BROUGHT TO YOU BY
Issue #107
Paper of the Week:
Paper Title: Targeting the Weakest Link: Social Engineering Attacks in Ethereum Smart Contracts.
TLDR:
This work explores the possibility and existence of new social engineering attacks beyond smart contract honeypots.
It presents two novel classes of Ethereum social engineering attacks — Address Manipulation and Homograph — and develops six zero-day social engineering attacks.
To show how the attacks can be used in popular programming patterns, it conducts a case study of five popular smart contracts with combined market capitalization exceeding $29 billion, and integrates the attack patterns in their source codes without altering their existing functionality.
Moreover, it shows that these attacks remain dormant during the test phase but activates their malicious logic only at the final production deployment.
The work further analyzes 85,656 open-source smart contracts, and discovers that 1,027 of them can be used for the proposed social engineering attacks.
It conducts a professional opinion survey with experts from seven smart contract auditing firms, corroborating that the exposed social engineering attacks bring a major threat to the smart contract systems.
Authors: Nikolay Ivanov*, Jianzhi Lou*, Ting Chen†, Jin Li†, and Qiben Yan*,
Affiliations: * Michigan State University and † Guangzhou University.
Security:
1. Paper Title: Forward-secure Multi-user Aggregate Signatures with Constant Complexities using Recursive zk-SNARKs.
Summary: A forward secure aggregate signature scheme utilizing recursive zk-SNARKs, whose all metrics including size and time have O(1).
Authors: Jeonghyuk Lee*, Jihye Kim†, and Hyunok Oh*
Affiliations: * Hanyang University and † Kookmin University.
2. Paper Title: Accountable Fine-grained Blockchain Rewriting in the Permissionless Setting.
Summary: A new framework of accountable fine-grained blockchain rewriting that requires no trust assumptions.
Authors: Yangguang Tian, Bowen Liu, Yingjiu Li, Pawel Szalachowski, and Jianying Zhou,
Affiliations: * Osaka University, † Singapore University of Technology and Design, and ‡ University of Oregon.
Privacy:
1. Paper Title: ReTRACe: Revocable and Traceable Blockchain Rewrites using Attribute-based Cryptosystems.
Summary: A blockchain transaction rewriting framework building on a novel revocable chameleon hash with ephemeral trapdoor scheme and a novel revocable CP-ABE scheme.
Authors: Gaurav Panwar*, Roopa Vishwanathan*, and Satyajayant Misra*,
Affiliations: * New Mexico State University.
Scalability:
No papers.
Proofs:
1. Paper Title: ethSTARK Documentation – Version 1.1.
Summary: This document is intended to accompany the ethSTARK codebase, describing the computational integrity statement proved by that code and the specific STARK construction used to prove the statement.
Authors: StarkWare Team*,
Affiliations: * StarkWare.
Consensus:
No papers.
Tokenomics:
1. Paper Title: DeFiRanger: Detecting Price Manipulation Attacks on DeFi Applications.
Summary: Detection of two types of new attacks on DeFi apps, including direct and indirect price manipulation attacks.
Authors: Siwei Wu*, Dabao Wang*, Jianting He*, Yajin Zhou*, Lei Wu*, Xingliang Yuan†, Qinming He*, and Kui Ren*,
Affiliations: * Zhejiang University and † Monash University.
2. Paper Title: Soft Power: Upgrading Chain Macroeconomic Policy Through Soft Forks.
Summary: The proposed mechanism works in today’s Ethereum blockchain without any changes and can support a very generic class of monetary policies that satisfy a few basic bounds.
Authors: Dionysis Zindros*,
Affiliations: * University of Athens.
3. Paper Title: Sovereign digital currencies: Reshaping the design of money and payments systems.
Summary: This work considers the policy issues and choices associated with cryptocurrencies, stablecoins and sovereign digital currencies and emphasises that there is no single model for sovereign digital currency design.
Authors: Ross P. Buckley*, Douglas W. Arner†, Dirk A. Zetzsche‡, Anton N. Didenko,* and Lucien J. van Romburg†,
Affiliations: * University of New South Wales, † The University of Hong Kong, and ‡ Universite du Luxembourg.
Upcoming Events:
Decentralising the Internet with IPFS and Filecoin workshop at IFIP Networking 2021.
Call for Papers: ACM Advances in Financial Technologies (AFT 2021)
Jobs:
Thanks to our sponsor
Protocol Labs
Protocol Labs is an open-source research, development, and deployment laboratory. Projects include IPFS, Filecoin, libp2p, and many more. Protocol Labs aims to make human existence orders of magnitude better through technology.
The internet is humanity’s superpower, and they’re making it more dependable, equitable, and secure. Join the Protocol Labs team!
This newsletter is for informational purposes only. This content does not in any way constitute an offer or solicitation of an offer to buy or sell any investment solution or recommendation to buy or sell a security; nor it is to be taken as legal, business, investment, or tax advice. In fact, none of the information in this or other content on zk Capital should be relied on in any manner as advice. None of the authors, contributors, or anyone else connected with zk Capital, in any way whatsoever, can be responsible for your use of the information contained in this newsletter.