Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
125 tokens/sec
GPT-4o
47 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Trusting a Smart Contract Means Trusting Its Owners: Understanding Centralization Risk (2312.06510v1)

Published 11 Dec 2023 in cs.CR, econ.GN, and q-fin.EC

Abstract: Smart contract access control mechanisms can introduce centralization into supposedly decentralized ecosystems. In our view, such centralization is an overlooked risk of smart contracts that underlies well-known smart contract security incidents. Critically, mitigating the known vulnerability of missing permission verification by implementing authorization patterns can in turn introduce centralization. To delineate the issue, we define centralization risk and describe smart contract source code patterns for Ethereum and Algorand that can introduce it to smart contracts. We explain under which circumstances the centralization can be exploited. Finally, we discuss implications of centralization risk for different smart contract stakeholders.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (27)
  1. “Taxonomy of centralization in public blockchain systems: A systematic literature review” In Information Processing & Management 58.102584, 2021 DOI: 10.1016/j.ipm.2021.102584
  2. “Trend of centralization in Bitcoin’s distributed network” In Proc. 16th SNPD IEEE, 2015, pp. 1–6 DOI: 10.1109/SNPD.2015.7176229
  3. “Is Bitcoin a Decentralized Currency?” In IEEE Security & Privacy 12.3, 2014, pp. 54–60 DOI: 10.1109/MSP.2014.49
  4. “A Survey on Ethereum Systems Security” In ACM Computing Surveys 53.3, 2021, pp. 1–43 DOI: 10.1145/3391195
  5. “SoK: Decentralized Finance (DeFi) Attacks”, 2022 arXiv:2208.13035
  6. “Ethainter: a smart contract security analyzer for composite vulnerabilities” In Proc. 41st PLDI ACM, 2020, pp. 454–469 DOI: 10.1145/3385412.3385990
  7. “SmartCheck” In Proc. 1st WETSEB ACM, 2018, pp. 9–16 DOI: 10.1145/3194113.3194115
  8. SmartCheck “SmartCheck Solidity Overpowered Roles”, 2019 URL: https://perma.cc/7ZS8-39GL
  9. “Pied-Piper: Revealing the Backdoor Threats in Ethereum ERC Token Contracts” In ACM Trans. Softw. Eng. Methodol., 2022 DOI: 10.1145/3560264
  10. “Detecting privileged parties on Ethereum” Forthcoming In Proc. 7th WTSC, 2023
  11. Certik “Fidelis Audit Report” URL: https://perma.cc/35R3-7MQ5
  12. The Coinbase Digital Asset & Protocol Security Team “How Coinbase reviews tokens on Ethereum for technical security risks”, 2022 URL: https://tinyurl.com/howcoinbrevws
  13. Jason Scharfman “Decentralized Finance (DeFi) Fraud and Hacks: Part 2” In The Cryptocurrency and Digital Asset Fraud Casebook Springer, 2023, pp. 97–110 DOI: 10.1007/978-3-031-23679-2–“˙˝7
  14. Certik “The State of DeFi Security 2021”, 2021 URL: https://perma.cc/593E-VTJK
  15. “Cross-contract static analysis for detecting practical reentrancy vulnerabilities in smart contracts” In Proc. 35th ASE ACM, 2020, pp. 1029–1040 DOI: 10.1145/3324884.3416553
  16. “ÆGIS: Shielding Vulnerable Smart Contracts Against Attacks” In Proc. 15th AsiaCCS ACM, 2020, pp. 584–597 DOI: 10.1145/3320269.3384756
  17. “Towards Correct Smart Contracts: A Case Study on Formal Verification of Access Control” In Proc. 26th SACMAT ACM, 2021, pp. 125–130 DOI: 10.1145/3450569.3463574
  18. Christof Ferreira Torres, Hugo Jonker and Radu State “Elysium: Context-Aware Bytecode-Level Patching to Automatically Heal Vulnerable Smart Contracts” In Proc. 25th RAID ACM, 2022, pp. 115–128 DOI: 10.1145/3545948.3545975
  19. “Smart contracts: security patterns in the Ethereum ecosystem and solidity” In 2018 International Workshop on Blockchain Oriented Software Engineering IEEE, 2018, pp. 2–8 DOI: 10.1109/IWBOSE.2018.8327565
  20. Josselin Feist, Gustavo Grieco and Alex Groce “Slither: A Static Analysis Framework for Smart Contracts” In Proc. 2019 WETSEB IEEE, 2019, pp. 8–15 DOI: 10.1109/WETSEB.2019.00008
  21. Baratella Matteo “Decentralized Carpooling with Algorand Blockchain”, 2022
  22. AfricaCodeAcademy “Fidelis TEAL approval program” URL: https://perma.cc/SJ9R-JDMC
  23. Algorand “Algorand crowd_fund.teal smart contract” URL: https://perma.cc/7LED-BRU8
  24. Algorand “Algorand Dex.teal smart contract” URL: https://perma.cc/H4YN-2PRH
  25. Fabian Schär “Decentralized Finance: On Blockchain- and Smart Contract-based Financial Markets” Available at SSRN: https://ssrn.com/abstract=3843844, 2020 DOI: 10.2139/ssrn.3571335
  26. Rob Behnke “Designing Secure Access Control for Smart Contracts”, 2022 URL: https://perma.cc/58Q2-3K8N
  27. Corwin Smith “Smart Contract Security”, 2023 URL: https://perma.cc/W9SQ-RKYV
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now