Ethereum is the largest smart-contract platform and second-largest cryptocurrency only after Bitcoin. Under the hood, Ethereum is a peer-to-peer network where miner nodes come to a consensus and decide what transactions to include in the blockchain. In practice, Ethereum’s P2P network receives transactions sent from millions of web clients and propagates them to the tens of thousands of miner nodes. While the blockchain-to-client communication channel is a part of the system’s critical path, its security is understudied in the existing research literature. This talk presents our recent research examining Ethereum systems security under the denial-of-service attack vectors (CCS’21, NDSS’21, and IMC’21). The security vulnerabilities discovered in these works have been confirmed and then fixed by the Ethereum developer community.
Decentralized exchanges (DEXs) allow parties to participate in financial markets while retaining full custody of their funds. However, the transparency of blockchain-based DEX in combination with the latency for transactions to be processed, makes market-manipulation feasible. For instance, adversaries could perform front-running–the practice of exploiting (typically non-public) information that may change the price of an asset for financial gain. In this talk we formalize, analytically exposit and empirically evaluate an augmented variant of front-running: sandwich attacks, which involve front-and back-running victim transactions on a blockchain-based DEX. We quantify the probability of an adversarial trader being able to undertake the attack, based on the relative positioning of a transaction within a blockchain block. We find that a single adversarial trader can earn a daily revenue of over several thousand USD when performing sandwich attacks on one particular DEX–Uniswap, an exchange with over 5M USD daily trading volume by June 2020. In addition to a single-adversary game, we simulate the outcome of sandwich attacks under multiple competing adversaries, to account for the real-world trading environment.