Abstract
The meteoric rise of Decentralized Finance (DeFi) has been accompanied by a number of financially devastating attacks on its protocols. There have been over 70 exploits of DeFi protocols, with the total of lost funds amounting to approximately 1.5bn USD. In this paper, we introduce a new approach to minimizing the frequency and severity of such attacks: dissimilar redundancy for smart contracts. In a nutshell, the idea is to implement a program logic more than once, ideally using different programming languages. Then, for each implementation, the results should match before allowing the state of the blockchain to change. This is inspired by and has clear parallels to the field of avionics, where on account of the safety-critical environment, flight control systems typically feature multiple redundant implementations. We argue that the high financial stakes in DeFi protocols merit a conceptually similar approach, and we provide a novel algorithm for implementing dissimilar redundancy for smart contracts.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Atzei, N., Bartoletti, M., & Cimoli, T. (2017). A survey of attacks on ethereum smart contracts (sok). In International Conference on Principles of Security and Trust (pp. 164–186) Springer.
Barros, G., & Gallagher, P. (2019). Eip-1822: Universal upgradeable proxy standard (uups). https://eips.ethereum.org/EIPS/eip-1822.
Bloomberg. (2021). Defi platform mistakenly sends $89 million; ceo begs return. https://www.bloomberg.com/news/articles/2021-10-01/defi-platform-mistakenly-sends-89-million-ceo-begs-its-return.
Brubaker, C., Jana, S., Ray, B., Khurshid, S., & Shmatikov, V. (2014). Using frankencerts for automated adversarial testing of certificate validation in ssl/tls implementations. In 2014 IEEE Symposium on Security and Privacy (pp. 114–129) IEEE.
Buterin, V. (2021). Endgame. https://vitalik.ca/general/2021/12/06/endgame.html.
Chen, Y., Su, T., Sun, C., Su, Z., & Zhao, J. (2016). Coverage-directed differential testing of jvm implementations. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation (pp. 85–99).
Copeland, T. (2021). Bug impacting over 50% of ethereum clients leads to fork. https://www.theblockcrypto.com/post/115822/bug-impacting-over-50-of-ethereum-clients-leads-to-fork.
CryptoSec. (2021). Comprehensive list of defi hacks and exploits. https://cryptosec.info/defi-hacks/.
Ethereum. (2019). Evm lab utilities. https://github.com/ethereum/evmlab.
Ethereum. (2021). Ethereum nodes and clients–client diversity. https://ethereum.org/en/developers/docs/nodes-and-clients/client-diversity/.
Ethereum. (2021). Layer 2 rollups. https://ethereum.org/en/developers/docs/scaling/layer-2-rollups/.
Fu, Y., Ren, M., Ma, F., Shi, H., Yang, X., Jiang, Y., Li, H., & Shi, X. (2019). Evmfuzzer: detect evm vulnerabilities via fuzz testing. In Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (pp. 1110–1114).
Gudgeon, L., Moreno-Sanchez, P., Roos, S., McCorry, P., & Gervais, A. (2019). Sok: Off the chain transactions. IACR Cryptol. ePrint Arch., 2019, 360.
MacIver, D. R., Hatfield-Dodds, Z., et al. (2019). Hypothesis: A new approach to property-based testing. Journal of Open Source Software, 4(43), 1891.
Mutual, N. (2021). A decentralized alternative to insurance. https://nexusmutual.io/.
Palladino, S. (2019). Eip-1967: Standard proxy storage slots. https://eips.ethereum.org/EIPS/eip-1967.
Perez, D., & Livshits, B. (2021). Smart contract vulnerabilities: Vulnerable does not imply exploited. In 30th USENIX Security Symposium (USENIX Security 21) (pp. 1325–1341). USENIX Association. https://www.usenix.org/conference/usenixsecurity21/presentation/perez.
Qin, K., Zhou, L., Livshits, B., & Gervais, A. (2021). Attacking the defi ecosystem with flash loans for fun and profit. In International Conference on Financial Cryptography and Data Security (pp. 3–32). Springer.
Rodler, M., Li, W., Karame, G. O., & Davi, L. (2019). Sereum: Protecting existing smart contracts against re-entrancy attacks. In Proceedings of 26th Annual Network & Distributed System Security Symposium (NDSS). http://tubiblio.ulb.tu-darmstadt.de/111410/.
Uniswap. (2020). Uniswap. https://app.uniswap.org/#/swap
Vogelsteller, F., & Buterin, V. (2015). Eip-20: Erc-20 token standard. https://eips.ethereum.org/EIPS/eip-20.
Werner, S. M., Perez, D., Gudgeon, L., Klages-Mundt, A., Harz, D., & Knottenbelt, W. J. (2021). Sok: Decentralized finance (defi). CoRR, abs/2101.08778. https://arxiv.org/abs/2101.08778.
Yang, Y., Kim, T., & Chun, B. G. (2021). Finding consensus bugs in ethereum via multi-transaction differential fuzzing. In 15th USENIX Symposium on Operating Systems Design and Implementation (OSDI 21) (pp. 349–365). USENIX Association. https://www.usenix.org/conference/osdi21/presentation/yang.
Yeh, Y. (1996). Triple-triple redundant 777 primary flight computer. In 1996 IEEE Aerospace Applications Conference. Proceedings, 1, 293–307. https://doi.org/10.1109/AERO.1996.495891.
Acknowledgements
The authors would like to thank the Ethereum Foundation for their financial support.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Perez, D., Gudgeon, L. (2023). Dissimilar Redundancy in DeFi. In: Pardalos, P., Kotsireas, I., Guo, Y., Knottenbelt, W. (eds) Mathematical Research for Blockchain Economy. MARBLE 2022. Lecture Notes in Operations Research. Springer, Cham. https://doi.org/10.1007/978-3-031-18679-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-031-18679-0_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-18678-3
Online ISBN: 978-3-031-18679-0
eBook Packages: Economics and FinanceEconomics and Finance (R0)