157 research outputs found
PDFS: Practical Data Feed Service for Smart Contracts
Smart contracts are a new paradigm that emerged with the rise of the
blockchain technology. They allow untrusting parties to arrange agreements.
These agreements are encoded as a programming language code and deployed on a
blockchain platform, where all participants execute them and maintain their
state. Smart contracts are promising since they are automated and
decentralized, thus limiting the involvement of third trusted parties, and can
contain monetary transfers. Due to these features, many people believe that
smart contracts will revolutionize the way we think of distributed
applications, information sharing, financial services, and infrastructures.
To release the potential of smart contracts, it is necessary to connect the
contracts with the outside world, such that they can understand and use
information from other infrastructures. For instance, smart contracts would
greatly benefit when they have access to web content. However, there are many
challenges associated with realizing such a system, and despite the existence
of many proposals, no solution is secure, provides easily-parsable data,
introduces small overheads, and is easy to deploy.
In this paper we propose PDFS, a practical system for data feeds that
combines the advantages of the previous schemes and introduces new
functionalities. PDFS extends content providers by including new features for
data transparency and consistency validations. This combination provides
multiple benefits like content which is easy to parse and efficient
authenticity verification without breaking natural trust chains. PDFS keeps
content providers auditable, mitigates their malicious activities (like data
modification or censorship), and allows them to create a new business model. We
show how PDFS is integrated with existing web services, report on a PDFS
implementation and present results from conducted case studies and experiments.Comment: Blockchain; Smart Contracts; Data Authentication; Ethereu
Qur'ans from the Eastern Islamic world between the 4th/10th and 6th/12th centuries
This thesis identifies and studies Qurâans produced in the eastern Islamic world between the
4th/10th and 6th/12th centuries. The period coincides with major transformations in the
environment of Qurâan production: the replacement of âKuficâ with newer types of scripts; the
use of paper instead of parchment as a writing material; and the introduction of the vertical
format, which gradually replaced the old horizontal format of Qurâan manuscripts.
It was during this period that the Seljuqs and Ghaznavids rose to power alongside other local
dynasties in the eastern Islamic world following the breakdown of the Abbasid Empire in the
4th/10th century. The boundaries between these different empires, however, did not prevent the
mobility of craftsmen to, from and within Greater Iran. The extant Qurâans from this period
point to a shared visual vocabulary due to the fluidity of borders and the mobility of motifs. Yet,
within this common language, local trends emerged defying unified dynastic or regional labels.
The similarities and differences in Qurâans produced in Iraq, Iran, Syria, the Jazira, Khurasan
and Transoxiana attest to this idea.
At the turn of the 5th/11th century, new scripts were being stylised while the illumination was in
continuity with past traditions. Qurâans that survive from Greater Iran, Baghdad and Cairo,
studied in the first and second chapters, point to local manners of script and illumination
stylisation. Some of their epigraphic and decorative forms find parallels on architecture, pottery,
and coins pointing to the travel of motifs not only across geographic boundaries but also across
artistic fields. The third chapter identifies a group of Qurâans copied in the first half of the
5th/11th century in Nishapur and hence represent a local style of Qurâan production.
Imperial Ghaznavid and Ghurid Qurâans copied between the second half of the 5th/11th century
and the 6th/12th century, studied in the fourth and fifth chapters, exemplify trends of Qurâanic
script and illumination in Khurasan. The aesthetic of the Ghaznavid Qurâans is rooted in earlier
traditions with links to Baghdad and Nishapur while that of the Ghurid Qurâans appear in
continuity with the Ghaznavid yet with new features. Their visual vocabulary resonates with the
local eclectic style of architectural decoration and the ceramics, metalwork, coins and silk
produced in Greater Iran. A section of the fourth chapter investigates the work of al-warrÄq al-ghaznawÄ« (the WarrÄq from Ghazna), a recurrent title in the colophons of Ghaznavid Qurâans
that points to a collaborative work environment, and offers insights into the production of these
Qurâans. Based on similarities with the Ghaznavid and Ghurid corpus, additional Qurâans are
attributed to Khurasan and Transoxiana in the sixth chapter. Their visual languages also draw
from Qurâanic and non-Qurâanic artistic productions of Khurasan and largely that of Greater
Iran.
Finally, Qurâans copied in the 6th/12th century in the Central Islamic lands appear to be mutually
related and further apart from those produced in Khurasan yet with visible links. The seventh
and eighth chapters examine the aesthetic diversity in Qurâans produced in Iran. Iraq, the Jazira
and Syria. Their distinct features point to local stylisation of script and illumination that was
shaped from the fluidity of motifs throughout the Mashriq
Bitcoin Crypto - bounties for quantum capable adversaries
With the advances in quantum computing taking place over the last few years, researchers have started considering the implications on cryptocurrencies. As most digital signature schemes would be impacted, it is somewhat reassuring that transition schemes to quantum resistant signatures are already being considered for Bitcoin. In this work, we stress the danger of public key reuse, as it prevents users from recovering their funds in the presence of a quantum enabled adversary despite any transition scheme the developers decide to implement. We emphasize this threat by quantifying the damage a functional quantum computer could inflict on Bitcoin (and Bitcoin Cash) by breaking exposed public keys
Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks
Recently, a number of existing blockchain systems have witnessed major bugs
and vulnerabilities within smart contracts. Although the literature features a
number of proposals for securing smart contracts, these proposals mostly focus
on proving the correctness or absence of a certain type of vulnerability within
a contract, but cannot protect deployed (legacy) contracts from being
exploited. In this paper, we address this problem in the context of re-entrancy
exploits and propose a novel smart contract security technology, dubbed Sereum
(Secure Ethereum), which protects existing, deployed contracts against
re-entrancy attacks in a backwards compatible way based on run-time monitoring
and validation. Sereum does neither require any modification nor any semantic
knowledge of existing contracts. By means of implementation and evaluation
using the Ethereum blockchain, we show that Sereum covers the actual execution
flow of a smart contract to accurately detect and prevent attacks with a false
positive rate as small as 0.06% and with negligible run-time overhead. As a
by-product, we develop three advanced re-entrancy attacks to demonstrate the
limitations of existing offline vulnerability analysis tools
EVMPatch: Timely and Automated Patching of Ethereum Smart Contracts
Recent attacks exploiting errors in smart contract code had devastating
consequences thereby questioning the benefits of this technology. It is
currently highly challenging to fix errors and deploy a patched contract in
time. Instant patching is especially important since smart contracts are always
online due to the distributed nature of blockchain systems. They also manage
considerable amounts of assets, which are at risk and often beyond recovery
after an attack. Existing solutions to upgrade smart contracts depend on manual
and error-prone processes. This paper presents a framework, called EVMPatch, to
instantly and automatically patch faulty smart contracts. EVMPatch features a
bytecode rewriting engine for the popular Ethereum blockchain, and
transparently/automatically rewrites common off-the-shelf contracts to
upgradable contracts. The proof-of-concept implementation of EVMPatch
automatically hardens smart contracts that are vulnerable to integer
over/underflows and access control errors, but can be easily extended to cover
more bug classes. Our extensive evaluation on 14,000 real-world (vulnerable)
contracts demonstrate that our approach successfully blocks attack transactions
launched on these contracts, while keeping the intended functionality of the
contract intact. We perform a study with experienced software developers,
showing that EVMPatch is practical, and reduces the time for converting a given
Solidity smart contract to an upgradable contract by 97.6 %, while ensuring
functional equivalence to the original contract.Comment: A slightly shorter version of this paper will be published at USENIX
Security Symposium 202
- âŠ