Consolidation of Ground Truth Sets for Weakness Detection in Smart Contracts

Smart contracts are small programs on the blockchain that often handle valuable assets. Vulnerabilities in smart contracts can be costly, as time has shown over and over again. Countermeasures are high in demand and include best practice recommendations as well as tools supporting development, program verification, and post-deployment analysis. Many tools focus on detecting the absence or presence of a subset of the known vulnerabilities, delivering results of varying quality. Most comparative tool evaluations resort to selecting a handful of tools and testing them against each other. In the best case, the evaluation is based on a smallish ground truth. For Ethereum, there are commendable efforts by several author groups to manually classify contracts. However, a comprehensive ground truth is still lacking. In this work, we construct a ground truth based on publicly available benchmark sets for Ethereum smart contracts with manually checked ground truth data. We develop a method to unify these sets. Additionally, we devise strategies for matching entries that pertain to the same contract, such that we can determine overlaps and disagreements between the sets and consolidate the disagreements. Finally, we assess the quality of the included ground truth sets. Our work reduces inconsistencies, redundancies, and incompleteness while increasing the number of data points and heterogeneity

SourceP: Smart Ponzi Schemes Detection on Ethereum Using Pre-training Model with Data Flow

As blockchain technology becomes more and more popular, a typical financial scam, the Ponzi scheme, has also emerged in the blockchain platform Ethereum. This Ponzi scheme deployed through smart contracts, also known as the smart Ponzi scheme, has caused a lot of economic losses and negative impacts. Existing methods for detecting smart Ponzi schemes on Ethereum mainly rely on bytecode features, opcode features, account features, and transaction behavior features of smart contracts, and such methods lack interpretability and sustainability. In this paper, we propose SourceP, a method to detect smart Ponzi schemes on the Ethereum platform using pre-training models and data flow, which only requires using the source code of smart contracts as features to explore the possibility of detecting smart Ponzi schemes from another direction. SourceP reduces the difficulty of data acquisition and feature extraction of existing detection methods while increasing the interpretability of the model. Specifically, we first convert the source code of a smart contract into a data flow graph and then introduce a pre-training model based on learning code representations to build a classification model to identify Ponzi schemes in smart contracts. The experimental results show that SourceP achieves 87.2\% recall and 90.7\% F-score for detecting smart Ponzi schemes within Ethereum's smart contract dataset, outperforming state-of-the-art methods in terms of performance and sustainability. We also demonstrate through additional experiments that pre-training models and data flow play an important contribution to SourceP, as well as proving that SourceP has a good generalization ability.Comment: 12 page

The Blockchain Imitation Game

The use of blockchains for automated and adversarial trading has become commonplace. However, due to the transparent nature of blockchains, an adversary is able to observe any pending, not-yet-mined transactions, along with their execution logic. This transparency further enables a new type of adversary, which copies and front-runs profitable pending transactions in real-time, yielding significant financial gains. Shedding light on such "copy-paste" malpractice, this paper introduces the Blockchain Imitation Game and proposes a generalized imitation attack methodology called Ape. Leveraging dynamic program analysis techniques, Ape supports the automatic synthesis of adversarial smart contracts. Over a timeframe of one year (1st of August, 2021 to 31st of July, 2022), Ape could have yielded 148.96M USD in profit on Ethereum, and 42.70M USD on BNB Smart Chain (BSC). Not only as a malicious attack, we further show the potential of transaction and contract imitation as a defensive strategy. Within one year, we find that Ape could have successfully imitated 13 and 22 known Decentralized Finance (DeFi) attacks on Ethereum and BSC, respectively. Our findings suggest that blockchain validators can imitate attacks in real-time to prevent intrusions in DeFi

Факторы успеха ICO. Эмпирические данные 2016–2019 годов

Since 2013, Initial Coin Offerings (ICO) have allowed companies to attract financing with the help of cryptocurrencies. Statistics of ICO shows that the ICO market is increasing and demand for funds continues to grow with claims of over $ 15 billion raised in the first half of 2018. The increasing volumes of investment in ICO projects as an alternative method to venture capital or IPO are caused by, for example, the possibility of reselling the received tokens at a higher price after the launch of the project or obtaining the company’s services at lower prices. While the importance of the topic is growing, there is the absence of fundamental works emphasizing the determinants of an ICO’s success. The scientific novelty of the forthcoming research consists in the formation of the model evaluation of ICO success. Using econometric analysis based on data for 1392 projects, we show that the volatility of the main cryptocurrencies has a significant impact on the success of ICO. The constraints of the platform for Smart Contacts (ERC-20) and dependence on the Ethereum volatility overcome all other factors. Our data contributes to existing literature and shows the insignificance e of the sector of the project, almost all location region and fl of infl e of quality of the team. This result may be explained by the uncertainty of the investor about the project (weak signals), absence of the regulation and legal framework. This result is beneficial for owners of companies since it is an argument for decreasing costs for marketing.С 2013 г. первичное предложение монет (ICO) позволяет компаниям привлекать финансирование с помощью криптовалют. Статистика ICO показывает, что спрос на них продолжает расти. В первой половине 2018 г. на финансирование этих проектов было заявлено более 15 млрд долл. США. Растущие объемы инвестиций в ICO проекты как альтернатива классическим способам привлечения средств с помощью венчурных фондов или IPO в основном объясняются потенциальной прибылью с будущей перепродажи полученных токенов или получением услуг компании по более низкой стоимости. Важность данной темы однозначна, однако существует мало фундаментальной литературы, фокусирующейся на причинах успеха ICO проектов. Научная новизна данной работы заключается в формировании модели оценки успеха ICO. Используя эконометрический анализ на основе данных для 1392 проектов, мы показываем, что волатильность основных криптовалют оказывает значительное влияние на успех ICO. Ограничения платформы, связанные со Smart Contacts (ERC-20), и зависимость от волатильности Ethereum превосходят остальные факторы. Наши данные дополняют имеющуюся литературу и показывают незначительность сектора проекта, локации и качества команды. Этот результат может быть объяснен неопределенностью инвестора в отношении проекта (слабые сигналы), отсутствием регулирования и правовой базы. Данный результат может быть полезен для владельцев компаний, поскольку является аргументом в пользу снижения затрат в сфере маркетинга

Decentralized autonomous organization as a disruptive innovation in insurance industry

Blockchain technology has raised a lot of discussions within academia as well as in financial industry. The founder of Ethereum, Vitalik Buterin, was first to introduce the idea of decentralized autonomous organization (DAO), in which blockchain and smart contracts are used to form a new kind of organization. This concept is at the center of this study: could DAO disrupt the insurance industry? DAO in this thesis is referred to as a system which utilizes transparent blockchain technology and smart contracts while being both governed and owned in a decentralized manner. This qualitative research focuses on providing a comprehensive view on DAO’s potential in insurance industry on a conceptual level. The findings combine expertise gathered from 17 informants in semi-structured interviews. This research describes the changes in insurance value chain. Additionally, several possibilities for DAO utilization in insurance industry were identified. The DAO potential is also reviewed from the perspective of a disruptive innovation, as the main research question of this study aims to understand the disruptive potential (if there is such) of DAO in insurance industry. The main finding of this research is that DAO’s disruptive potential in insurance industry cannot be completely denied. However, there are still many open questions which stem from mindset change, regulation, governance, social construction, consumer perspective, quality of information, and technological maturity. The study did not find challenges that would have been seen as unsolvable barriers for DAO adoption. Furthermore, markets where DAO would not have any potential could not be identified. Another key finding concerns how DAO could affect insurance value chain — in essence, DAO has potential to affect all parts of the insurance value chain, depending on the chosen implementation strategy. Based on this research, DAO seems to have manifold potential in insurance industry. Three main categories arose from the expert interviews regarding opportunities to exploit DAO in insurance: (1) peer-to-peer insurance models, (2) new markets, and, most notably, (3) existing companies could also act as DAO exploiters. Specifically, it seems that existing companies may utilize DAOs in three different ways: (1) as internal startup for certain products, (2) as an entity to which a particular part of the value chain is outsourced to, and (3) in a way, we don't know yet

Using the blockchain to enable transparent and auditable processing of personal data in cloud- based services: Lessons from the Privacy-Aware Cloud Ecosystems (PACE) project

The architecture of cloud-based services is typically opaque and intricate. As a result, data subjects cannot exercise adequate control over their personal data, and overwhelmed data protection authorities must spend their limited resources in costly forensic efforts to ascertain instances of non-compliance. To address these data protection challenges, a group of computer scientists and socio-legal scholars joined forces in the Privacy-Aware Cloud Ecosystems (PACE) project to design a blockchain-based privacy-enhancing technology (PET). This article presents the fruits of this collaboration, highlighting the capabilities and limits of our PET, as well as the challenges we encountered during our interdisciplinary endeavour. In particular, we explore the barriers to interdisciplinary collaboration between law and computer science that we faced, and how these two fields’ different expectations as to what technology can do for data protection law compliance had an impact on the project's development and outcome. We also explore the overstated promises of techno-regulation, and the practical and legal challenges that militate against the implementation of our PET: most industry players have no incentive to deploy it, the transaction costs of running it make it prohibitively expensive, and there are significant clashes between the blockchain's decentralised architecture and GDPR's requirements that hinder its deployability. We share the insights and lessons we learned from our efforts to overcome these challenges, hoping to inform other interdisciplinary projects that are increasingly important to shape a data ecosystem that promotes the protection of our personal data

Coin-Operated Capitalism

This Article presents the legal literature’s first detailed analysis of the inner workings of Initial Coin Offerings. We characterize the ICO as an example of financial innovation, placing it in kinship with venture capital contracting, asset securitization, and (obviously) the IPO. We also take the form seriously as an example of technological innovation, where promoters are beginning to effectuate their promises to investors through computer code, rather than traditional contract. To understand the dynamics of this shift, we first collect contracts, “white papers,” and other contract-like documents for the fifty top-grossing ICOs of 2017. We then analyze how such projects’ software code reflected (or failed to reflect) their contractual promises. Our inquiry reveals that many ICOs failed even to promise that they would protect investors against insider self-dealing. Fewer still manifested such contracts in code. Surprisingly, in a community known for espousing a technolibertarian belief in the power of “trustless trust” built with carefully designed code, a significant fraction of issuers retained centralized control through previously undisclosed code permitting modification of the entities’ governing structures. These findings offer valuable lessons to legal scholars, economists, and policymakers about the roles played by gatekeepers; about the value of regulation; and the possibilities for socially valuable private ordering in a relatively anonymous, decentralized environment