6 research outputs found
Mitigating Decentralized Finance Liquidations with Reversible Call Options
Liquidations in Decentralized Finance (DeFi) are both a blessing and a curse
-- whereas liquidations prevent lenders from capital loss, they simultaneously
lead to liquidation spirals and system-wide failures. Since most lending and
borrowing protocols assume liquidations are indispensable, there is an
increased interest in alternative constructions that prevent immediate
systemic-failure under uncertain circumstances.
In this work, we introduce reversible call options, a novel financial
primitive that enables the seller of a call option to terminate it before
maturity. We apply reversible call options to lending in DeFi and devise
Miqado, a protocol for lending platforms to replace the liquidation mechanisms.
To the best of our knowledge, Miqado is the first protocol that actively
mitigates liquidations to reduce the risk of liquidation spirals. Instead of
selling collateral, Miqado incentivizes external entities, so-called
supporters, to top-up a borrowing position and grant the borrower additional
time to rescue the debt. Our simulation shows that Miqado reduces the amount of
liquidated collateral by 89.82% in a worst-case scenario
SoK: Decentralized Finance (DeFi) Attacks
Within just four years, the blockchain-based Decentralized Finance (DeFi)
ecosystem has accumulated a peak total value locked (TVL) of more than 253
billion USD. This surge in DeFi's popularity has, unfortunately, been
accompanied by many impactful incidents. According to our data, users,
liquidity providers, speculators, and protocol operators suffered a total loss
of at least 3.24 billion USD from Apr 30, 2018 to Apr 30, 2022. Given the
blockchain's transparency and increasing incident frequency, two questions
arise: How can we systematically measure, evaluate, and compare DeFi incidents?
How can we learn from past attacks to strengthen DeFi security?
In this paper, we introduce a common reference frame to systematically
evaluate and compare DeFi incidents, including both attacks and accidents. We
investigate 77 academic papers, 30 audit reports, and 181 real-world incidents.
Our data reveals several gaps between academia and the practitioners'
community. For example, few academic papers address "price oracle attacks" and
"permissonless interactions", while our data suggests that they are the two
most frequent incident types (15% and 10.5% correspondingly). We also
investigate potential defenses, and find that: (i) 103 (56%) of the attacks are
not executed atomically, granting a rescue time frame for defenders; (ii) SoTA
bytecode similarity analysis can at least detect 31 vulnerable/23 adversarial
contracts; and (iii) 33 (15.3%) of the adversaries leak potentially
identifiable information by interacting with centralized exchanges
zk-Bench: A Toolset for Comparative Evaluation and Performance Benchmarking of SNARKs
Zero-Knowledge Proofs (ZKPs), especially Succinct Non-interactive ARguments of Knowledge (SNARKs), have garnered significant attention in modern cryptographic applications. Given the multitude of emerging tools and libraries, assessing their strengths and weaknesses is nuanced and time-consuming. Often, claimed results
are generated in isolation, and omissions in details render them irreproducible. The lack of comprehensive benchmarks, guidelines, and support frameworks to navigate the ZKP landscape effectively is a major barrier in the development of ZKP applications.
In response to this need, we introduce zk-Bench, the first benchmarking framework and estimator tool designed for performance evaluation of public-key cryptography, with a specific focus on practical assessment of general-purpose ZKP systems. To simplify navigating the complex set of metrics and qualitative properties, we offer a comprehensive open-source evaluation platform, which enables the rigorous dissection and analysis of tools for ZKP development to uncover their trade-offs throughout the entire development stack; from low-level arithmetic libraries, to high-level tools for SNARK development.
Using zk-Bench, we (i) collect data across different elliptic curves implemented across libraries, (ii) evaluate tools for ZKP development and (iii) provide a tool for estimating cryptographic protocols, instantiated for the proof system, achieving an accuracy of 6 − 32% for ZKP circuits with up to millions of gates. By evaluating zk-Bench for various hardware configurations, we find that certain tools for ZKP development favor compute-optimized hardware, while others benefit from memory-optimized hardware. We observed performance enhancements of up to % for memory-optimized configurations and % for compute-optimized configurations, contingent on the specific ZKP development tool utilized
SoK: Decentralized Finance (DeFi) Attacks
Within just four years, the blockchain-based Decentralized Finance (DeFi) ecosystem has accumulated a peak total value locked (TVL) of more than 253 billion USD. This surge in DeFi’s popularity has, unfortunately, been accompanied by many impactful incidents. According to our data, users, liquidity providers, speculators, and protocol operators suffered a total loss of at least 3.24 billion USD from Apr 30, 2018 to Apr 30, 2022. Given the blockchain’s transparency and increasing incident frequency, two questions arise: How can we systematically measure, evaluate, and compare DeFi incidents? How can we learn from past attacks to strengthen DeFi security?
In this paper, we introduce a common reference frame to systematically evaluate and compare DeFi incidents, including both attacks and accidents. We investigate 77 academic papers, 30 audit reports, and 181 real-world incidents. Our data reveals several gaps between academia and the practitioners’ community. For example, few academic papers address “price oracle attacks” and “permissonless interactions”, while our data suggests that they are the two most frequent incident types (15% and 10.5% correspondingly). We also investigate potential defenses, and find that: (i) 103 (56%) of the attacks are not executed atomically, granting a rescue time frame for defenders; (ii) SoTA bytecode similarity analysis can at least detect 31 vulnerable/23 adversarial contracts; and (iii) 33 (15.3%) of the adversaries leak potentially identifiable information by interacting with centralized exchanges