Reap the Harvest on Blockchain: A Survey of Yield Farming Protocols

Yield farming represents an immensely popular asset management activity in decentralized finance (DeFi). It involves supplying, borrowing, or staking crypto assets to earn an income in forms of transaction fees, interest, or participation rewards at different DeFi marketplaces. In this systematic survey, we present yield farming protocols as an aggregation-layer constituent of the wider DeFi ecosystem that interact with primitive-layer protocols such as decentralized exchanges (DEXs) and protocols for loanable funds (PLFs). We examine the yield farming mechanism by first studying the operations encoded in the yield farming smart contracts, and then performing stylized, parameterized simulations on various yield farming strategies. We conduct a thorough literature review on related work, and establish a framework for yield farming protocols that takes into account pool structure, accepted token types, and implemented strategies. Using our framework, we characterize major yield aggregators in the market including Yearn Finance, Beefy, and Badger DAO. Moreover, we discuss anecdotal attacks against yield aggregators and generalize a number of risks associated with yield farming.Comment: arXiv admin note: text overlap with arXiv:2105.1389

SoK: Design, Vulnerabilities and Defense of Cryptocurrency Wallets

The rapid growth of decentralized digital currencies, enabled by blockchain technology, has ushered in a new era of peer-to-peer transactions, revolutionizing the global economy. Cryptocurrency wallets, serving as crucial endpoints for these transactions, have become increasingly prevalent. However, the escalating value and usage of these wallets also expose them to significant security risks and challenges. This research aims to comprehensively explore the security aspects of cryptocurrency wallets. It provides a taxonomy of wallet types, analyzes their design and implementation, identifies common vulnerabilities and attacks, and discusses defense mechanisms and mitigation strategies. The taxonomy covers custodial, non-custodial, hot, and cold wallets, highlighting their unique characteristics and associated security considerations. The security analysis scrutinizes the theoretical and practical aspects of wallet design, while assessing the efficacy of existing security measures and protocols. Notable wallet attacks, such as Binance, Mt. Gox are examined to understand their causes and consequences. Furthermore, the paper surveys defense mechanisms, transaction monitoring, evaluating their effectiveness in mitigating threats

BotFlowMon: Identify Social Bot Traffic With NetFlow and Machine Learning

With the rapid development of online social networks (OSN), maintaining the security of social media ecosystems becomes dramatically important for public. Among all the security threats in OSN, malicious social bot is the most common risk factor. This paper puts forward a detection method called BotFlowMon that only utilize NetFlow data to identify OSN bot traffic. The detection procedure takes the raw NetFlow data as input and use DBSCAN algorithm to aggregate related flows into transaction level data. Then a special data fusion technique along with a visualization method are proposed to extract features, normalize values and help analyzing flows. A new clustering algorithm called Clustering Based on Density Sort and Valley Point Competition is also designed to subdivide transactions into basic operations. After the above preprocessing steps, some classic machine learning algorithms are applied to construct the classification model.2020-09-0

CToMP: A Cycle-task-oriented Memory Protection Scheme for Unmanned Systems

Memory corruption attacks (MCAs) refer to malicious behaviors of system intruders that modify the contents of a memory location to disrupt the normal operation of computing systems, causing leakage of sensitive data or perturbations to ongoing processes. Unlike general-purpose systems, unmanned systems cannot deploy complete security protection schemes, due to their limitations in size, cost and performance. MCAs in unmanned systems are particularly difficult to defend against. Furthermore, MCAs have diverse and unpredictable attack interfaces in unmanned systems, severely impacting digital and physical sectors. In this paper, we first generalize, model and taxonomize MCAs found in unmanned systems currently, laying the foundation for designing a portable and general defense approach. According to different attack mechanisms, we found that MCAs are mainly categorized into two types--return2libc and return2shellcode. To tackle return2libc attacks, we model the erratic operation of unmanned systems with cycles and then propose a cycle-task-oriented memory protection (CToMP) approach to protect control flows from tampering. To defend against return2shellcode attacks, we introduce a secure process stack with a randomized memory address by leveraging the memory pool to prevent Shellcode from being executed. Moreover, we discuss the mechanism by which CToMP resists the ROP attack, a novel variant of return2libc attacks. Finally, we implement CToMP on CUAV V5+ with Ardupilot and Crazyflie. The evaluation and security analysis results demonstrate that the proposed approach CToMP is resilient to various MCAs in unmanned systems with low footprints and system overhead.Comment: This paper has been accepted by SCIENCE CHINA Information Science

CoAvoid: Secure, Privacy-Preserved Tracing of Contacts for Infectious Diseases

To fight against infectious diseases (e.g., SARS, COVID-19, Ebola, etc.), government agencies, technology companies and health institutes have launched various contact tracing approaches to identify and notify the people exposed to infection sources. However, existing tracing approaches can lead to severe privacy and security concerns, thereby preventing their secure and widespread use among communities. To tackle these problems, this paper proposes CoAvoid, a decentralized, privacy-preserved contact tracing system that features good dependability and usability. CoAvoid leverages the Google/Apple Exposure Notification (GAEN) API to achieve decent device compatibility and operating efficiency. It utilizes GPS along with Bluetooth Low Energy (BLE) to dependably verify user information. In addition, to enhance privacy protection, CoAvoid applies fuzzification and obfuscation measures to shelter sensitive data, making both servers and users agnostic to information of both low and high-risk populations. The evaluation demonstrates good efficacy and security of CoAvoid. Compared with four state-of-art contact tracing applications, CoAvoid can reduce upload data by at least 90% and simultaneously resist wormhole and replay attacks in various scenarios

Oligomeric Proanthocyanidins Confer Cold Tolerance in Rice through Maintaining Energy Homeostasis

Oligomeric proanthocyanidins (OPCs) are abundant polyphenols found in foods and botanicals that benefit human health, but our understanding of the functions of OPCs in rice plants is limited, particularly under cold stress. Two rice genotypes, named Zhongzao39 (ZZ39) and its recombinant inbred line RIL82, were subjected to cold stress. More damage was caused to RIL82 by cold stress than to ZZ39 plants. Transcriptome analysis suggested that OPCs were involved in regulating cold tolerance in the two genotypes. A greater increase in OPCs content was detected in ZZ39 than in RIL82 plants under cold stress compared to their respective controls. Exogenous OPCs alleviated cold damage of rice plants by increasing antioxidant capacity. ATPase activity was higher and poly (ADP-ribose) polymerase (PARP) activity was lower under cold stress in ZZ39 than in RIL82 plants. Importantly, improvements in cold tolerance were observed in plants treated with the OPCs and 3-aminobenzamide (PARP inhibitor, 3ab) combination compared to the seedling plants treated with H2O, OPCs, or 3ab alone. Therefore, OPCs increased ATPase activity and inhibited PARP activity to provide sufficient energy for rice seedling plants to develop antioxidant capacity against cold stress

Integrated microspectrometer with elliptical Bragg mirror enhanced diffraction grating on silicon on insulator

An on-chip micro-spectrometer is demonstrated based on a circular diffraction grating consisting of an elliptical Bragg mirror. This structure results in a highly efficient and compact device with simplified processing requirements, useful for sensing, spectroscopy, telecom demultiplexing, and optical interconnects. The computed efficiency for a realistic geometry is 0.14 dB, which represents to the best of our knowledge the highest predicted efficiency for concave diffraction gratings (echelle/echelette gratings). The first realization of the elliptical Bragg mirror diffraction grating spectrometer is presented on silicon on insulator at a wavelength of 1.55 µm. Measurements show a full device efficiency of 3.0 dB, including all in-line losses, with a band flatness of 0.4 dB over 30 nm