1. “No More Attacks on Proof-of-Stake Ethereum?” by Francesco D’Amato, Joachim Neu, Ertem Nusret Tas, and David Tse
TLDR:
LMD-GHOST is the current consensus protocol employed by Proof-of-Stake Ethereum. Although this protocol was designed to address a host of attacks, it is susceptible to so-called voting rebalancing attacks.
These attacks can be highly disruptive to the Ethereum network as they break economic finality and lead to reorganizations on the blockchain that most applications are not equipped to handle.
This paper proposes a new consensus protocol called Goldfish which is designed to address this attack vector. Crucially, Goldfish is highly compatible with the architecture of LMD-GHOST and does not entail big changes to Proof-of-Stake Ethereum.
2. “Exploring Vulnerabilities and Anomalies in NFT Marketplaces” by Xiangyu Ruan
TLDR:
NFT markets might have cooled down after the recent market downturn, but there is still an enormous amount of interest in how NFTs can be better implemented and secured.
This paper provides a formalization of the security issues faced by popular NFT implementations and taxonomizes the different types of exploits via historical case studies.
Beyond NFT implementation frameworks, the paper also discusses market structures and historical anomalies in popular NFT marketplaces.
3. “Fighting Sybils in Airdrops” by Zheng Liu and Hongyang Zhu
TLDR:
The air-dropping of tokens is a popular distribution mechanism and its primary goal is to reward the early users of an application.
However, airdrops are frequently manipulated by sophisticated attackers who try to pose as multiple users in order to get a disproportionate number of “free” tokens.
This paper analyzes historical airdrops and frames this type of manipulation as a Sybil attack. The authors then present clustering techniques that can be used by projects to flag malicious accounts.
4. “Towards Interoperability of Open and Permissionless Blockchains: A Cross-Chain Query Language” by Felix Härer
TLDR:
Blockchain Interoperability is the ability of users and applications to interact with one another across different networks.
A lot of the focus on this front has been on the development of cross-chain bridges which essentially recreate user balances in supported blockchains and relay their messages.
While most interoperability discussions today tend to focus on bridge design, there are other challenges introduced by this cross-chain paradigm, especially as it relates to data normalization.
This paper is interesting as it focuses on the data inconsistency problem and proposes a new query language that is agnostic of a blockchain’s data model. If adopted, this language can be used by cross-chain applications to normalize transactional data.
5. “Permissionless Clock Synchronization with Public Setup” by Juan Garay, Aggelos Kiayias, and Yu Shen
TLDR:
Blockchains are designed to track changes in a ledger, or an application, over the course of time. While blocks serve as a measure of time, they can at times be at odds with “human” time. This, in turn, impacts use-cases where the human time reported in a block serves as an input for an application, such as a weather oracle.
This paper discusses how clock synchronization can be better implemented on blockchains in a permissionless setting. The authors apply this schema to Bitcoin and, as a first use case, evaluate how this clock can be used to adjust mining difficulty more appropriately.
6. “A Study of Inline Assembly in Solidity Smart Contracts” by Stefanos Chaliasos, Arthur Gervais, and Benjamin Livshits
TLDR:
Inline Assembly is a relatively sophisticated technique used by smart contract developers to embed low-level code in their applications.
While some opcodes are only available through Inline Assembly, the primary motivation for its use is gas optimization as the on-chain footprint of applications can be decreased by these low-level primitives.
This paper is the first comprehensive study of the use of Inline Assembly and sheds light on the predominance of this technique. It also provides valuable insights to developers on the appropriateness of Inline Assembly and ways that Solidity can be enhanced for this practice.
Research collected and curated by @cipherix.
This newsletter is for informational purposes only and is not intended as legal, business, investment, or tax advice.
About SCRF
The Smart Contract Research Forum’s (SCRF) bold mission is to advance web3 through actionable research and knowledge-sharing. To this end, SCRF connects researchers and builders, sponsors projects, and constructs collaborative forums. SCRF’s community is an active, international network of academics, industry architects, and blockchain advocates.