Compositional Security for Reentrant Applications

Cecchetti, Ethan; Yao, Siqiu; Ni, Haobin; Myers, Andrew C.

doi:10.1109/sp40001.2021.00084

Cited by 32 publications

(18 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To defend protocols against reentrancy attacks, researchers and developers have proposed a variety of frameworks and methods [86]. For example, Rodler et al [112] propose a backward compatible approach based on run-time monitoring and validation to protect smart contracts on Ethereum; Das et al [73] propose a reentrancy-aware language called Nomos, which enforces reentrancy security using resourceaware session types; Cecchetti et al [66] first formalize the reentrancy interface on general distributed systems and then leverage information flow control to automatically fix defective smart contracts. However, with the increasing complexity and variety of DeFi protocols, reentrancy attacks will also become increasingly difficult to detect and counter.…”

Section: A Security Risksmentioning

confidence: 99%

Reap the Harvest on Blockchain: A Survey of Yield Farming Protocols

Feng

2023

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

Yield farming represents an immensely popular asset management activity in decentralized finance (DeFi). It involves supplying, borrowing, or staking crypto assets to earn an income in forms of transaction fees, interest, or participation rewards at different DeFi marketplaces. In this systematic survey, we present yield farming protocols as an aggregationlayer constituent of the wider DeFi ecosystem that interact with primitive-layer protocols such as decentralized exchanges (DEXs) and protocols for loanable funds (PLFs). We examine the yield farming mechanism by first studying the operations encoded in the yield farming smart contracts, and then performing stylized, parameterized simulations on various yield farming strategies. We conduct a thorough literature review on related work, and establish a framework for yield farming protocols that takes into account pool structure, accepted token types, and implemented strategies. Using our framework, we characterize major yield aggregators in the market including Yearn Finance, Beefy, and Badger DAO. Moreover, we discuss anecdotal attacks against yield aggregators and generalize a number of risks associated with yield farming.

show abstract

Section: A Security Risksmentioning

confidence: 99%

Reap the Harvest on Blockchain: A Survey of Yield Farming Protocols

Feng

2023

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

show abstract

“…The analysis of smart contract with respect to hyperproperties has not received enough attention yet. A recent approach uses type-checking to ensure information flow policies such as integrity in smart contracts in the context of reentrancy attacks [1]. Other hyperproperties identified in the context of smart contracts are integrity properties to prevent reentrancy attacks [33], [34] X.…”

Section: Related Workmentioning

confidence: 99%

“…smart contracts focuses on verifying concrete information flow policies such as integrity, which are enforced using languagebased methods [1], [2]. Hyperproperties are not limited to information flow policies, though.…”

Section: Introductionmentioning

confidence: 99%

Smart Contract Synthesis Modulo Hyperproperties

Coenen¹,

Finkbeiner²,

Hofmann³

et al. 2022

Preprint

View full text Add to dashboard Cite

Smart contracts are small but highly securitycritical programs that implement wallets, token systems, auctions, crowd funding systems, elections and other multi-party transactions on the blockchain. A broad range of methods has been developed to ensure that a smart contract is functionally correct. However, smart contracts often additionally need to satisfy certain hyperproperties, such as symmetry, determinism, or an information flow policy. In this paper, we show how a synthesis method for smart contracts can ensure that the contract satisfies its desired hyperproperties. We build on top of a recently developed synthesis approach from specifications in the temporal logic TSL. We present HyperTSL, an extension of TSL for the specification of hyperproperties of infinite-state software. As a preprocessing step, we show how to detect if a hyperproperty has an equivalent formulation as a (simpler) trace property. Finally, we describe how to refine a synthesized contract to adhere to its HyperTSL specification.

show abstract

“…Following the common vulnerabilities and exposures (CVE) database, the smart contract weakness classification and test cases (SWC) registry [3] identifies 37 classes of known smart contract vulnerabilities (as of January 2022). To counter the security threats, different types of defense tools have been developed, including syntactic analyzers [4], [5], security scanners based on symbolic execution [6], [7], fuzzing tools [8], [9], transaction analyzers [10], [11], security libraries [12], [13], formal defense methods [14], [15], and various hybrid analysis approaches [16], [17]. In this work, we scrutinize 106 existing smart contract security defense solutions, and find that each of them only addresses very few classes of known vulnerabilities.…”

mentioning

confidence: 99%

“…Generally, all the existing smart contract defense methods have two design choices: 1) heuristic versus deterministic; and 2) detection versus verification (see Table I). Heuristic approaches use the best-effort judgement applied to all cases (e.g., Confuzzius [8], sFuzz [18], Harvey [19]), while deterministic designs guarantee the correctness at the expense of rejecting a small number of cases (such as KEVM [20], SeRIF [14], and eThor [5]). Detection tools identify known vulnerabilities (e.g., Oyente [7], Securify [21]), while verification tools aim at confirming various safety properties (examples are VerX [22] and ZEUS [6]).…”

mentioning

confidence: 99%

TxT: Real-time Transaction Encapsulation for Ethereum Smart Contracts

Ivanov,

Yan,

Kompalli

2023

Preprint

View full text Add to dashboard Cite

Compositional Security for Reentrant Applications

Cited by 32 publications

References 37 publications

Reap the Harvest on Blockchain: A Survey of Yield Farming Protocols

Reap the Harvest on Blockchain: A Survey of Yield Farming Protocols

Smart Contract Synthesis Modulo Hyperproperties

TxT: Real-time Transaction Encapsulation for Ethereum Smart Contracts

Contact Info

Product

Resources

About