BROUGHT TO YOU BY
Issue #99
Paper of the Week:
Paper Title: SciviK: A Versatile Framework for Specifying and Verifying Smart Contracts.
TLDR:
The growing adoption of smart contracts on blockchains poses new security risks that can lead to significant monetary loss, while existing approaches either provide no (or partial) security guarantees for smart contracts or require huge proof effort.
To address this challenge, this work presents a versatile framework for specifying and verifying industrial-grade smart contracts.
SciviK’s versatile approach extends previous efforts with three key contributions: (i) an expressive annotation system enabling built-in directives for vulnerability pattern checking, neural-based loop invariant inference, and the verification of rich properties of real-world smart contracts (ii) a fine-grained model for the Ethereum Virtual Machine (EVM) that provides low-level execution semantics, (iii) an IR-level verification framework integrating both SMT solvers and the Coq proof assistant.
SciviK is used to specify and verify security properties for 12 benchmark contracts and a real- world Decentralized Finance (DeFi) smart contract.
Among all 158 specified security properties (in six types), 151 properties can be automatically verified within 2 seconds, five properties can be automatically verified after moderate modifications, and two properties are manually proved with around 200 lines of Coq code.
Authors: Shaokai Lin*, Xinyuan Sun†, Jianan Yao*, and Ronghui Gu*,
Affiliations: * Columbia University and † CertiK.
Security:
1. Paper Title: HashSplit: Exploiting Bitcoin Asynchrony to Violate Common Prefix and Chain Quality.
Summary: The network synchrony does not hold in the real world Bitcoin network, which can be exploited to amortize the cost of various attacks.
Authors: Muhammad Saad*, Afsah Anwar*, Srivatsan Ravi†, and David Mohaisen*,
Affiliations: * University of Central Florida and † University of Southern California.
2. Paper Title: Post-Quantum Verifiable Random Function from Symmetric Primitives in PoS Blockchain.
Summary: Efficient and practical post-quantum VRF construction built from symmetric primitives only.
Authors: Maxime Buser*, Rafael Dowsley*, Muhammed F. Esgin*†, Shabnam Kasra Kermanshahi‡, Veronika Kuchta§, Joseph K. Liu*, Raphael Phan*, and Zhenfei Zhang✜,
Affiliations: * Monash University, † CSIRO’s Data61, ‡ RMIT University, § The University of Queensland, and ✜ Manta Network.
3. Paper Title: BLOCKEYE: Hunting For DeFi Attacks on Blockchain.
Summary: A real-time attack detection system for DeFi projects on the Ethereum blockchain.
Authors: Bin Wang*, Han Liu*, Chao Liu*, Zhiqiang Yang*, Qian Ren*, Huixuan Zheng*, and Hong Lei*,
Affiliations: * Oxford-Hainan Blockchain Research Institute.
Privacy:
1. Paper Title: Gage MPC: Bypassing Residual Function Leakage for Non-Interactive MPC.
Summary: A new model and constructions of non- interactive MPC for any function, without the privacy-violating leakage of the residual function, and with security against semi-honest adversary.
Authors: Ghada Almashaqbeh*, Fabrice Benhamouda3, Seungwook Han†, Daniel Jaroslawicz†, Tal Malkin†, Alex Nicita†, Tal Rabin‡§, Abhishek Shah†, and Eran Tromer†✜,
Affiliations: * University of Connecticut, † Columbia University, ‡ Algorand Foundation, § University of Pennsylvania, and ✜ Tel-Aviv University.
2. Paper Title: P2DEX: Privacy-Preserving Decentralized Cryptocurrency Exchange.
Summary: An efficient universally composable privacy preserving decentralized exchange where a set of servers run private cross-chain exchange order matching in an outsourced manner, while being financially incentivized to behave honestly.
Authors: Carsten Baum*, Bernardo David†, and Tore Kasper Frederiksen‡,
Affiliations: * Aarhus University, † IT University of Copenhagen, and ‡ Alexandra Institute.
Scalability:
No papers.
Proofs:
1. Paper Title: HashWires: Hyperefficient Credential-Based Range Proofs.
Summary: A hash-based range proof protocol that is applicable in settings for which there is a trusted third party (typically a credential issuer) that can generate commitments.
Authors: Konstantinos Chalkias*, Shir Cohen†, Kevin Lewi*, Fredric Moezinia*, and Yolan Romailler*,
Affiliations: * Novi and † Technion.
Consensus:
1. Paper Title: Be Prepared When Network Goes Bad: An Asynchronous View-Change Protocol.
Summary: A BFT SMR protocol that achieves optimal linear cost per decision under good networks and leaders, optimal quadratic cost per decision under bad networks, and remains always live.
Authors: Rati Gelashvili*, Lefteris Kokoris-Kogias*†, Alexander Spiegelman*, and Zhuolun Xiang‡,
Affiliations: * Novi, † IST Austria, and ‡ University of Illinois at Urbana-Champaign.
Tokenomics:
1. Paper Title: (In)Stability for the Blockchain: Deleveraging Spirals and Stablecoin Attacks.
Summary: Fundamental results about dynamics and liquidity in stablecoin markets, demonstrate that these markets face deleveraging feedback effects that cause illiquidity during crises and exacerbate collateral drawdown, and characterize stable dynamics of the system under particular conditions.
Authors: Ariah Klages-Mundt* and Andreea Minca*,
Affiliations: * Cornell University.
Upcoming Events:
Jobs:
Thanks to our sponsor
Protocol Labs
Protocol Labs is an open-source research, development, and deployment laboratory. Projects include IPFS, Filecoin, libp2p, and many more. Protocol Labs aims to make human existence orders of magnitude better through technology.
The internet is humanity’s superpower, and they’re making it more dependable, equitable, and secure. Join the Protocol Labs team!
This newsletter is for informational purposes only. This content does not in any way constitute an offer or solicitation of an offer to buy or sell any investment solution or recommendation to buy or sell a security; nor it is to be taken as legal, business, investment, or tax advice. In fact, none of the information in this or other content on zk Capital should be relied on in any manner as advice. None of the authors, contributors, or anyone else connected with zk Capital, in any way whatsoever, can be responsible for your use of the information contained in this newsletter.