PDFS: Practical Data Feed Service for Smart Contracts

Smart contracts are a new paradigm that emerged with the rise of the blockchain technology. They allow untrusting parties to arrange agreements. These agreements are encoded as a programming language code and deployed on a blockchain platform, where all participants execute them and maintain their state. Smart contracts are promising since they are automated and decentralized, thus limiting the involvement of third trusted parties, and can contain monetary transfers. Due to these features, many people believe that smart contracts will revolutionize the way we think of distributed applications, information sharing, financial services, and infrastructures. To release the potential of smart contracts, it is necessary to connect the contracts with the outside world, such that they can understand and use information from other infrastructures. For instance, smart contracts would greatly benefit when they have access to web content. However, there are many challenges associated with realizing such a system, and despite the existence of many proposals, no solution is secure, provides easily-parsable data, introduces small overheads, and is easy to deploy. In this paper we propose PDFS, a practical system for data feeds that combines the advantages of the previous schemes and introduces new functionalities. PDFS extends content providers by including new features for data transparency and consistency validations. This combination provides multiple benefits like content which is easy to parse and efficient authenticity verification without breaking natural trust chains. PDFS keeps content providers auditable, mitigates their malicious activities (like data modification or censorship), and allows them to create a new business model. We show how PDFS is integrated with existing web services, report on a PDFS implementation and present results from conducted case studies and experiments.Comment: Blockchain; Smart Contracts; Data Authentication; Ethereu

Qur'ans from the Eastern Islamic world between the 4th/10th and 6th/12th centuries

This thesis identifies and studies Qur’ans produced in the eastern Islamic world between the 4th/10th and 6th/12th centuries. The period coincides with major transformations in the environment of Qur’an production: the replacement of “Kufic” with newer types of scripts; the use of paper instead of parchment as a writing material; and the introduction of the vertical format, which gradually replaced the old horizontal format of Qur’an manuscripts. It was during this period that the Seljuqs and Ghaznavids rose to power alongside other local dynasties in the eastern Islamic world following the breakdown of the Abbasid Empire in the 4th/10th century. The boundaries between these different empires, however, did not prevent the mobility of craftsmen to, from and within Greater Iran. The extant Qur’ans from this period point to a shared visual vocabulary due to the fluidity of borders and the mobility of motifs. Yet, within this common language, local trends emerged defying unified dynastic or regional labels. The similarities and differences in Qur’ans produced in Iraq, Iran, Syria, the Jazira, Khurasan and Transoxiana attest to this idea. At the turn of the 5th/11th century, new scripts were being stylised while the illumination was in continuity with past traditions. Qur’ans that survive from Greater Iran, Baghdad and Cairo, studied in the first and second chapters, point to local manners of script and illumination stylisation. Some of their epigraphic and decorative forms find parallels on architecture, pottery, and coins pointing to the travel of motifs not only across geographic boundaries but also across artistic fields. The third chapter identifies a group of Qur’ans copied in the first half of the 5th/11th century in Nishapur and hence represent a local style of Qur’an production. Imperial Ghaznavid and Ghurid Qur’ans copied between the second half of the 5th/11th century and the 6th/12th century, studied in the fourth and fifth chapters, exemplify trends of Qur’anic script and illumination in Khurasan. The aesthetic of the Ghaznavid Qur’ans is rooted in earlier traditions with links to Baghdad and Nishapur while that of the Ghurid Qur’ans appear in continuity with the Ghaznavid yet with new features. Their visual vocabulary resonates with the local eclectic style of architectural decoration and the ceramics, metalwork, coins and silk produced in Greater Iran. A section of the fourth chapter investigates the work of al-warrāq al-ghaznawī (the Warrāq from Ghazna), a recurrent title in the colophons of Ghaznavid Qur’ans that points to a collaborative work environment, and offers insights into the production of these Qur’ans. Based on similarities with the Ghaznavid and Ghurid corpus, additional Qur’ans are attributed to Khurasan and Transoxiana in the sixth chapter. Their visual languages also draw from Qur’anic and non-Qur’anic artistic productions of Khurasan and largely that of Greater Iran. Finally, Qur’ans copied in the 6th/12th century in the Central Islamic lands appear to be mutually related and further apart from those produced in Khurasan yet with visible links. The seventh and eighth chapters examine the aesthetic diversity in Qur’ans produced in Iran. Iraq, the Jazira and Syria. Their distinct features point to local stylisation of script and illumination that was shaped from the fluidity of motifs throughout the Mashriq

Bitcoin Crypto - bounties for quantum capable adversaries

With the advances in quantum computing taking place over the last few years, researchers have started considering the implications on cryptocurrencies. As most digital signature schemes would be impacted, it is somewhat reassuring that transition schemes to quantum resistant signatures are already being considered for Bitcoin. In this work, we stress the danger of public key reuse, as it prevents users from recovering their funds in the presence of a quantum enabled adversary despite any transition scheme the developers decide to implement. We emphasize this threat by quantifying the damage a functional quantum computer could inflict on Bitcoin (and Bitcoin Cash) by breaking exposed public keys

Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks

Recently, a number of existing blockchain systems have witnessed major bugs and vulnerabilities within smart contracts. Although the literature features a number of proposals for securing smart contracts, these proposals mostly focus on proving the correctness or absence of a certain type of vulnerability within a contract, but cannot protect deployed (legacy) contracts from being exploited. In this paper, we address this problem in the context of re-entrancy exploits and propose a novel smart contract security technology, dubbed Sereum (Secure Ethereum), which protects existing, deployed contracts against re-entrancy attacks in a backwards compatible way based on run-time monitoring and validation. Sereum does neither require any modification nor any semantic knowledge of existing contracts. By means of implementation and evaluation using the Ethereum blockchain, we show that Sereum covers the actual execution flow of a smart contract to accurately detect and prevent attacks with a false positive rate as small as 0.06% and with negligible run-time overhead. As a by-product, we develop three advanced re-entrancy attacks to demonstrate the limitations of existing offline vulnerability analysis tools

EVMPatch: Timely and Automated Patching of Ethereum Smart Contracts

Recent attacks exploiting errors in smart contract code had devastating consequences thereby questioning the benefits of this technology. It is currently highly challenging to fix errors and deploy a patched contract in time. Instant patching is especially important since smart contracts are always online due to the distributed nature of blockchain systems. They also manage considerable amounts of assets, which are at risk and often beyond recovery after an attack. Existing solutions to upgrade smart contracts depend on manual and error-prone processes. This paper presents a framework, called EVMPatch, to instantly and automatically patch faulty smart contracts. EVMPatch features a bytecode rewriting engine for the popular Ethereum blockchain, and transparently/automatically rewrites common off-the-shelf contracts to upgradable contracts. The proof-of-concept implementation of EVMPatch automatically hardens smart contracts that are vulnerable to integer over/underflows and access control errors, but can be easily extended to cover more bug classes. Our extensive evaluation on 14,000 real-world (vulnerable) contracts demonstrate that our approach successfully blocks attack transactions launched on these contracts, while keeping the intended functionality of the contract intact. We perform a study with experienced software developers, showing that EVMPatch is practical, and reduces the time for converting a given Solidity smart contract to an upgradable contract by 97.6 %, while ensuring functional equivalence to the original contract.Comment: A slightly shorter version of this paper will be published at USENIX Security Symposium 202