DeFi composability as MEV non-interference
- URL: http://arxiv.org/abs/2309.10781v2
- Date: Mon, 8 Jan 2024 09:56:06 GMT
- Title: DeFi composability as MEV non-interference
- Authors: Massimo Bartoletti, Riccardo Marchesin, Roberto Zunino,
- Abstract summary: Complex DeFi services are usually constructed by composing a variety of simpler smart contracts.
The permissionless nature of the blockchains where these smart contracts are executed makes DeFi services exposed to security risks.
We introduce a new notion of secure composability of smart contracts, which ensures that adversaries cannot economically harm the compound contract by interfering with its dependencies.
- Score: 0.8192907805418581
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Complex DeFi services are usually constructed by composing a variety of simpler smart contracts. The permissionless nature of the blockchains where these smart contracts are executed makes DeFi services exposed to security risks, since adversaries can target any of the underlying contracts to economically damage the compound service. We introduce a new notion of secure composability of smart contracts, which ensures that adversaries cannot economically harm the compound contract by interfering with its dependencies.
Related papers
- Versioned Analysis of Software Quality Indicators and Self-admitted Technical Debt in Ethereum Smart Contracts with Ethstractor [2.052808596154225]
This paper proposes Ethstractor, the first smart contract collection tool for gathering a dataset of versioned smart contracts.
The collected dataset is then used to evaluate the reliability of code metrics as indicators of vulnerabilities in smart contracts.
arXiv Detail & Related papers (2024-07-22T18:27:29Z) - Vulnerabilities of smart contracts and mitigation schemes: A Comprehensive Survey [0.6554326244334866]
This paper presents a literature review combined with an experimental report that aims to assist developers in developing secure smarts.
It provides a list of frequent vulnerabilities and corresponding mitigation solutions.
It evaluates the community most widely used tools by executing and testing them on sample smart contracts.
arXiv Detail & Related papers (2024-03-28T19:36:53Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - Automated Invariant Generation for Solidity Smart Contracts [2.4181711081104282]
We propose a novel invariant generation framework, INVCON+, for Solidity smart contracts.
INVCON+ extends the existing invariant detector, InvCon, to automatically produce verified contract invariants.
We evaluate INVCON+ on 361 ERC20 and 10 ERC721 real-world contracts, as well as common ERC20 vulnerability benchmarks.
arXiv Detail & Related papers (2024-01-01T03:37:30Z) - Gradual Verification for Smart Contracts [0.4543820534430522]
Algos facilitate secure resource transactions through smart contracts, yet these digital agreements are prone to vulnerabilities.
Traditional verification techniques fall short in providing comprehensive security assurances.
This paper introduces an incremental approach: gradual verification.
arXiv Detail & Related papers (2023-11-22T12:42:26Z) - Empirical Review of Smart Contract and DeFi Security: Vulnerability
Detection and Automated Repair [36.46679501556185]
Decentralized Finance (DeFi) is emerging as a peer-to-peer financial ecosystem.
smart contracts hold a massive amount of value, making them an attractive target for attacks.
This paper reviews the progress made in the field of smart contract and DeFi security from the perspective of both vulnerability detection and automated repair.
arXiv Detail & Related papers (2023-09-05T17:00:42Z) - Formally Verifying a Real World Smart Contract [52.30656867727018]
We search for a tool capable of formally verifying a real-world smart contract written in a recent version of Solidity.
In this article, we present our search for a tool capable of formally verifying a real-world smart contract written in a recent version of Solidity.
arXiv Detail & Related papers (2023-07-05T14:30:21Z) - Semantic Information Marketing in The Metaverse: A Learning-Based
Contract Theory Framework [68.8725783112254]
We address the problem of designing incentive mechanisms by a virtual service provider (VSP) to hire sensing IoT devices to sell their sensing data.
Due to the limited bandwidth, we propose to use semantic extraction algorithms to reduce the delivered data by the sensing IoT devices.
We propose a novel iterative contract design and use a new variant of multi-agent reinforcement learning (MARL) to solve the modelled multi-dimensional contract problem.
arXiv Detail & Related papers (2023-02-22T15:52:37Z) - Detecting Logical Relation In Contract Clauses [94.85352502638081]
We develop an approach to automate the extraction of logical relations between clauses in a contract.
The resulting approach should help contract authors detecting potential logical conflicts between clauses.
arXiv Detail & Related papers (2021-11-02T19:26:32Z) - ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep
Neural Network and Transfer Learning [80.85273827468063]
Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable.
We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts.
We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
arXiv Detail & Related papers (2021-03-23T15:04:44Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.