1. “SoK: Decentralized Finance (DeFi) Incidents” by @lzhou1110, @XihanXiong, @ErnstbergerJens, @schaliasosvons, Zhipeng Wang, Ye Wang, @KaihuaQIN, Roger Wattenhofer, @dawnsongtweets, and @HatforceSec
TLDR:
Properly securing DeFi applications can be an extremely challenging task as new types of vulnerabilities are virtually discovered on a weekly basis.
As an emerging area, it is crucial to document DeFi security incidents so that smart contract developers can learn from them and not repeat the same mistakes.
Given the frequency of DeFi exploits, documentation is often siloed and not sufficiently rich in details, a trend evidenced by the lack of post-mortems.
This paper provides a comprehensive analysis of DeFi security incidents and compiles a substantial amount of information on them. In order to contextualize these exploits, the authors present a framework that systematizes different types of vulnerabilities into four layers: DeFi Protocol Layer (Pro), Smart Contract Layer (SC), Blockchain Consensus Layer (CON), and Network Layer (NET).
2. “Auto-Tune: Efficient Autonomous Routing for Payment Channel Networks” by Hsiang-Jen Hong, Sang-Yoon Chang, and Xiaobo Zhou
TLDR:
Bitcoin’s Lightning Network continues to gain traction as the industry’s largest Payment Channel Network. Nevertheless, there are still challenges when it comes to increasing the efficiency and assurances of Lightning payments.
Over the years, new algorithms have been proposed to address these challenges via improved payment routing, which relates to the path and size permutations that a Lightning payment undergoes before it reaches its final destination.
This paper introduces a new routing algorithm called Auto-Tune, which features an interesting set of improvements over the status-quo solution, the Flash algorithm, especially as it relates to routing fees.
3. “Pied-Piper: Revealing the Backdoor Threats in Ethereum ERC Token Contracts” by Fuchen Ma, Meng Ren, Lerong Ouyang, Yuanliang Chen, Juan Zhu, Ting Chen, Yingli Zheng, Xiao Dai, Yu Jiang, and Jiaguang Sun
TLDR:
At times smart contracts must be able to perform critical actions, such as the minting of tokens, blacklisting of users, or updating a DeFi application to a new version.
These actions are implemented as functions in the smart contract, and many have expiration dates given that such functionality can pose non-trivial security risks.
This paper evaluates critical functions, specifically in ERC contracts, and provides insights into when these functions are exploited.
4. “Gromit: Benchmarking the Performance and Scalability of Blockchain Systems” by Bulat Nasrulin, @devos50, Georgy Ishmaev, and Johan Pouwelse
TLDR:
Over the past two years, the industry has witnessed a Cambrian explosion of smart contract platforms competing with Ethereum.
A core tenet spoused by these competitors revolves around scalability: the ability to process dozens of thousands of transactions per second.
However, there are several additional factors that must be considered beyond scalability in order to properly assess the virtues and drawbacks of these systems.
This paper provides an interesting evaluation framework that enables layer 1s to be properly benchmarked.
About SCRF
The Smart Contract Research Forum’s (SCRF) bold mission is to advance web3 through actionable research and knowledge-sharing. To this end, SCRF connects researchers and builders, sponsors projects, and constructs collaborative forums. SCRF’s community is an active, international network of academics, industry architects, and blockchain advocates.