Zhou, Liyi;
Xiong, Xihan;
Ernstberger, Jens;
Chaliasos, Stefanos;
Wang, Zhipeng;
Wang, Ye;
Qin, Kaihua;
... Gervais, Arthur; + view all
(2023)
SoK: Decentralized Finance (DeFi) Attacks.
In:
Proceedings of the IEEE Symposium on Security and Privacy (SP) 2023.
(pp. pp. 2444-2461).
Institute of Electrical and Electronics Engineers (IEEE)
Preview |
Text
2208.13035v3.pdf - Other Download (1MB) | Preview |
Abstract
Within just four years, the blockchain-based Decentralized Finance (DeFi) ecosystem has accumulated a peak total value locked (TVL) of more than 253 billion USD. This surge in DeFi’s popularity has, unfortunately, been accompanied by many impactful incidents. According to our data, users, liquidity providers, speculators, and protocol operators suffered a total loss of at least 3.24 billion USD from Apr 30, 2018 to Apr 30, 2022. Given the blockchain’s transparency and increasing incident frequency, two questions arise: How can we systematically measure, evaluate, and compare DeFi incidents? How can we learn from past attacks to strengthen DeFi security?In this paper, we introduce a common reference frame to systematically evaluate and compare DeFi incidents, including both attacks and accidents. We investigate 77 academic papers, 30 audit reports, and 181 real-world incidents. Our data reveals several gaps between academia and the practitioners’ community. For example, few academic papers address "price oracle attacks" and "permissonless interactions", while our data suggests that they are the two most frequent incident types (15% and 10.5% correspondingly). We also investigate potential defenses, and find that: (i) 103 (56%) of the attacks are not executed atomically, granting a rescue time frame for defenders; (ii) bytecode similarity analysis can at least detect 31 vulnerable/23 adversarial contracts; and (iii) 33 (15.3%) of the adversaries leak potentially identifiable information by interacting with centralized exchanges.
| Type: | Proceedings paper |
|---|---|
| Title: | SoK: Decentralized Finance (DeFi) Attacks |
| Event: | 44th IEEE Symposium on Security and Privacy (SP) |
| Location: | San Francisco, CA, USA |
| Dates: | 21st-25th May 2023 |
| ISBN-13: | 978-1-6654-9336-9 |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1109/SP46215.2023.10179435 |
| Publisher version: | https://doi.org/10.1109/SP46215.2023.10179435 |
| Language: | English |
| Additional information: | This version is the author accepted manuscript. For information on re-use, please refer to the publisher's terms and conditions. |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
| URI: | https://discovery-pp.ucl.ac.uk/id/eprint/10193671 |
Archive Staff Only
 |
View Item |
