ÐArcher: detecting on-chain-off-chain synchronization bugs in decentralized applications

@article{Zhang2021ArcherDO,
  title={ÐArcher: detecting on-chain-off-chain synchronization bugs in decentralized applications},
  author={Wuqi Zhang and Lili Wei and Shuqing Li and Yepang Liu and S. C. Cheung},
  journal={Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering},
  year={2021}
}
  • Wuqi Zhang, Lili Wei, S. Cheung
  • Published 17 June 2021
  • Computer Science
  • Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering
Since the emergence of Ethereum, blockchain-based decentralized applications (DApps) have become increasingly popular and important. To balance the security, performance, and costs, a DApp typically consists of two layers: an on-chain layer to execute transactions and store crucial data on the blockchain and an off-chain layer to interact with users. A DApp needs to synchronize its off-chain layer with the on-chain layer proactively. Otherwise, the inconsistent data in the off-chain layer could… 

Figures and Tables from this paper

Overview of Blockchain Oracle Research

TLDR
A bibliometric analysis is undertaken by highlighting institutions and authors that are actively contributing to the oracle literature to show that although worldwide collaboration is still lacking, various authors and institutions have been working in similar directions.

DETER: Denial of Ethereum Txpool sERvices

TLDR
This work designs non-trivial measurement methods against blackbox mainnet nodes and conduct light probes to confirm that popular mainnet services are exploitable under DETER attacks and proposes mitigation schemes that reduce a DETER attack's success rate down to zero while preserving the miners' revenue.

References

SHOWING 1-10 OF 53 REFERENCES

An Empirical Study of Blockchain-based Decentralized Applications

TLDR
The popularity of dapps is analyzed, and the patterns of how smart contracts are organized in a dapp are summarized, to help dapp developers and users better understand and deploy dapps.

Kaya: A Testing Framework for Blockchain-based Decentralized Applications

TLDR
Kaya is a testing framework for DApps that formulate automatically executed test cases that cover both front-end behaviors and back-end logics with simple setting, and provides a flexible and convenient way for test engineers to set the blockchain pre-states.

Exploiting the laws of order in smart contracts

TLDR
EthRacer, an automatic analysis tool that runs directly on Ethereum bytecode and requires no hints from users, is built, providing compact event traces (witnesses) that human analysts can examine in only a few minutes per contract.

Making Smart Contracts Smarter

TLDR
This paper investigates the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies, and proposes ways to enhance the operational semantics of Ethereum to make contracts less vulnerable.

Towards Blockchain Tactics: Building Hybrid Decentralized Software Architectures

TLDR
It is argued that further research and validation is necessary for gaining more qualitative and quantitative insights to make informed architectural design decisions when using blockchain technology and a first outline on how to achieve this is given.

On the Security and Performance of Proof of Work Blockchains

TLDR
This paper introduces a novel quantitative framework to analyse the security and performance implications of various consensus and network parameters of PoW blockchains and devise optimal adversarial strategies for double-spending and selfish mining while taking into account real world constraints.

Detecting nondeterministic payment bugs in Ethereum smart contracts

TLDR
A methodical approach to understanding the inherent nondeterminism in the Ethereum blockchain system and its (unwanted) influence on contract payments is introduced and a practical tool named NPChecker (Nondeterministic Payment Checker) is implemented.

Analysis of the main consensus protocols of blockchain

S-gram: Towards Semantic-Aware Security Auditing for Ethereum Smart Contracts

TLDR
A novel semantic-aware security auditing technique called S-GRAM for Ethereum, which is a combination of N-gram language modeling and lightweight static semantic labeling that can learn statistical regularities of contract tokens and capture high-level semantics as well.

MadMax: surviving out-of-gas conditions in Ethereum smart contracts

TLDR
MadMax is presented: a static program analysis technique to automatically detect gas-focused vulnerabilities with very high confidence and achieves high precision and scalability.
...