136 research outputs found
Time to Bribe: Measuring Block Construction Market
With the emergence of Miner Extractable Value (MEV), block construction
markets on blockchains have evolved into a competitive arena. Following
Ethereum's transition from Proof of Work (PoW) to Proof of Stake (PoS), the
Proposer Builder Separation (PBS) mechanism has emerged as the dominant force
in the Ethereum block construction market.
This paper presents an in-depth longitudinal study of the Ethereum block
construction market, spanning from the introduction of PoS and PBS in September
2022 to May 2023. We analyze the market shares of builders and relays, their
temporal changes, and the financial dynamics within the PBS system, including
payments among builders and block proposers -- commonly referred to as bribes.
We introduce an MEV-time law quantifying the expected MEV revenue wrt. the time
elapsed since the last proposed block. We provide empirical evidence that
moments of crisis (e.g. the FTX collapse, USDC stablecoin de-peg) coincide with
significant spikes in MEV payments compared to the baseline.
Despite the intention of the PBS architecture to enhance decentralization by
separating actor roles, it remains unclear whether its design is optimal.
Implicit trust assumptions and conflicts of interest may benefit particular
parties and foster the need for vertical integration. MEV-Boost was explicitly
designed to foster decentralization, causing the side effect of enabling
risk-free sandwich extraction from unsuspecting users, potentially raising
concerns for regulators
Mitigating Decentralized Finance Liquidations with Reversible Call Options
Liquidations in Decentralized Finance (DeFi) are both a blessing and a curse
-- whereas liquidations prevent lenders from capital loss, they simultaneously
lead to liquidation spirals and system-wide failures. Since most lending and
borrowing protocols assume liquidations are indispensable, there is an
increased interest in alternative constructions that prevent immediate
systemic-failure under uncertain circumstances.
In this work, we introduce reversible call options, a novel financial
primitive that enables the seller of a call option to terminate it before
maturity. We apply reversible call options to lending in DeFi and devise
Miqado, a protocol for lending platforms to replace the liquidation mechanisms.
To the best of our knowledge, Miqado is the first protocol that actively
mitigates liquidations to reduce the risk of liquidation spirals. Instead of
selling collateral, Miqado incentivizes external entities, so-called
supporters, to top-up a borrowing position and grant the borrower additional
time to rescue the debt. Our simulation shows that Miqado reduces the amount of
liquidated collateral by 89.82% in a worst-case scenario
An empirical study of DeFi liquidations
Financial speculators often seek to increase their potential gains
with leverage. Debt is a popular form of leverage, and with over
39.88B USD of total value locked (TVL), the Decentralized Finance
(DeFi) lending markets are thriving. Debts, however, entail the risks
of liquidation, the process of selling the debt collateral at a discount
to liquidators. Nevertheless, few quantitative insights are known
about the existing liquidation mechanisms.
In this paper, to the best of our knowledge, we are the first to
study the breadth of the borrowing and lending markets of the
Ethereum DeFi ecosystem. We focus on Aave, Compound, MakerDAO, and dYdX, which collectively represent over 85% of the
lending market on Ethereum. Given extensive liquidation data measurements and insights, we systematize the prevalent liquidation
mechanisms and are the first to provide a methodology to compare
them objectively. We find that the existing liquidation designs well
incentivize liquidators but sell excessive amounts of discounted
collateral at the borrowers’ expenses. We measure various risks
that liquidation participants are exposed to and quantify the instabilities of existing lending protocols. Moreover, we propose an
optimal strategy that allows liquidators to increase their liquidation
profit, which may aggravate the loss of borrowers
Do you still need a manual smart contract audit?
We investigate the feasibility of employing large language models (LLMs) for
conducting the security audit of smart contracts, a traditionally
time-consuming and costly process. Our research focuses on the optimization of
prompt engineering for enhanced security analysis, and we evaluate the
performance and accuracy of LLMs using a benchmark dataset comprising 52
Decentralized Finance (DeFi) smart contracts that have previously been
compromised.
Our findings reveal that, when applied to vulnerable contracts, both GPT-4
and Claude models correctly identify the vulnerability type in 40% of the
cases. However, these models also demonstrate a high false positive rate,
necessitating continued involvement from manual auditors. The LLMs tested
outperform a random model by 20% in terms of F1-score.
To ensure the integrity of our study, we conduct mutation testing on five
newly developed and ostensibly secure smart contracts, into which we manually
insert two and 15 vulnerabilities each. This testing yielded a remarkable
best-case 78.7% true positive rate for the GPT-4-32k model. We tested both,
asking the models to perform a binary classification on whether a contract is
vulnerable, and a non-binary prompt. We also examined the influence of model
temperature variations and context length on the LLM's performance.
Despite the potential for many further enhancements, this work lays the
groundwork for a more efficient and economical approach to smart contract
security audits
The Blockchain Imitation Game
The use of blockchains for automated and adversarial trading has become
commonplace. However, due to the transparent nature of blockchains, an
adversary is able to observe any pending, not-yet-mined transactions, along
with their execution logic. This transparency further enables a new type of
adversary, which copies and front-runs profitable pending transactions in
real-time, yielding significant financial gains.
Shedding light on such "copy-paste" malpractice, this paper introduces the
Blockchain Imitation Game and proposes a generalized imitation attack
methodology called Ape. Leveraging dynamic program analysis techniques, Ape
supports the automatic synthesis of adversarial smart contracts. Over a
timeframe of one year (1st of August, 2021 to 31st of July, 2022), Ape could
have yielded 148.96M USD in profit on Ethereum, and 42.70M USD on BNB Smart
Chain (BSC).
Not only as a malicious attack, we further show the potential of transaction
and contract imitation as a defensive strategy. Within one year, we find that
Ape could have successfully imitated 13 and 22 known Decentralized Finance
(DeFi) attacks on Ethereum and BSC, respectively. Our findings suggest that
blockchain validators can imitate attacks in real-time to prevent intrusions in
DeFi
High-Frequency Trading on Decentralized On-Chain Exchanges
Decentralized exchanges (DEXs) allow parties to participate in financial
markets while retaining full custody of their funds. However, the transparency
of blockchain-based DEX in combination with the latency for transactions to be
processed, makes market-manipulation feasible. For instance, adversaries could
perform front-running -- the practice of exploiting (typically non-public)
information that may change the price of an asset for financial gain. In this
work we formalize, analytically exposit and empirically evaluate an augmented
variant of front-running: sandwich attacks, which involve front- and
back-running victim transactions on a blockchain-based DEX. We quantify the
probability of an adversarial trader being able to undertake the attack, based
on the relative positioning of a transaction within a blockchain block. We find
that a single adversarial trader can earn a daily revenue of over several
thousand USD when performing sandwich attacks on one particular DEX -- Uniswap,
an exchange with over 5M USD daily trading volume by June 2020. In addition to
a single-adversary game, we simulate the outcome of sandwich attacks under
multiple competing adversaries, to account for the real-world trading
environment
- …