλεκτρονικής ψηφοφορίας. Το Ethereum, η δεύτερη μεγαλύτερη αλυσίδα κατανεμημένης εγγραφής μετά το Bitcoin, είχε πολύ σημαντική επίδραση στην ανάπτυξη και στην υιοθέτηση της τεχνολογίας. Η λειτουργικότητα των προγραμματίσιμων Έξυπνων Συμβολαίων που παρέχει το Ethereum οδήγησε στη δημιουργία των Εφαρμογών Κατανεμημένης Οικονομίας (ΕΚΟ), οι οποίες παρέχουν κλασσικές οικονομικές υπηρεσίες όπως δάνεια και ανταλλαγές, χωρίς να απαιτείται η παρέμβαση κάποιου τραπεζικού συστήματος. Οι ΕΚΟ αποτελούν μια από τις πιο υποσχόμενες εφαρμογές της τεχνολογίας, με τη συνολική αξία που έχει επενδυθεί σε αυτές να ανέρχεται σε πολλά δισεκατομμύρια δολάρια. Ωστόσο, η ασφάλεια των έξυπνων συμβολαίων αποτελεί μια σημαντική πρόκληση, όπως καταδεικνύουν οι πολυάριθμες κυβερνοεπιθέσεις εναντίον τους τα τελευταία χρόνια. Όσο η τεχνολογία αλυσίδας κατανεμημένης εγγραφής αναπτύσσεται και συσσωρεύει περισσότερη αξία, τόσο πιο επιτακτική γίνεται η ανάγκη αποτίμησης και διόρθωσης των κενών ασφαλείας που προκύπτουν, ώστε να εξασφαλιστεί η εμπιστοσύνη και η υιοθέτησή της σε ευρεία κλίμακα. Στην παρούσα εργασία εξερευνούμε τις προκλήσεις ασφάλειας που αντιμετωπίζουν συστήματα βασισμένα στην τεχνολογία αλυσίδας κατανεμημένης εγγραφής, επικεντρώνοντας τη μελέτη μας στο Ethereum και στα έξυπνα συμβόλαια που προσφέρει. Θα μελετήσουμε κάποιες κατηγορίες πραγματικών επιθέσεων που αφορούν τα έξυπνα συμβόλαια, και θα συζητήσουμε για τους διάφορους μηχανισμούς και τις πρακτικές προστασίας τους. Ο στόχος μας είναι να παρουσιάσουμε περιεκτικά την τωρινή κατάσταση στο πεδίο της ασφάλειας των έξυπνων συμβολαίων, καθώς και να παρέχουμε ιδέες που θα συνεισφέρουν στον ασφαλέστερο προγραμματισμό των εφαρμογών τους.Initially known as the underlying technology behind Bitcoin, the first and most widely recognized cryptocurrency, blockchain has evolved into a versatile tool with diverse applications beyond digital currencies. The distributed and decentralized nature of the blockchain allows for the creation of tamper-proof and transparent databases, enabling secure and reliable transactions without the need for intermediaries. This characteristic has propelled the adoption of blockchain in various fields, including finance, supply chain management, healthcare, and voting systems. Ethereum, the second-largest blockchain platform after Bitcoin, has played a significant role in driving the growth and adoption of blockchain technology. Ethereum's programmable Smart Contract functionality enabled the creation of Decentralized Finance (DeFi) applications, which offer financial services such as lending, borrowing, and trading, without the need for banks. DeFi has emerged as one of the most promising use cases for blockchain technology, with the total value locked in DeFi applications exceeding tens of billions of dollars. However, the security of smart contracts has been a significant challenge, as evidenced by the numerous high-profile hacks and exploits that have taken place in recent years. As the blockchain continues to grow and accumulate more funds, it becomes critical to evaluate and address its security vulnerabilities to ensure the trust and confidence of its users. In this paper, we explore the security challenges facing blockchain-based systems, with a particular focus on Ethereum and its smart contract platform. We examine the different types of attacks that have been carried out against smart contracts and the underlying blockchain infrastructure, and we explore the various security mechanisms and best practices that can be employed to mitigate these risks. Our goal is to provide a comprehensive overview of the current state of security in the smart contract field and to offer insights into how we can develop more secure and robust coding practices in the future

Semantics and logics for signals

In operating systems such as Unix, processes can interact via signals. Signal handling resembles both exception handling and concurrent interleaving of processes. The handlers can be installed dynamically by the main program, but signals arrive non-deterministically; therefore, a handler may interrupt a program at any point. However, the interleaving of actions is not symmetric, in that the handler interrupts the main program, but not conversely. This thesis presents operational semantics and program logic for an idealized form of signal handling. To make signal handling logically tractable, we define handling to be block-structured. To reason about the interleaving of signal handlers, we adopt the idea of binary relations on states from rely-guarantee logics, imposing rely conditions on handlers. Given the one-way interleaving of signal handlers, the logic is less symmetric than rely-guarantee. We combine signal and exception handlers in the same language to investigate their interactions, specifically whether a handler can run more than once or is linearly used. We prove soundness of the program logic relative to a big-step operational semantics for signal handling. Then, we introduce and discuss reentrancy in various domains. Finally, we present our work towards logic with Reentrancy Linear Type System

Guidelines for implementing real-time process control using the PC

The application of the personal computer in the area of real-time process control is investigated. Background information is provided regarding factory automation and process control. The current use of the PC in the factory for data acquisition is presented along with an explanation of the advantages and disadvantages associated with extending the use of the PC to real-time process control. The use of interrupt-driven and polled I/O to obtain real-time response is investigated and contrasted with the use of a real-time operating system. A unique compilation of information provides guidelines for selecting an implementation method for real-time control. Experimental work is performed to evaluate the access time and latency periods for the hard drive, video monitor, and I/O devices operating in a DOS environment. The execution speeds of C and assembly language programs are investigated. A method to estimate the performance of a real-time control system using polled or interrupt-driven I/O is developed