surveying front running attacks on decentralized exchanges
play

Surveying Front-running attacks on Decentralized Exchanges - PowerPoint PPT Presentation

Nov 20, 2022 •155 likes •596 views

Surveying Front-running attacks on Decentralized Exchanges Mingcheng & Sean 1 Goal Introduce a special kind of attck on decentralized exchange Try to propose a mitigation in the end 2 What is this? 3 Blockchain Introduction

  1. Surveying Front-running attacks on Decentralized Exchanges Mingcheng & Sean 1

  2. Goal Introduce a special kind of attck on decentralized ● exchange Try to propose a mitigation in the end ● 2

  3. What is this? 3

  4. Blockchain Introduction blockchain is essentially a decentralized, distributed “database” (ledger) recording transactions, which cannot be altered retroactively without the alteration of all subsequent blocks. Distributed ● Decentralized ● Non-centralized Trust ● Immutable ● 4

  5. Blockchain workflow: block and block generation Blockchain consists of blocks. Blockchain consists of blocks. Each block consists of a head and a body. - Body records transaction - Head includes the cryptographic hash (SHA256) of the body and the prior block 5

  6. Blockchain workflow: block and block generation Head : Time: Timestamp hashMerkleRoot: Hash of Body hashPrevBlock: Hash of previous Block Bits: Target Value Nonce: Magic Number Data …. Body : Transactions ... 6

  7. Blockchain workflow: block and block generation Head : Time: Timestamp hashMerkleRoot: Hash of When SHA256(Head, Nonce++) < prev: H() Bits (Target Max/Difficulty level) Body hashPrevBlock: Hash of previous Block New Bits: Target Value Block Nonce: Magic Number Data …. Body : Trasactions ... 7

  8. Blockchain workflow: block and block generation prev: H() Data Data Blockchain consists of blocks. Each block consists of head and body. - Body records transaction - Head includes the cryptographic hash (SHA256) of the body and the prior block Block Miner can get block reward and operation fee. - proof-of-work 8

  9. Blockchain workflow: broadcast and census If divergence, the chain has been seen by the majority will be validated ● forever (7 confirmation). 9

  10. Blockchain workflow: broadcast and census If divert, the chain has been seen by the majority will be validated forever. ● To keep consistent, bitcoin is designed to generate new block in average 10 ● mins by adjusting the difficulty level. 10

  11. Problems with bitcoin blockchain: Just ledger!! Wasting powers/resource!! 11

  12. Add More Flavors: Ethereum Virtual Machine and Smart Contract ● Lightweight computer programs executed on blockchain network without user interaction when when certain conditions are made. ○ When someone wants to get a particular task done in Ethereum they initiate a smart contract with one or more peers. The EVM provides better deterministic, terminable and isolated environment ● for the smart contracts. (Like JVM) ○ EVM is turning complete 12

  13. The Etheruem Network Smart Contract blockchain 13

  14. The Etheruem Network Smart Contracts Smart Contracts Smart Contracts Smart Contracts blockchain blockchain blockchain blockchain Smart Contracts Smart Contracts blockchain Smart Contracts blockchain blockchain 14

  15. Ethereum Gas and Fee ● Gas is a unit that measures the amount of computational effort that it will take to execute certain operations. ○ Every line of code in Solidity requires a certain amount of gas to be executed. ● Gas Limit >= Gas needed Gas Fee = Gas Limit * Gas Price (Gwei) ● ● Gas Fee is the maximum profit code runner can get Gas Needed 15

  16. The Scale of Ethereum Network ● Ethereum is now the 2nd largest blockchain Network in th world Market Cap = $ 20+ Billion ● Frequent Transactions Data Collected from etherscan https://etherscan.io/

  17. ICO on Ethereum = Fundraising Ether Developer Gather => Money Public Initial Coin Offering Smart Contract Piles of Ether ERC20 Tokens (ERC20 is a Protocol for Etheurm Cryptocurrencies, it allow direct interaction bewteen parties) 17

  18. Functionalities of ERC20 Tokens ● Toll : A token can act as a gateway to the Dapp. ● Voting Rights : The tokens may also qualify the holders to have certain voting rights. ● Value Exchange : Tokens can help create an internal economic system within the application. 18

  19. A Need for Exchange TokenA TokenB Cryptocurrency Exchange TokenC 19

  20. Centralized Exchange 20

  21. Decentralized Exchange (DEXs) “I offer 1 TokenA for 2 TokenB” Core Contrac t Maker TokenA “I take the 1A for 2B 1A for 2B _________ Great TokenA with 2 Deal! _________ _________ _________ TokenB” _________ _________ _________ Matcher Order Book Taker Proxy Contract 1A for 2B The Exchange Smart Contracts TokenB 21

  22. Decentralized Exchange “I want to buy TokenB with TokenA” Core Contrac t Maker TokenA “I want to buy TokenA with TokenB” Algorithmic Matcher Buy Order -> Price UP Proxy Contract Sell Order -> Price DOWN Taker A ⇔ B With a Calculated Rate Algorithmic Marketmaker TokenB 22

  23. Algorithmic DEX Example - Bancor 23

  24. Industry Designs are more complexed Kyber Network 24 “Kyber: An On-Chain Liquidity Protocol,” Apr. 22, 2019. https://files.kyber.network/Kyber_Protocol_22_April_v0.1.pdf (accessed Apr. 13, 2020).

  25. Transaction Visibility 25

  26. Transaction Delay 2 Block Confirmations Generally Required at least 7 Confirmations 26

  27. Transaction Order is Not Guaranteed Pending TX Queue TX5, 0.01 Gwei TX6, 0.03 Gwei TX7, 0.02 Gwei TX1 TX2 TX3 TX4 TX8 TX6 TX8, 0.15 Gwei Confirmed Block Miner’s Block Confirmed Block TX8 is more likely to be included in a block along the chain 27

  28. Profit Through Change TX Order Frontrunning Attack TokenA price goes up Time Algorithmic Exchange TX2: Buys 10 TokenA TX1: Buys 1000 TokenA TX3: Sells 10 TokenA 0.02 Gwei 0.01 Gwei 0.009 Gwei 28

  29. Another Frontrunning Scenario DEX A DEX B Decentralized Exchange Decentralized Exchange Buy 1 for 6 ETH Sell 1 for 5 ETH TX: Buy 5 from A and Sell to B Pending TX Confirm 0.2 Gwei TX 0.1 Gwei Bot 29

  30. Another Frontrunning Scenario DEX A DEX B Decentralized Exchange Decentralized Exchange Buy 1 for 6 ETH Sell 1 for 5 ETH TX: Buy 5 from A and Sell to B TX: Buy 5 from A and Sell to B Confirm Pending TX 0.3 Gwei 0.2 Gwei TX 0.1 Gwei Bot* Bot 30

  31. Another Frontrunning Scenario DEX A DEX B Decentralized Exchange Decentralized Exchange Buy 1 for 6 ETH Sell 1 for 5 ETH TX... TX... Confirm Pending TX TX... 0.3 Gwei 0.2 Gwei 0.4 Gwei TX 0.1 Gwei Bot* Bot Bot** 31

  32. Another Frontrunning Scenario Inefficiency to the blockchain DEX A DEX B And Slows down the confirmation of other TXs Decentralized Exchange Decentralized Exchange Buy 1 for 6 ETH Sell 1 for 5 ETH TX... TX... Confirm Pending TX TX... ... 0.3 Gwei 0.2 Gwei n Gwei TX 0.1 Gwei Bot* Bot Bot** 32

  33. Scale of Frontrunning Bots Philip Daian, Steven Goldfeder, et al. “Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in 33 Decentralized Exchanges”. ArXiv abs/1904.05234 .2019.

  34. Scale of Frontrunning Bots Philip Daian, Steven Goldfeder, et al. “Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in 34 Decentralized Exchanges”. ArXiv abs/1904.05234 .2019.

  35. Frontrunning Vulnerability TX are visible to everyone E + TX takes time to get confirmed = Frontrunning Attack! ! + Pending TX can be reordered. 35

  36. Mitigation - Reduce Visibility 36

  37. Mitigation - Encryption “I offer 1 TokenA for 2 TokenB” Core Contrac t Maker TokenA “I take the 1A for 2B TokenA with _________ 2 TokenB” _________ Matcher Order Book Taker The Exchange Smart Contracts TokenB 37

  38. Mitigation - Encryption “I offer 1 TokenA for 2 TokenB” Core Contrac t Maker TokenA “I take the 1A for 2B TokenA with _________ 2 TokenB” _________ Matcher Key Wallet Address Order Book Taker The Exchange Smart Contracts Wallet Address Key Map TokenB Key 38

  39. Mitigation - Encryption “I offer ENCRYPT for ENCRYPT” Core Contrac t Maker TokenA “I take the E for E ENCRYPT Trusted Execution Environment with _________ (Inspired by Tesseart) Trader ENCRYPT _________ E f o _ r _ E _ _ Key _ _ _ _ _ _ _ _ _ _ _ _ Order Book Taker Trade Info The Exchange Smart Contracts Matcher TokenB 39

  40. Countering Algorithmic Frontrunning TokenA price goes up Time Algorithmic Exchange TX1: Buys 1000 TokenA 0.01 Gwei 40

  41. Countering Algorithmic Frontrunning Create Transaction: ??? price goes up ??? Time Algorithmic Exchange ??? TX1: Buys ENCRYPT 0.01 Gwei 41

  42. Countering Frontrunning Bot DEX A DEX B Decentralized Exchange Decentralized Exchange Buy 1 for 6 ETH Sell 1 for 5 ETH TX: Buy 5 from A and Sell to B Pending TX Confirm 0.2 Gwei TX 0.1 Gwei Bot 42

  43. Countering Frontrunning Bot DEX A DEX B Decentralized Exchange Decentralized Exchange Buy 1 for 6 ETH Sell 1 for 5 ETH What is E and how TX: Buy E from A and Sell E to B Pending TX many? Confirm TX 0.1 Gwei 0.2 Gwei Bot* Bot 43

  44. Our current progress - Last semester, one of the research in the lab developed a blockchain network that allows cross-chain exchange between Bitcoin and Ethereum - We got the task to survey current exchange, their vulnerabilities, and possible mitigations - The lab group we work with are designing the protocl for communications between TEE and Blockchain Network. 44

Recommend

D7: Front-running Race conditions #7: Front ont-running running A form of a race condition

D7: Front-running Race conditions #7: Front ont-running running A form of a race condition

D7: Front-running Race conditions #7: Front ont-running running A form of a race condition time-of-check vs time-of-use (TOCTOU) race conditions and transaction ordering dependence (TOD) A classic problem in operating systems 15.8%

467 views • 31 slides
Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation J.

Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation J.

Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation J. Garcia, F . Autrel, J. Borrell, S. Castillo, F . Cuppens, G. Navarro { jgarcia,jborrell,scastillo,gnavarro } @ccd.uab.es, {

291 views • 17 slides
MOBILE DECENTRALIZED CRYPTO EXCHANGE V3.4. NOVEMBER 2018 CHRISTIAN BLANQUERA Founder,

MOBILE DECENTRALIZED CRYPTO EXCHANGE V3.4. NOVEMBER 2018 CHRISTIAN BLANQUERA Founder,

MOBILE DECENTRALIZED CRYPTO EXCHANGE V3.4. NOVEMBER 2018 CHRISTIAN BLANQUERA Founder, chris@moni.co +63 905 337 6000 The Problem Crypto exchanges, over a 1 Trillion USD market, are centralized and are prone to hacking. Riddled with 24/7

277 views • 12 slides
1031 Exchanges &amp; Qualified Opportunity Zones Drew Emmert Colleen R. Fausz Ryan M.

1031 Exchanges &amp; Qualified Opportunity Zones Drew Emmert Colleen R. Fausz Ryan M.

1031 Exchanges &amp; Qualified Opportunity Zones Drew Emmert Colleen R. Fausz Ryan M. Whitaker Part 1: 1031 Exchanges Roadmap Overview of 1031 Exchanges History of 1031 Exchanges Benefits of 1031 Exchanges 1031 Exchange

775 views • 41 slides
Open Source Developers are Securitys new front line A shifting landscape of attacks Ilkka

Open Source Developers are Securitys new front line A shifting landscape of attacks Ilkka

Open Source Developers are Securitys new front line A shifting landscape of attacks Ilkka Turunen Global Director, Sonatype @llkkaT 20XX: Software has eaten the world It used open source to chew it up Everyone has a software supply

1.25k views • 59 slides
MacConvilles Surveying BIM What it Means to Quantity Surveying BIM What it Means to

MacConvilles Surveying BIM What it Means to Quantity Surveying BIM What it Means to

MacConvilles Surveying BIM What it Means to Quantity Surveying BIM What it Means to Quantity Surveying MacConvilles Who We Are What Does BIM Mean to a QS Opportunity or Threat Barriers to BIM MacConvilles Journey

326 views • 16 slides
1031 Like Kind Exchanges: Pursuing 1031 Like Kind Exchanges: Pursuing Opportunities in a

1031 Like Kind Exchanges: Pursuing 1031 Like Kind Exchanges: Pursuing Opportunities in a

Presenting a live 90 minute webinar with interactive Q&amp;A 1031 Like Kind Exchanges: Pursuing 1031 Like Kind Exchanges: Pursuing Opportunities in a Rebounding Market Mastering Complex Tax Rules and Leveraging the New Net Investment Income

947 views • 78 slides
IMPLICATIONS FOR DEVELOPMENT SURVEYING 2018 National Surveying Congress DR ANTHEA BILL,

IMPLICATIONS FOR DEVELOPMENT SURVEYING 2018 National Surveying Congress DR ANTHEA BILL,

IMPLICATIONS FOR DEVELOPMENT SURVEYING 2018 National Surveying Congress DR ANTHEA BILL, Hunter Research Foundation Centre 23 March 2018 PRESENTATION OUTLINE National Context Resources Cycle Hunter Region Story Boom

628 views • 42 slides
Healthcare Exchanges in Healthcare Exchanges in the Sky with Diamonds Lyman Sornberger Chief

Healthcare Exchanges in Healthcare Exchanges in the Sky with Diamonds Lyman Sornberger Chief

6/9/2014 Healthcare Exchanges in Healthcare Exchanges in the Sky with Diamonds Lyman Sornberger Chief Healthcare Strategy Officer New Jersey HFMA June 10, 2014 Agenda Affordable Care Act (ACA) Highlights Enrollment Assistance

195 views • 17 slides
About the guy in front Conservation Biology BSC3052 About the guy in front About the guy in

About the guy in front Conservation Biology BSC3052 About the guy in front About the guy in

About the guy in front Conservation Biology BSC3052 About the guy in front About the guy in front About the guy in front About the guy in front PhD 1994 in Switzerland Evolutionary genetics 1994 move to Seattle Theoretical population

290 views • 7 slides
Surveying for Building Construction Prof. Mrs. C. Jayasinghe Senior Professor, Department of

Surveying for Building Construction Prof. Mrs. C. Jayasinghe Senior Professor, Department of

Surveying for Building Construction Prof. Mrs. C. Jayasinghe Senior Professor, Department of Civil Engineering, University of Moratuwa Surveying Surveying supports all construction activities and infrastructure engineering in urban and

899 views • 79 slides
Securing Linux VMs in a Hosted Environment mikbras@microsoft.com Goal attacks from the

Securing Linux VMs in a Hosted Environment mikbras@microsoft.com Goal attacks from the

Securing Linux VMs in a Hosted Environment mikbras@microsoft.com Goal attacks from the outside To protect Linux VMs from outside attacks (from processes running on the host). Injecting code into the boot chain. Stealing data from

559 views • 18 slides
Hydrographic Surveying and Charting in Hydrographic Surveying and Charting in the Ross Sea

Hydrographic Surveying and Charting in Hydrographic Surveying and Charting in the Ross Sea

Hydrographic Surveying and Charting in Hydrographic Surveying and Charting in the Ross Sea Region, Antarctica the Ross Sea Region, Antarctica Adam Greenland National Hydrographer Overview Surveying &amp; Charting In Antarctica

330 views • 22 slides
&gt; Closure - &gt; IBS - IFS Elm W 21 &gt; BM u![ -BM known Distribute errors SM Bock Eev

&gt; Closure - &gt; IBS - IFS Elm W 21 &gt; BM u![ -BM known Distribute errors SM Bock Eev

FE Review-Surveying Ex 1. Azimuths &amp; Bearings Determine the Azimuth and Bearing for each of the following: (a) (b) N N 70 w W 55 (C) (d) N N 45 W W 80 s S 1 FE Review-Surveying Ex. 2 Area Calculation Boundary and

343 views • 6 slides
A Decentralized and Distributed E-voting Scheme Based on Cryptographic Shuffles Decentralized

A Decentralized and Distributed E-voting Scheme Based on Cryptographic Shuffles Decentralized

A Decentralized and Distributed E-voting Scheme Based on Cryptographic Shuffles Decentralized and Distributed Systems Laboratory Andy Caforio Responsible: Prof. Bryan Ford Supervision: Linus Gasser, Philipp Jovanovic 1 Way back when

445 views • 20 slides
Martin Cullen Department of Construction and Surveying What will be covered History of the

Martin Cullen Department of Construction and Surveying What will be covered History of the

Martin Cullen Department of Construction and Surveying What will be covered History of the Department From 2 separate Departments to form the School of Built &amp; Natural Environment 2002 Building &amp; Surveying Energy &amp; Environmental

408 views • 8 slides
Some Presentation Slides Dr. Maher A. El-Hallaq Lecturer of Surveying The Islamic University of

Some Presentation Slides Dr. Maher A. El-Hallaq Lecturer of Surveying The Islamic University of

Some Presentation Slides Dr. Maher A. El-Hallaq Lecturer of Surveying The Islamic University of Gaza Surveying The determination of relative spatial location of points on or near the earth surface. It includes: Mapping tasks Setting

1.03k views • 39 slides
Front Controller Context The presentation-tier request handling mechanism must control and

Front Controller Context The presentation-tier request handling mechanism must control and

Front Controller Context The presentation-tier request handling mechanism must control and coordinate processing of each user across multiple requests. Such control mechanisms may be managed in either a cen- tralized or decentralized manner.

545 views • 3 slides
Fixing healthcare data exchange with decentralized FOSS Protect your API's with a decentralized

Fixing healthcare data exchange with decentralized FOSS Protect your API's with a decentralized

Fixing healthcare data exchange with decentralized FOSS Protect your API's with a decentralized trust layer Steven van der Vegt Open standard to enable safe and correct exchange of healthcare data. Goal Create a (inter)national network of

708 views • 35 slides
Bit attacks D. J. Bernstein University of Illinois at Chicago From: andr...@ise... Date: 11 Feb

Bit attacks D. J. Bernstein University of Illinois at Chicago From: andr...@ise... Date: 11 Feb

Bit attacks D. J. Bernstein University of Illinois at Chicago From: andr...@ise... Date: 11 Feb 2009 14:48 Subject: Question Running CubeHash8/1 with 64 bit output over 2 different datasets give me the same hash under Visual Studio. Using

394 views • 13 slides
Measuring &amp; Using Patient Experiences: Surveying Adult and Child Patients Measuring &amp;

Measuring &amp; Using Patient Experiences: Surveying Adult and Child Patients Measuring &amp;

Measuring &amp; Using Patient Experiences: Surveying Adult and Child Patients Measuring &amp; using patient experience: surveying adults and children What we will cover: About Picker Institute Europe Introduction Conducting and using surveys

1.03k views • 75 slides
Sybil Attacks Against Mobile Users: Friends and Foes to the Rescue Daniele Quercia Stephen

Sybil Attacks Against Mobile Users: Friends and Foes to the Rescue Daniele Quercia Stephen

Sybil Attacks Against Mobile Users: Friends and Foes to the Rescue Daniele Quercia Stephen Hailes By XincenYu What is it about Propose a new decentralized defense for portable devices called MobID Every device manages two small

256 views • 24 slides
Engineering Consultants &amp; Chartered Building Surveyors www.rj.uk.com Building Surveying

Engineering Consultants &amp; Chartered Building Surveyors www.rj.uk.com Building Surveying

Engineering Consultants &amp; Chartered Building Surveyors www.rj.uk.com Building Surveying Structural Engineering Insurance Surveying Civil Engineering Project Management Pre-planning &amp; Flood Risk

414 views • 29 slides
Surveying the Twin Peaks Rich Hilliard http://softsysarchitect.net richh@mit.edu Second

Surveying the Twin Peaks Rich Hilliard http://softsysarchitect.net richh@mit.edu Second

Surveying the Twin Peaks Rich Hilliard http://softsysarchitect.net richh@mit.edu Second International Workshop on the Twin Peaks of Requirements and Architecture at ICSE 2013 Surveying is essential in the planning and execution of nearly

315 views • 28 slides

More recommend