Side Contract Commitment Attacks on Blockchains

We identify a subtle security issue that impacts the design of smart contracts, because agents may themselves deploy smart contracts (side contracts). Typically, equilibria of games are analyzed in vitro, under the assumption that players cannot arbitrarily commit to strategies. However, equilibria thus obtained do not hold in general in vivo, when games are deployed on a blockchain. Being able to deploy side contracts changes fundamental game-theoretic assumptions by inducing a meta-game wherein agents strategize to deploy the best contracts. Not taking side contracts into account thus fails to capture an important aspect of deploying smart contracts in practice. A game that remains secure when the players can deploy side contracts is said to be side contract resilient. We demonstrate the non-triviality of side contract resilience by analyzing two smart contracts for decentralized commerce. These contracts have the same intended functionality, but we show that only one is side contract resilient. We then demonstrate a side contract attack on first-price auctions, which are the transaction mechanisms used by most major blockchains. We show that an agent may deploy a contract ensuring their transaction is included in the next block at almost zero cost while forcing most other agents to enter into a lottery for the remaining block space. This benefits all the users, but is detrimental to the miners. This might be cause for re-evaluation of the use of auctions in transaction fee mechanisms. We show that the attack works under certain conditions that hold with high probability from natural distributions. The attack also works against the transaction mechanism EIP-1559. Our work highlights an issue that is necessary to address to ensure the secure deployment of smart contracts and suggests that other contracts already deployed on major blockchains may be susceptible to these attacks

Outsourcing Adjudication to Strategic Jurors

We study a scenario where an adjudication task (e.g., the resolution of a binary dispute) is outsourced to a set of agents who are appointed as jurors. This scenario is particularly relevant in a Web3 environment, where no verification of the adjudication outcome is possible, and the appointed agents are, in principle, indifferent to the final verdict. We consider simple adjudication mechanisms that use (1) majority voting to decide the final verdict and (2) a payment function to reward the agents with the majority vote and possibly punish the ones in the minority. Agents interact with such a mechanism strategically: they exert some effort to understand how to properly judge the dispute and cast a yes/no vote that depends on this understanding and on information they have about the rest of the votes. Eventually, they vote so that their utility (i.e., their payment from the mechanism minus the cost due to their effort) is maximized. Under reasonable assumptions about how an agent's effort is related to her understanding of the dispute, we show that appropriate payment functions can be used to recover the correct adjudication outcome with high probability. Our findings follow from a detailed analysis of the induced strategic game and make use of both theoretical arguments and simulation experiments

Game theory on the blockchain: a model for games with smart contracts

We propose a model for games in which the players have shared access to a blockchain that allows them to deploy smart contracts to act on their behalf. This changes fundamental game-theoretic assumptions about rationality since a contract can commit a player to act irrationally in specific subgames, making credible otherwise non-credible threats. This is further complicated by considering the interaction between multiple contracts which can reason about each other. This changes the nature of the game in a nontrivial way as choosing which contract to play can itself be considered a move in the game. Our model generalizes known notions of equilibria, with a single contract being equivalent to a Stackelberg equilibrium, and two contracts being equivalent to a reverse Stackelberg equilibrium. We prove a number of bounds on the complexity of computing SPE in such games with smart contracts. We show that computing an SPE is $\textsf{PSPACE}$-hard in the general case. Specifically, in games with $k$ contracts, we show that computing an SPE is $\Sigma_k^\textsf{P}$-hard for games of imperfect information. We show that computing an SPE remains $\textsf{PSPACE}$-hard in games of perfect information if we allow for an unbounded number of contracts. We give an algorithm for computing an SPE in two-contract games of perfect information that runs in time $O(m\ell)$ where $m$ is the size of the game tree and $\ell$ is the number of terminal nodes. Finally, we conjecture the problem to be $\textsf{NP}$-complete for three contracts

Communication Lower Bounds for Perfect Maliciously Secure MPC

We prove a lower bound on the communication complexity of perfect maliciously secure multiparty computation, in the standard model with $n=3t+1$ parties of which $t$ are corrupted. We show that for any $n$ and all large enough $g \in \mathbb{N}$ there exists a Boolean circuit $C$ with $g$ gates, where any perfectly secure protocol implementing $C$ must communicate $\Omega(n g)$ bits. The results easily extends to constructing similar circuits over any fixed finite field. Our results also extend to the case where the threshold $t$ is suboptimal. Namely if $n= 3t+s$ the bound is $\Omega(ng/s)$, which corresponds to known optimizations via packed secret-sharing. Using known techniques, we also show an upper bound that matches the lower bound up to a constant factor (existing upper bounds are a factor $\log n$ off for Boolean circuits)