Uncovering Security Risks in Decentralized Exchanges
Understanding the Security Risks of
Decentralized Exchanges by Uncovering
Unfair Trades in the Wild
J
i
a
q
i
C
h
e
n
,
Y
i
b
o
W
a
n
g
,
Y
u
x
u
a
n
Z
h
o
u
,
W
a
n
n
i
n
g
D
i
n
g
,
Y
u
z
h
e
T
a
n
g
,
X
i
a
o
F
e
n
g
W
a
n
g
,
K
a
i
L
i
S
y
r
a
c
u
s
e
U
n
i
v
.
I
n
d
i
a
n
a
U
n
i
v
.
S
D
S
U
Introduction
: Security Risks of
DEX
by Unfair Trades
-
Decentralized Exchange (DEX):
-
Popular DeFi application
-
Trader Alice deposits Token X to a pool and withdraw Token Y
from the pool.
2
Introduction
: Security Risks of DEX by
Unfair Trades
-
A fair trade:
-
Alice depositing TokenX can withdraw TokenY of the same value.
3
Introduction
: Security Risks of DEX by
Unfair Trades
-
A fair trade:
-
Alice depositing TokenX can withdraw TokenY of the same value.
-
Unfair trades:
-
Standalone deposit/withdrawal
4
Introduction
: Security Risks of DEX by
Unfair Trades
-
A fair trade:
-
Alice depositing TokenX can withdraw TokenY of the same value.
-
Unfair trades:
-
Standalone deposit/withdrawal
5
Introduction
: Security Risks of DEX by
Unfair Trades
-
A fair trade:
-
Alice depositing TokenX can withdraw TokenY of the same value.
-
Unfair trades:
-
Standalone deposit/withdrawal
-
Bob withdraws Alice’s deposit
6
Introduction
: Security Risks of DEX by
Unfair Trades
-
A fair trade:
-
Alice depositing TokenX can withdraw TokenY of the same value.
-
Unfair trades:
-
Standalone deposit/withdrawal
-
Bob withdraws Alice’s deposit
-
Alice withdraws more/less value
than her deposit
7
Introduction
: Security Risks of DEX by
Unfair Trades
-
A fair trade:
-
Alice depositing TokenX can withdraw TokenY of the same value.
-
Unfair trades:
-
Standalone deposit/withdrawal
-
Bob withdraws Alice’s deposit
-
Alice withdraws more/less value
than her deposit
8
Introduction
:
Security Risks
of DEX by Unfair Trades
-
Research Problem
Understand whether and how often unfair trades
occur in operational DEXes?
9
Outline:
Measurement and Data-Analytics Pipeline
●
M
e
a
s
u
r
e
m
e
n
t
a
n
d
d
a
t
a
a
n
a
l
y
t
i
c
s
○
(
1
)
F
i
n
d
u
n
f
a
i
r
t
r
a
d
e
s
○
(
2
)
D
e
t
e
c
t
t
h
e
f
t
f
r
o
m
u
n
f
a
i
r
t
r
a
d
e
s
○
(3) Detect lost tokens from unfair trades
●
M
i
t
i
g
a
t
i
o
n
s
10
Measurement (1):
Find Unfair Trades: Method
-
Input data: txs, contract calls, and log events
-
Algorithm:
-
Match deposits and withdrawals,
check the rest for value mismatch
and standalone operations.
11
Measurement (1):
Find Unfair Trades: Results
12
Measurement (1):
Find Unfair Trades: Causes
13
Measurement (2):
Detect Token Thefts: Methods
-
Heuristics-based indicators
-
a thief would eagerly withdraw an exploitable deposit
-
a thief may exploit Causes P1/P2/P3, observable by tx patterns
-
a thief would always withdraw the full balance
-
a thief does not deposit value
-
a thief would send frontrunning txs
-
Cross-check the detected txs with external incident
reports.
14
Measurement (2):
Detect Token Thefts: Results
-
Found cases
15
Measurement (2):
Detect Token Thefts: Results
-
Found cases
-
Block gaps
16
Measurement (2):
Detect Token Thefts: Results
-
Found cases
-
Block gaps
-
Top attackers
17
Measurement (2):
Detect Token Thefts: Results
-
Found cases
-
Block gaps
-
Top attackers
-
Top victims
18
Mitigation:
Secure Redesign of DEX
-
Idea: Use ETHRelay to reconnect the deposit and
withdrawal in two separate transactions.
19
Conclusion and Q/A
-
Measure the unfair trades in the wild on leading
DEXes.
-
Detect resultant security incidents including token
thefts and lost tokens.
-
Propose mitigations to patch or redesign DEXes.
20
This study explores the security risks associated with decentralized exchanges (DEX) by investigating unfair trades that occur in these platforms. Through analyzing various scenarios, the research sheds light on potential vulnerabilities that traders may face in DEX environments. Key findings highlight the importance of addressing these risks to enhance the overall security and trustworthiness of decentralized trading mechanisms.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Understanding the Security Risks of Decentralized Exchanges by Uncovering Unfair Trades in the Wild Jiaqi Chen, Yibo Wang, Yuxuan Zhou, Wanning Ding, Yuzhe Tang, XiaoFeng Wang, Kai Li Syracuse Univ. Indiana Univ. SDSU
Introduction: Security Risks of DEX by Unfair Trades - Decentralized Exchange (DEX): - Popular DeFi application - Trader Alice deposits Token X to a pool and withdraw Token Y from the pool. 2
Introduction: Security Risks of DEX by Unfair Trades - A fair trade: - Alice depositing TokenX can withdraw TokenY of the same value. 3
Introduction: Security Risks of DEX by Unfair Trades - A fair trade: - Alice depositing TokenX can withdraw TokenY of the same value. - Unfair trades: - Standalone deposit/withdrawal 4
Introduction: Security Risks of DEX by Unfair Trades - A fair trade: - Alice depositing TokenX can withdraw TokenY of the same value. - Unfair trades: - Standalone deposit/withdrawal 5
Introduction: Security Risks of DEX by Unfair Trades - A fair trade: - Alice depositing TokenX can withdraw TokenY of the same value. - Unfair trades: - Standalone deposit/withdrawal - Bob withdraws Alice s deposit 6
Introduction: Security Risks of DEX by Unfair Trades - A fair trade: - Alice depositing TokenX can withdraw TokenY of the same value. - Unfair trades: - Standalone deposit/withdrawal - Bob withdraws Alice s deposit - Alice withdraws more/less value than her deposit 7
Introduction: Security Risks of DEX by Unfair Trades - A fair trade: - Alice depositing TokenX can withdraw TokenY of the same value. - Unfair trades: - Standalone deposit/withdrawal - Bob withdraws Alice s deposit - Alice withdraws more/less value than her deposit 8
Introduction: Security Risks of DEX by Unfair Trades - Research Problem Understand whether and how often unfair trades occur in operational DEXes? 9
Outline: Measurement and Data-Analytics Pipeline Measurement and data analytics (1) Find unfair trades (2) Detect theft from unfair trades (3) Detect lost tokens from unfair trades Mitigations 10
Measurement (1): Find Unfair Trades: Method - - Input data: txs, contract calls, and log events Algorithm: - Match deposits and withdrawals, check the rest for value mismatch and standalone operations. 11
Measurement (2): Detect Token Thefts: Methods - Heuristics-based indicators - a thief would eagerly withdraw an exploitable deposit - a thief may exploit Causes P1/P2/P3, observable by tx patterns - a thief would always withdraw the full balance - a thief does not deposit value - a thief would send frontrunning txs Cross-check the detected txs with external incident reports. - 14
Measurement (2): Detect Token Thefts: Results - Found cases 15
Measurement (2): Detect Token Thefts: Results - - Found cases Block gaps 16
Measurement (2): Detect Token Thefts: Results - - - Found cases Block gaps Top attackers 17
Measurement (2): Detect Token Thefts: Results - - - - Found cases Block gaps Top attackers Top victims 18
Mitigation: Secure Redesign of DEX - Idea: Use ETHRelay to reconnect the deposit and withdrawal in two separate transactions. 19
Conclusion and Q/A - Measure the unfair trades in the wild on leading DEXes. - Detect resultant security incidents including token thefts and lost tokens. - Propose mitigations to patch or redesign DEXes. 20
