fAmulet: Finding Finalization Failure Bugs in Polygon zkRollup
- URL: http://arxiv.org/abs/2410.12210v1
- Date: Wed, 16 Oct 2024 04:06:58 GMT
- Title: fAmulet: Finding Finalization Failure Bugs in Polygon zkRollup
- Authors: Zihao Li, Xinghao Peng, Zheyuan He, Xiapu Luo, Ting Chen,
- Abstract summary: We conduct the first systematic study on finalization failure bugs in zero-knowledge layer 2 protocols, and define two kinds of such bugs.
We design fAmulet, the first tool to detect finalization failure bugs in Polygon zkRollup, a prominent zero-knowledge layer 2 protocol.
Through our evaluation, fAmulet can uncover twelve zero-day finalization failure bugs in Polygon zkRollup, and cover at least 20.8% more branches than baselines.
- Score: 30.350738396425587
- License:
- Abstract: Zero-knowledge layer 2 protocols emerge as a compelling approach to overcoming blockchain scalability issues by processing transactions through the transaction finalization process. During this process, transactions are efficiently processed off the main chain. Besides, both the transaction data and the zero-knowledge proofs of transaction executions are reserved on the main chain, ensuring the availability of transaction data as well as the correctness and verifiability of transaction executions. Hence, any bugs that cause the transaction finalization failure are crucial, as they impair the usability of these protocols and the scalability of blockchains. In this work, we conduct the first systematic study on finalization failure bugs in zero-knowledge layer 2 protocols, and define two kinds of such bugs. Besides, we design fAmulet, the first tool to detect finalization failure bugs in Polygon zkRollup, a prominent zero-knowledge layer 2 protocol, by leveraging fuzzing testing. To trigger finalization failure bugs effectively, we introduce a finalization behavior model to guide our transaction fuzzer to generate and mutate transactions for inducing diverse behaviors across each component (e.g., Sequencer) in the finalization process. Moreover, we define bug oracles according to the distinct bug definitions to accurately detect bugs. Through our evaluation, fAmulet can uncover twelve zero-day finalization failure bugs in Polygon zkRollup, and cover at least 20.8% more branches than baselines. Furthermore, through our preliminary study, fAmulet uncovers a zero-day finalization failure bug in Scroll zkRollup, highlighting the generality of fAmulet to be applied to other zero-knowledge layer 2 protocols. At the time of writing, all our uncovered bugs have been confirmed and fixed by Polygon zkRollup and Scroll zkRollup teams.
Related papers
- BlockFound: Customized blockchain foundation model for anomaly detection [47.04595143348698]
BlockFound is a customized foundation model for anomaly blockchain transaction detection.
We introduce a series of customized designs to model the unique data structure of blockchain transactions.
BlockFound is the only method that successfully detects anomalous transactions on Solana with high accuracy.
arXiv Detail & Related papers (2024-10-05T05:11:34Z) - JUMBO: Fully Asynchronous BFT Consensus Made Truly Scalable [17.532081305310513]
FIN-NG adapts a recent signature-free asynchronous common subset protocol FIN (CCS' 23) into the state-of-the-art framework of concurrent broadcast and agreement.
We propose JUMBO, a scalable instantiation of Dumbo-NG, with only $bigO(n2)$ complexities for both authenticators and messages.
arXiv Detail & Related papers (2024-03-17T14:53:38Z) - Model Supply Chain Poisoning: Backdooring Pre-trained Models via Embedding Indistinguishability [61.549465258257115]
We propose a novel and severer backdoor attack, TransTroj, which enables the backdoors embedded in PTMs to efficiently transfer in the model supply chain.
Experimental results show that our method significantly outperforms SOTA task-agnostic backdoor attacks.
arXiv Detail & Related papers (2024-01-29T04:35:48Z) - RecAGT: Shard Testable Codes with Adaptive Group Testing for Malicious Nodes Identification in Sharding Permissioned Blockchain [8.178194928962311]
We propose RecAGT, a novel identification scheme aimed at reducing communication overhead and identifying potential malicious nodes.
First, shard testable codes are designed to encode the original data in case of a leak of confidential data.
Second, a new identity proof protocol is presented as evidence against malicious behavior.
Third, adaptive group testing is chosen to identify malicious nodes.
arXiv Detail & Related papers (2023-11-05T07:43:48Z) - Synchro: Block-generation Protocol to Synchronously Process Cross-shard Transactions in State Sharding [0.0]
Nightshade in the NEAR Protocol, a type of state sharding, provides a rollback protocol to cancel the generation of blocks containing inconsistent transaction results.
We present a new attack that interferes with the generation of new blocks by repeatedly executing CSTXs.
We also propose a block-generation protocol called Synchro to incorporate all the state changes of each CSTX into the same block.
arXiv Detail & Related papers (2023-09-04T03:20:49Z) - Demonstrating a long-coherence dual-rail erasure qubit using tunable transmons [59.63080344946083]
We show that a "dual-rail qubit" consisting of a pair of resonantly coupled transmons can form a highly coherent erasure qubit.
We demonstrate mid-circuit detection of erasure errors while introducing $ 0.1%$ dephasing error per check.
This work establishes transmon-based dual-rail qubits as an attractive building block for hardware-efficient quantum error correction.
arXiv Detail & Related papers (2023-07-17T18:00:01Z) - Blockchain Large Language Models [65.7726590159576]
This paper presents a dynamic, real-time approach to detecting anomalous blockchain transactions.
The proposed tool, BlockGPT, generates tracing representations of blockchain activity and trains from scratch a large language model to act as a real-time Intrusion Detection System.
arXiv Detail & Related papers (2023-04-25T11:56:18Z) - Light Clients for Lazy Blockchains [12.330989180881701]
We devise a protocol that enables the creation of efficient light clients for lazy blockchains.
Our construction is based on a bisection game that traverses the Merkle tree containing the ledger of all - valid or invalid - transactions.
arXiv Detail & Related papers (2022-03-30T00:58:40Z) - Fault-tolerant parity readout on a shuttling-based trapped-ion quantum
computer [64.47265213752996]
We experimentally demonstrate a fault-tolerant weight-4 parity check measurement scheme.
We achieve a flag-conditioned parity measurement single-shot fidelity of 93.2(2)%.
The scheme is an essential building block in a broad class of stabilizer quantum error correction protocols.
arXiv Detail & Related papers (2021-07-13T20:08:04Z) - An Efficient Permissioned Blockchain with Provable Reputation Mechanism [2.579878570919875]
We study a hierarchical scenario to include three types of participants: providers, collectors, and governors.
We introduce a reputation protocol as a measure of the reliability of collectors in the permissioned blockchain environment.
arXiv Detail & Related papers (2020-02-17T09:25:59Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.