118 research outputs found
Towards Smart Hybrid Fuzzing for Smart Contracts
Smart contracts are Turing-complete programs that are executed across a
blockchain network. Unlike traditional programs, once deployed they cannot be
modified. As smart contracts become more popular and carry more value, they
become more of an interesting target for attackers. In recent years, smart
contracts suffered major exploits, costing millions of dollars, due to
programming errors. As a result, a variety of tools for detecting bugs has been
proposed. However, majority of these tools often yield many false positives due
to over-approximation or poor code coverage due to complex path constraints.
Fuzzing or fuzz testing is a popular and effective software testing technique.
However, traditional fuzzers tend to be more effective towards finding shallow
bugs and less effective in finding bugs that lie deeper in the execution. In
this work, we present CONFUZZIUS, a hybrid fuzzer that combines evolutionary
fuzzing with constraint solving in order to execute more code and find more
bugs in smart contracts. Evolutionary fuzzing is used to exercise shallow parts
of a smart contract, while constraint solving is used to generate inputs which
satisfy complex conditions that prevent the evolutionary fuzzing from exploring
deeper paths. Moreover, we use data dependency analysis to efficiently generate
sequences of transactions, that create specific contract states in which bugs
may be hidden. We evaluate the effectiveness of our fuzzing strategy, by
comparing CONFUZZIUS with state-of-the-art symbolic execution tools and
fuzzers. Our evaluation shows that our hybrid fuzzing approach produces
significantly better results than state-of-the-art symbolic execution tools and
fuzzers
Applying Private Information Retrieval to Lightweight Bitcoin Clients
Lightweight Bitcoin clients execute a Simple Payment Verification (SPV)
protocol to verify the validity of transactions related to a particular user.
Currently, lightweight clients use Bloom filters to significantly reduce the
amount of bandwidth required to validate a particular transaction. This is
despite the fact that research has shown that Bloom filters are insufficient at
preserving the privacy of clients' queries.
In this paper we describe our design of an SPV protocol that leverages
Private Information Retrieval (PIR) to create fully private and performant
queries. We show that our protocol has a low bandwidth and latency cost;
properties that make our protocol a viable alternative for lightweight Bitcoin
clients and other cryptocurrencies with a similar SPV model. In contract to
Bloom filters, our PIR-based approach offers deterministic privacy to the user.
Among our results, we show that in the worst case, clients who would like to
verify 100 transactions occurring in the past week incurs a bandwidth cost of
33.54 MB with an associated latency of approximately 4.8 minutes, when using
our protocol. The same query executed using the Bloom-filter-based SPV protocol
incurs a bandwidth cost of 12.85 MB; this is a modest overhead considering the
privacy guarantees it provides
Time to Bribe: Measuring Block Construction Market
With the emergence of Miner Extractable Value (MEV), block construction
markets on blockchains have evolved into a competitive arena. Following
Ethereum's transition from Proof of Work (PoW) to Proof of Stake (PoS), the
Proposer Builder Separation (PBS) mechanism has emerged as the dominant force
in the Ethereum block construction market.
This paper presents an in-depth longitudinal study of the Ethereum block
construction market, spanning from the introduction of PoS and PBS in September
2022 to May 2023. We analyze the market shares of builders and relays, their
temporal changes, and the financial dynamics within the PBS system, including
payments among builders and block proposers -- commonly referred to as bribes.
We introduce an MEV-time law quantifying the expected MEV revenue wrt. the time
elapsed since the last proposed block. We provide empirical evidence that
moments of crisis (e.g. the FTX collapse, USDC stablecoin de-peg) coincide with
significant spikes in MEV payments compared to the baseline.
Despite the intention of the PBS architecture to enhance decentralization by
separating actor roles, it remains unclear whether its design is optimal.
Implicit trust assumptions and conflicts of interest may benefit particular
parties and foster the need for vertical integration. MEV-Boost was explicitly
designed to foster decentralization, causing the side effect of enabling
risk-free sandwich extraction from unsuspecting users, potentially raising
concerns for regulators
Mitigating Decentralized Finance Liquidations with Reversible Call Options
Liquidations in Decentralized Finance (DeFi) are both a blessing and a curse
-- whereas liquidations prevent lenders from capital loss, they simultaneously
lead to liquidation spirals and system-wide failures. Since most lending and
borrowing protocols assume liquidations are indispensable, there is an
increased interest in alternative constructions that prevent immediate
systemic-failure under uncertain circumstances.
In this work, we introduce reversible call options, a novel financial
primitive that enables the seller of a call option to terminate it before
maturity. We apply reversible call options to lending in DeFi and devise
Miqado, a protocol for lending platforms to replace the liquidation mechanisms.
To the best of our knowledge, Miqado is the first protocol that actively
mitigates liquidations to reduce the risk of liquidation spirals. Instead of
selling collateral, Miqado incentivizes external entities, so-called
supporters, to top-up a borrowing position and grant the borrower additional
time to rescue the debt. Our simulation shows that Miqado reduces the amount of
liquidated collateral by 89.82% in a worst-case scenario
- …