208 research outputs found
Consolidation of Ground Truth Sets for Weakness Detection in Smart Contracts
Smart contracts are small programs on the blockchain that often handle
valuable assets. Vulnerabilities in smart contracts can be costly, as time has
shown over and over again. Countermeasures are high in demand and include best
practice recommendations as well as tools supporting development, program
verification, and post-deployment analysis. Many tools focus on detecting the
absence or presence of a subset of the known vulnerabilities, delivering
results of varying quality. Most comparative tool evaluations resort to
selecting a handful of tools and testing them against each other. In the best
case, the evaluation is based on a smallish ground truth. For Ethereum, there
are commendable efforts by several author groups to manually classify
contracts. However, a comprehensive ground truth is still lacking. In this
work, we construct a ground truth based on publicly available benchmark sets
for Ethereum smart contracts with manually checked ground truth data. We
develop a method to unify these sets. Additionally, we devise strategies for
matching entries that pertain to the same contract, such that we can determine
overlaps and disagreements between the sets and consolidate the disagreements.
Finally, we assess the quality of the included ground truth sets. Our work
reduces inconsistencies, redundancies, and incompleteness while increasing the
number of data points and heterogeneity
SourceP: Smart Ponzi Schemes Detection on Ethereum Using Pre-training Model with Data Flow
As blockchain technology becomes more and more popular, a typical financial
scam, the Ponzi scheme, has also emerged in the blockchain platform Ethereum.
This Ponzi scheme deployed through smart contracts, also known as the smart
Ponzi scheme, has caused a lot of economic losses and negative impacts.
Existing methods for detecting smart Ponzi schemes on Ethereum mainly rely on
bytecode features, opcode features, account features, and transaction behavior
features of smart contracts, and such methods lack interpretability and
sustainability. In this paper, we propose SourceP, a method to detect smart
Ponzi schemes on the Ethereum platform using pre-training models and data flow,
which only requires using the source code of smart contracts as features to
explore the possibility of detecting smart Ponzi schemes from another
direction. SourceP reduces the difficulty of data acquisition and feature
extraction of existing detection methods while increasing the interpretability
of the model. Specifically, we first convert the source code of a smart
contract into a data flow graph and then introduce a pre-training model based
on learning code representations to build a classification model to identify
Ponzi schemes in smart contracts. The experimental results show that SourceP
achieves 87.2\% recall and 90.7\% F-score for detecting smart Ponzi schemes
within Ethereum's smart contract dataset, outperforming state-of-the-art
methods in terms of performance and sustainability. We also demonstrate through
additional experiments that pre-training models and data flow play an important
contribution to SourceP, as well as proving that SourceP has a good
generalization ability.Comment: 12 page
The Blockchain Imitation Game
The use of blockchains for automated and adversarial trading has become
commonplace. However, due to the transparent nature of blockchains, an
adversary is able to observe any pending, not-yet-mined transactions, along
with their execution logic. This transparency further enables a new type of
adversary, which copies and front-runs profitable pending transactions in
real-time, yielding significant financial gains.
Shedding light on such "copy-paste" malpractice, this paper introduces the
Blockchain Imitation Game and proposes a generalized imitation attack
methodology called Ape. Leveraging dynamic program analysis techniques, Ape
supports the automatic synthesis of adversarial smart contracts. Over a
timeframe of one year (1st of August, 2021 to 31st of July, 2022), Ape could
have yielded 148.96M USD in profit on Ethereum, and 42.70M USD on BNB Smart
Chain (BSC).
Not only as a malicious attack, we further show the potential of transaction
and contract imitation as a defensive strategy. Within one year, we find that
Ape could have successfully imitated 13 and 22 known Decentralized Finance
(DeFi) attacks on Ethereum and BSC, respectively. Our findings suggest that
blockchain validators can imitate attacks in real-time to prevent intrusions in
DeFi
Факторы успеха ICO. Эмпирические данные 2016–2019 годов
Since 2013, Initial Coin Offerings (ICO) have allowed companies to attract financing with the help of cryptocurrencies. Statistics of ICO shows that the ICO market is increasing and demand for funds continues to grow with claims of over $ 15 billion raised in the first half of 2018. The increasing volumes of investment in ICO projects as an alternative method to venture capital or IPO are caused by, for example, the possibility of reselling the received tokens at a higher price after the launch of the project or obtaining the company’s services at lower prices. While the importance of the topic is growing, there is the absence of fundamental works emphasizing the determinants of an ICO’s success. The scientific novelty of the forthcoming research consists in the formation of the model evaluation of ICO success. Using econometric analysis based on data for 1392 projects, we show that the volatility of the main cryptocurrencies has a significant impact on the success of ICO. The constraints of the platform for Smart Contacts (ERC-20) and dependence on the Ethereum volatility overcome all other factors. Our data contributes to existing literature and shows the insignificance e of the sector of the project, almost all location region and fl of infl e of quality of the team. This result may be explained by the uncertainty of the investor about the project (weak signals), absence of the regulation and legal framework. This result is beneficial for owners of companies since it is an argument for decreasing costs for marketing.С 2013 г. первичное предложение монет (ICO) позволяет компаниям привлекать финансирование с помощью криптовалют. Статистика ICO показывает, что спрос на них продолжает расти. В первой половине 2018 г. на финансирование этих проектов было заявлено более 15 млрд долл. США. Растущие объемы инвестиций в ICO проекты как альтернатива классическим способам привлечения средств с помощью венчурных фондов или IPO в основном объясняются потенциальной прибылью с будущей перепродажи полученных токенов или получением услуг компании по более низкой стоимости. Важность данной темы однозначна, однако существует мало фундаментальной литературы, фокусирующейся на причинах успеха ICO проектов. Научная новизна данной работы заключается в формировании модели оценки успеха ICO. Используя эконометрический анализ на основе данных для 1392 проектов, мы показываем, что волатильность основных криптовалют оказывает значительное влияние на успех ICO. Ограничения платформы, связанные со Smart Contacts (ERC-20), и зависимость от волатильности Ethereum превосходят остальные факторы. Наши данные дополняют имеющуюся литературу и показывают незначительность сектора проекта, локации и качества команды. Этот результат может быть объяснен неопределенностью инвестора в отношении проекта (слабые сигналы), отсутствием регулирования и правовой базы. Данный результат может быть полезен для владельцев компаний, поскольку является аргументом в пользу снижения затрат в сфере маркетинга
Decentralized autonomous organization as a disruptive innovation in insurance industry
Blockchain technology has raised a lot of discussions within academia as well as in financial industry. The founder of Ethereum, Vitalik Buterin, was first to introduce the idea of decentralized autonomous organization (DAO), in which blockchain and smart contracts are used to form a new kind of organization. This concept is at the center of this study: could DAO disrupt the insurance industry?
DAO in this thesis is referred to as a system which utilizes transparent blockchain technology and smart contracts while being both governed and owned in a decentralized manner. This qualitative research focuses on providing a comprehensive view on DAO’s potential in insurance industry on a conceptual level. The findings combine expertise gathered from 17 informants in semi-structured interviews. This research describes the changes in insurance value chain. Additionally, several possibilities for DAO utilization in insurance industry were identified. The DAO potential is also reviewed from the perspective of a disruptive innovation, as the main research question of this study aims to understand the disruptive potential (if there is such) of DAO in insurance industry.
The main finding of this research is that DAO’s disruptive potential in insurance industry cannot be completely denied. However, there are still many open questions which stem from mindset change, regulation, governance, social construction, consumer perspective, quality of information, and technological maturity. The study did not find challenges that would have been seen as unsolvable barriers for DAO adoption. Furthermore, markets where DAO would not have any potential could not be identified. Another key finding concerns how DAO could affect insurance value chain — in essence, DAO has potential to affect all parts of the insurance value chain, depending on the chosen implementation strategy.
Based on this research, DAO seems to have manifold potential in insurance industry. Three main categories arose from the expert interviews regarding opportunities to exploit DAO in insurance: (1) peer-to-peer insurance models, (2) new markets, and, most notably, (3) existing companies could also act as DAO exploiters. Specifically, it seems that existing companies may utilize DAOs in three different ways: (1) as internal startup for certain products, (2) as an entity to which a particular part of the value chain is outsourced to, and (3) in a way, we don't know yet
Using the blockchain to enable transparent and auditable processing of personal data in cloud- based services: Lessons from the Privacy-Aware Cloud Ecosystems (PACE) project
The architecture of cloud-based services is typically opaque and intricate. As a result, data subjects cannot exercise adequate control over their personal data, and overwhelmed data protection authorities must spend their limited resources in costly forensic efforts to ascertain instances of non-compliance. To address these data protection challenges, a group of computer scientists and socio-legal scholars joined forces in the Privacy-Aware Cloud Ecosystems (PACE) project to design a blockchain-based privacy-enhancing technology (PET). This article presents the fruits of this collaboration, highlighting the capabilities and limits of our PET, as well as the challenges we encountered during our interdisciplinary endeavour. In particular, we explore the barriers to interdisciplinary collaboration between law and computer science that we faced, and how these two fields’ different expectations as to what technology can do for data protection law compliance had an impact on the project's development and outcome. We also explore the overstated promises of techno-regulation, and the practical and legal challenges that militate against the implementation of our PET: most industry players have no incentive to deploy it, the transaction costs of running it make it prohibitively expensive, and there are significant clashes between the blockchain's decentralised architecture and GDPR's requirements that hinder its deployability. We share the insights and lessons we learned from our efforts to overcome these challenges, hoping to inform other interdisciplinary projects that are increasingly important to shape a data ecosystem that promotes the protection of our personal data
Coin-Operated Capitalism
This Article presents the legal literature’s first detailed analysis of the inner workings of Initial Coin Offerings. We characterize the ICO as an example of financial innovation, placing it in kinship with venture capital contracting, asset securitization, and (obviously) the IPO. We also take the form seriously as an example of technological innovation, where promoters are beginning to effectuate their promises to investors through computer code, rather than traditional contract. To understand the dynamics of this shift, we first collect contracts, “white papers,” and other contract-like documents for the fifty top-grossing ICOs of 2017. We then analyze how such projects’ software code reflected (or failed to reflect) their contractual promises. Our inquiry reveals that many ICOs failed even to promise that they would protect investors against insider self-dealing. Fewer still manifested such contracts in code. Surprisingly, in a community known for espousing a technolibertarian belief in the power of “trustless trust” built with carefully designed code, a significant fraction of issuers retained centralized control through previously undisclosed code permitting modification of the entities’ governing structures. These findings offer valuable lessons to legal scholars, economists, and policymakers about the roles played by gatekeepers; about the value of regulation; and the possibilities for socially valuable private ordering in a relatively anonymous, decentralized environment
- …