called The DAO suffered a theft of an
estimated $50 million thanks to a litany
of security problems. (Ultimately, this
theft was reversed by a networkwide
“hard-fork” upgrade.) The authors
study four classes of security vulnerabilities in Ethereum smart contracts, and
build a tool to detect them based on a
formalization of Ethereum’s operational semantics. They find that thousands
of contracts on the blockchain are potentially vulnerable to these bugs.
Clark, J., Bonneau, J., Felten, E. W., Kroll,
J.A., Miller, A. and Narayanan, A.
On decentralizing prediction markets and order
books. Workshop on the Economics of Information Security, State College, PA, 2014.
If smart-contract technology can overcome these hiccups, it could enable
decentralized commerce—that is,
various sorts of markets without intermediaries controlling them. This paper studies how one type of market—
namely, a prediction market—could
be decentralized. Prediction markets
allow market participants to trade
shares in future events (such as “Will
the U.K. initiate withdrawal from the
E.U. in the next year?”) and turn a profit
from accurate predictions. In this context the authors grapple with various
solutions to a prominent limitation of
smart contracts: they can access only
data that is on the blockchain, but
most interesting data lives outside it.
The paper also studies decentralized
order books, another ingredient of decentralized markets.
Overcoming the Pitfalls
Cryptocurrencies implement many
important ideas: digital payments
with no central authority, immutable
global ledgers, and long-running programs that have a form of agency and
wield money. These ideas are novel,
yet based on sound principles. Entrepreneurs, activists, and researchers have envisioned many powerful
applications of this technology, but
predictions of a swift revolution have
so far proved unfounded. Instead, the
community has begun the long, hard
work of integrating the technology
into Internet infrastructure and existing institutions. As we have seen,
there are pitfalls for the unwary in
Eskandari, S., Barrera, D.,
Stobert, E., Clark, J.
A first look at the usability of Bitcoin key management. Workshop on Usable Security, 2015.
This paper studies six different ways
to store and protect one’s keys, and
evaluates them on 10 different criteria encompassing security, usability,
and deployability. No solution fares
strictly better than the rest. Users may
benefit considerably from outsourc-ing the custody of their keys to hosted
wallets, which sets up a tension with
Bitcoin’s decentralized ethos. Turning to Bitcoin clients and tools, the
authors find problems with the metaphors and abstractions that they use.
This is a ripe area for research and
deployment, and innovation in usable
key management will have benefits far
beyond the world of cryptocurrencies.
One of the hottest areas within cryptocurrencies, so-called smart contracts,
are agreements between two or more
parties that can be automatically enforced without the need for an intermediary. For example, a vending machine can be seen as a smart contract
that enforces the rule that an item will
be dispensed if and only if suitable
coins are deposited. Today’s leading smart-contract platform is called
Ethereum, whose blockchain stores
long-lived programs, called contracts,
and their associated state, which includes both data and currency. These
programs are immutable just as data
on the blockchain is, and users may
interact with them with the guarantee
that the program will execute exactly
as specified. For example, a smart contract may promise a reward to anyone
who writes two integers into the blockchain whose product is RSA-2048—a
self-enforcing factorization bounty!
Luu, L., Chu, D-H., Olickel, H.,
Saxena, P., Hobor, A.
Making smart contracts smarter.
In Proceedings of ACM SIGSAC Conference
on Computer and Communications Security,
Unfortunately, expressive programming languages are difficult to reason
about. An ambitious smart contract
trade shares in
future events (such
as “Will the U.K.
from the E.U. in
the next year?”)
and turn a profit