Uncovering Security Risks in Decentralized Exchanges

Slide Note
Embed
Share

This study explores the security risks associated with decentralized exchanges (DEX) by investigating unfair trades that occur in these platforms. Through analyzing various scenarios, the research sheds light on potential vulnerabilities that traders may face in DEX environments. Key findings highlight the importance of addressing these risks to enhance the overall security and trustworthiness of decentralized trading mechanisms.

suis235
suis235 Follow

Uploaded on Sep 17, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Understanding the Security Risks of Decentralized Exchanges by Uncovering Unfair Trades in the Wild Jiaqi Chen, Yibo Wang, Yuxuan Zhou, Wanning Ding, Yuzhe Tang, XiaoFeng Wang, Kai Li Syracuse Univ. Indiana Univ. SDSU

  2. Introduction: Security Risks of DEX by Unfair Trades - Decentralized Exchange (DEX): - Popular DeFi application - Trader Alice deposits Token X to a pool and withdraw Token Y from the pool. 2

  3. Introduction: Security Risks of DEX by Unfair Trades - A fair trade: - Alice depositing TokenX can withdraw TokenY of the same value. 3

  4. Introduction: Security Risks of DEX by Unfair Trades - A fair trade: - Alice depositing TokenX can withdraw TokenY of the same value. - Unfair trades: - Standalone deposit/withdrawal 4

  5. Introduction: Security Risks of DEX by Unfair Trades - A fair trade: - Alice depositing TokenX can withdraw TokenY of the same value. - Unfair trades: - Standalone deposit/withdrawal 5

  6. Introduction: Security Risks of DEX by Unfair Trades - A fair trade: - Alice depositing TokenX can withdraw TokenY of the same value. - Unfair trades: - Standalone deposit/withdrawal - Bob withdraws Alice s deposit 6

  7. Introduction: Security Risks of DEX by Unfair Trades - A fair trade: - Alice depositing TokenX can withdraw TokenY of the same value. - Unfair trades: - Standalone deposit/withdrawal - Bob withdraws Alice s deposit - Alice withdraws more/less value than her deposit 7

  8. Introduction: Security Risks of DEX by Unfair Trades - A fair trade: - Alice depositing TokenX can withdraw TokenY of the same value. - Unfair trades: - Standalone deposit/withdrawal - Bob withdraws Alice s deposit - Alice withdraws more/less value than her deposit 8

  9. Introduction: Security Risks of DEX by Unfair Trades - Research Problem Understand whether and how often unfair trades occur in operational DEXes? 9

  10. Outline: Measurement and Data-Analytics Pipeline Measurement and data analytics (1) Find unfair trades (2) Detect theft from unfair trades (3) Detect lost tokens from unfair trades Mitigations 10

  11. Measurement (1): Find Unfair Trades: Method - - Input data: txs, contract calls, and log events Algorithm: - Match deposits and withdrawals, check the rest for value mismatch and standalone operations. 11

  12. Measurement (1): Find Unfair Trades: Results 12

  13. Measurement (1): Find Unfair Trades: Causes 13

  14. Measurement (2): Detect Token Thefts: Methods - Heuristics-based indicators - a thief would eagerly withdraw an exploitable deposit - a thief may exploit Causes P1/P2/P3, observable by tx patterns - a thief would always withdraw the full balance - a thief does not deposit value - a thief would send frontrunning txs Cross-check the detected txs with external incident reports. - 14

  15. Measurement (2): Detect Token Thefts: Results - Found cases 15

  16. Measurement (2): Detect Token Thefts: Results - - Found cases Block gaps 16

  17. Measurement (2): Detect Token Thefts: Results - - - Found cases Block gaps Top attackers 17

  18. Measurement (2): Detect Token Thefts: Results - - - - Found cases Block gaps Top attackers Top victims 18

  19. Mitigation: Secure Redesign of DEX - Idea: Use ETHRelay to reconnect the deposit and withdrawal in two separate transactions. 19

  20. Conclusion and Q/A - Measure the unfair trades in the wild on leading DEXes. - Detect resultant security incidents including token thefts and lost tokens. - Propose mitigations to patch or redesign DEXes. 20

Related


Implementing Digital Product Passports: Best Practices and Standards Overview

Implementing Digital Product Passports: Best Practices and Standards Overview

shea
Tackling Skewed Data Challenges in Decentralized Machine Learning

Tackling Skewed Data Challenges in Decentralized Machine Learning

ward
Decentralized Policies and Liability Laws in Environmental Protection

Decentralized Policies and Liability Laws in Environmental Protection

ciara
Exploring the Role of Blockchain as a Trusted Third Party in Decentralized Systems

Exploring the Role of Blockchain as a Trusted Third Party in Decentralized Systems

briganti_t
Cultural Exchanges Between Japan and Tang China: A Historical Perspective

Cultural Exchanges Between Japan and Tang China: A Historical Perspective

breccan
Client Code Modification and Tax Evasion: Regulatory Issues in Stock Exchanges

Client Code Modification and Tax Evasion: Regulatory Issues in Stock Exchanges

cher909
Understanding the Mississippi Insurance Department and Health Insurance Exchanges

Understanding the Mississippi Insurance Department and Health Insurance Exchanges

hill_ira
Decentralized Identity: Enhancing Trust in Web3.0 with DID

Decentralized Identity: Enhancing Trust in Web3.0 with DID

denar
Comprehensive DevOps Security Training Overview

Comprehensive DevOps Security Training Overview

jahv_808
Understanding Stocks: Key Concepts and Market Dynamics

Understanding Stocks: Key Concepts and Market Dynamics

bpac
Revolutionizing Communication with ENUMER: A Decentralized Approach

Revolutionizing Communication with ENUMER: A Decentralized Approach

neo
OmniLedger: Decentralized Ledger with Sharding

OmniLedger: Decentralized Ledger with Sharding

garc
Understanding Artificial Intelligence Risks in Short and Long Term

Understanding Artificial Intelligence Risks in Short and Long Term

jaxton
Understanding Cyber Security and Risks

Understanding Cyber Security and Risks

kathryn
Identifying and Mitigating GBV Risks in COVID-19 Response for Food Security in Rakhine State, Myanmar

Identifying and Mitigating GBV Risks in COVID-19 Response for Food Security in Rakhine State, Myanmar

zuzu
Understanding the Role of Security Champions in Organizations

Understanding the Role of Security Champions in Organizations

irvin
Understanding the Roles of a Security Partner

Understanding the Roles of a Security Partner

zaara
Enhancing Data Exchange for International Social Security Organizations

Enhancing Data Exchange for International Social Security Organizations

cradk
Explore Market-Up: The Decentralized Marketplace on Blockchain Technology

Explore Market-Up: The Decentralized Marketplace on Blockchain Technology

calla
Exploring Helium: A Decentralized IoT Network Revolution

Exploring Helium: A Decentralized IoT Network Revolution

eoghan
Decentralization and District Development Authorities: A Metagovernance Perspective

Decentralization and District Development Authorities: A Metagovernance Perspective

khalani
Establishment of Decentralized Clean Water Service Providers in Winooski Basin

Establishment of Decentralized Clean Water Service Providers in Winooski Basin

jaquelin
Water Resources Commission Overview and Operations

Water Resources Commission Overview and Operations

kphil
Overview of Peer-to-Peer Systems and Distributed Hash Tables

Overview of Peer-to-Peer Systems and Distributed Hash Tables

scron

More Related Content