6 research outputs found
What are the Actual Flaws in Important Smart Contracts (and How Can We Find Them)?
An important problem in smart contract security is understanding the
likelihood and criticality of discovered, or potential, weaknesses in
contracts. In this paper we provide a summary of Ethereum smart contract audits
performed for 23 professional stakeholders, avoiding the common problem of
reporting issues mostly prevalent in low-quality contracts. These audits were
performed at a leading company in blockchain security, using both open-source
and proprietary tools, as well as human code analysis performed by professional
security engineers. We categorize 246 individual defects, making it possible to
compare the severity and frequency of different vulnerability types, compare
smart contract and non-smart contract flaws, and to estimate the efficacy of
automated vulnerability detection approaches
Pre-deployment Analysis of Smart Contracts -- A Survey
Smart contracts are programs that execute transactions involving independent
parties and cryptocurrencies. As programs, smart contracts are susceptible to a
wide range of errors and vulnerabilities. Such vulnerabilities can result in
significant losses. Furthermore, by design, smart contract transactions are
irreversible. This creates a need for methods to ensure the correctness and
security of contracts pre-deployment. Recently there has been substantial
research into such methods. The sheer volume of this research makes
articulating state-of-the-art a substantial undertaking. To address this
challenge, we present a systematic review of the literature. A key feature of
our presentation is to factor out the relationship between vulnerabilities and
methods through properties. Specifically, we enumerate and classify smart
contract vulnerabilities and methods by the properties they address. The
methods considered include static analysis as well as dynamic analysis methods
and machine learning algorithms that analyze smart contracts before deployment.
Several patterns about the strengths of different methods emerge through this
classification process
Decentralised finance's timocratic governance: The distribution and exercise of tokenised voting rights
Ethereum's public distributed ledger can issue tokenised voting rights that are tradable on crypto-asset exchanges by potentially anyone. Ethereum thus enables global, unincorporated associations to conduct governance experiments. Such experiments are crucial to Decentralised Finance (DeFi). DeFi is a nascent field of unlicensed, unregulated, and non-custodial financial services that utilise public distributed ledgers and crypto-assets rather than corporate structures and sovereign currencies. The inaugural Bloomberg Galaxy DeFi Index, launched in August 2021, included nine Ethereum-based projects – non-custodial exchanges as well as lending and derivatives platforms. Each project is governed, at least in part, by unregistered holders of tokenised voting rights (also known as governance tokens). Token-holders typically vote for or against coders' improvement proposals that pertain to anything from the allocation of treasury funds to a collateral's risk parameters. DeFi's governance thus depends on the distribution and exercise of tokenised voting rights. Since archetypal DeFi projects are not managed by companies or public institutions, not much is known about DeFi's governance. Regulators and law-makers from the United States recently asked if DeFi's governance entails a new class of “shadowy” elites. In response, we conducted an exploratory, multiple-case study that focused on the tokenised voting rights issued by the nine projects from Bloomberg's inaugural Galaxy DeFi index. Our mixed methods approach drew on Ethereum-based data about the distribution, trading, staking, and delegation of voting rights tokens, as well as project documentation and archival records. We discovered that DeFi projects' voting rights are highly concentrated, and the exercise of these rights is very low. Our theoretical contribution is a philosophical intervention: minority rule, not “democracy”, is the probable outcome of token-tradable voting rights and a lack of applicable anti-concentration laws. We interpret DeFi's minority rule as timocratic