SoK: Decentralized Finance (DeFi) Attacks

Zhou, Liyi; Xiong, Xihan; Jens, Ernstberger,; Chaliasos, Stefanos; Wang, Zhipeng; Wang, Ye; Qin, Kaihua; Wattenhofer, Roger; Song, Dawn; Gervais, Arthur

doi:10.1109/sp46215.2023.10179435

Cited by 50 publications

(4 citation statements)

References 135 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This highlights the importance of proactively analyzing malicious contracts and preventing such attacks. Research by Zhou et al [38] analyzed 192 attacks and discovered that 56% of the hackers are not executing attacks automatically, providing defenders with a rescue time frame. Rescue time is the time frame between deploying a malicious smart contract and the first malicious transaction.…”

Section: Motivationmentioning

confidence: 99%

“…Wang et al [29] propose BlockEye a real-time attack detection system for DeFi projects, which performs symbolic reasoning on the data flow of smart contract states, e.g., asset price, and flags a transaction as a potential attack if a violation is detected on a critical invariant. Zhou et al [38] analyzed close to 200 real-world incidents and concluded that the average rescue time frame for most smart contract attacks is 1±4.1 hours, with the longest rescue time frame being 26.5 hours. Forta [17] tries to leverage the same fact as we do, namely that there is a rescue window that allows them to detect malicious deployment bytecode before an attacker can perform the actual attack.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Timely Identification of Victim Addresses in DeFi Attacks

Parhizkari,

Iannillo,

Ferreira Torres

et al. 2024

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Over the past years, Decentralized Finance (DeFi) protocols have suffered from several attacks. As a result, multiple solutions have been proposed to prevent such attacks. Most solutions rely on identifying malicious transactions before they are included in blocks. However, with the emergence of private pools, attackers can now conceal their exploit transactions from attack detection. This poses a significant challenge for existing security tools, which primarily rely on monitoring transactions in public mempools. To effectively address this challenge, it is crucial to develop proactive methods that predict malicious behavior before the actual attack transactions occur. In this work, we introduce a novel methodology to infer potential victims by analyzing the deployment bytecode of malicious smart contracts. Our idea leverages the fact that attackers typically split their attacks into two stages, a deployment stage, and an attack stage. This provides a small window to analyze the attacker's deployment code and identify victims in a timely manner before the actual attack occurs. By analyzing a set of past DeFi attacks, this work demonstrates that the victim of an attack transaction can be identified with an accuracy of almost 70%.

show abstract

Section: Motivationmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Timely Identification of Victim Addresses in DeFi Attacks

Parhizkari,

Iannillo,

Ferreira Torres

et al. 2024

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Collating this vast knowledge, the literature not only offers surveys centered on the protocol layer [270] but also delves into aspects of implementation [271], [272], network architecture [273], and operational modalities [274], [275]. A significant body of work is dedicated to studying blockchain attacks at various levels: infrastructure/network [263], protocol/application [276]- [278], and operational layers [273].…”

Section: Blockchain Security and Attacksmentioning

confidence: 99%

SoK: Security and Privacy of Blockchain Interoperability [Extended Version]

Augusto,

Belchior,

Correia

et al. 2024

Preprint

View full text Add to dashboard Cite

Recent years have witnessed significant advancements in cross-chain technology. However, the field faces two pressing challenges. On the one hand, hacks on cross-chain bridges have led to monetary losses of around 3.1 billion USD, highlighting flaws in security models governing interoperability mechanisms and the ineffectiveness of incident response frameworks. On the other hand, users and bridge operators experience restricted privacy, which broadens the potential attack surface. In this paper, we present the most comprehensive study to date on the security and privacy of blockchain interoperability. We employ a systematic literature review, yielding a corpus of 212 relevant documents, including 58 academic papers and 154 gray literature documents, out of a pool of 531 results. We systematically categorize 57 interoperability solutions based on a novel security and privacy taxonomy. Our dataset, comprising academic research, disclosures from bug bounty programs, and audit reports, exposes 45 cross-chain vulnerabilities, 25 theoretical attacks, and 93 mitigation strategies. Leveraging this data, we analyze 14 notable bridge hacks accounting for over 2.9 billion USD in losses, mapping them to the identified vulnerabilities. Our findings reveal that a substantial portion (65.8%) of stolen funds originates from projects secured by intermediary permissioned networks with unsecured cryptographic key operations. Privacy-wise, we demonstrate that achieving unlinkability in cross-chain transactions is contingent on the underlying ledgers providing some form of confidentiality. Our study offers critical insights into the security and privacy of cross-chain systems. We pinpoint promising future research directions, underscoring the urgency of enhancing security and privacy efforts in cross-chain technology. The identified improvements can mitigate the financial risks associated with bridge hacks, fostering user trust in the blockchain ecosystem and, consequently, wider adoption.

show abstract

“…In [1], the authors performed a bibliometric analysis and demonstrated the alarming scarcity of the research dedicated to blockchain oracles. Moreover, in the recent study of DeFi incidents [2], the authors empirically showed that oracle manipulation attacks are the most frequent incident types in DeFi. Although there are tools that can detect the price manipulation attacks [3,4], and identify new vulnerabilities in real time, there is still a need for prevention measures.…”

Section: Introductionmentioning

confidence: 99%

Oracles in Decentralized Finance: Attack Costs, Profits and Mitigation Measures

Aspembitova¹,

Bentley²

2022

Entropy

View full text Add to dashboard Cite

Decentralized finance (DeFi) is by far the most popular application of blockchain technology. Despite the wide acceptance of new financial instruments and services, there are still many unexplored areas in the field. We dedicate this research to the understanding of one of the most crucial limitations of decentralized finance—oracles. DeFi protocols, as well as other blockchain applications, function in a closed environment and regularly need to fetch real-world information (e.g., assets’ prices)—the tool used for this purpose is called an oracle. We review the existing oracle types in DeFi applications and focus our research on the least explored one: when another protocol, typically a decentralized exchange, serves as a price oracle. After explaining the mechanisms behind the decentralized exchanges, we introduce an algorithmic model that allows one to safely design a decentralized oracle and adjust crucial parameters. We believe that understanding and implementing the logic presented in the model can help to reduce the chances of price manipulations attacks, which are the most frequent incident types in DeFi.

show abstract

SoK: Decentralized Finance (DeFi) Attacks

Cited by 50 publications

References 135 publications

Timely Identification of Victim Addresses in DeFi Attacks

Timely Identification of Victim Addresses in DeFi Attacks

SoK: Security and Privacy of Blockchain Interoperability [Extended Version]

Oracles in Decentralized Finance: Attack Costs, Profits and Mitigation Measures

Contact Info

Product

Resources

About