-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmythesis.toc
139 lines (139 loc) · 11.2 KB
/
mythesis.toc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
\babel@toc {english}{}
\contentsline {chapter}{List of Figures}{x}{section*.4}%
\contentsline {chapter}{List of Tables}{xi}{section*.6}%
\contentsline {chapter}{\numberline {1}Introduction}{1}{chapter.1}%
\contentsline {section}{\numberline {1.1}Motivation}{1}{section.1.1}%
\contentsline {section}{\numberline {1.2}Thesis Statement}{2}{section.1.2}%
\contentsline {section}{\numberline {1.3}Outline and Contributions}{3}{section.1.3}%
\contentsline {chapter}{\numberline {2}Background}{5}{chapter.2}%
\contentsline {section}{\numberline {2.1}Ethereum Background}{5}{section.2.1}%
\contentsline {section}{\numberline {2.2}Smart Contracts}{6}{section.2.2}%
\contentsline {subsection}{\numberline {2.2.1}Sending ETH between EOAs}{7}{subsection.2.2.1}%
\contentsline {subsection}{\numberline {2.2.2}Creating a new Contract Account.}{8}{subsection.2.2.2}%
\contentsline {subsection}{\numberline {2.2.3}Calling a \textit {Contract Account} to execute a function}{10}{subsection.2.2.3}%
\contentsline {paragraph}{Transaction creation by EOA.}{10}{section*.8}%
\contentsline {paragraph}{Execution Process. }{10}{section*.9}%
\contentsline {section}{\numberline {2.3}Other Ethereum Details}{11}{section.2.3}%
\contentsline {subsection}{\numberline {2.3.1}Run-time Bytecode vs. Contract Creation Code}{11}{subsection.2.3.1}%
\contentsline {subsection}{\numberline {2.3.2}Storage Layout in EVM}{12}{subsection.2.3.2}%
\contentsline {subsection}{\numberline {2.3.3}Transaction vs. Message}{13}{subsection.2.3.3}%
\contentsline {subsection}{\numberline {2.3.4}Off-chain Access to the Blockchain Data}{13}{subsection.2.3.4}%
\contentsline {section}{\numberline {2.4}Ethereum Use-cases}{14}{section.2.4}%
\contentsline {paragraph}{The Oracle Problem.}{15}{section*.10}%
\contentsline {paragraph}{Trusted Third Parties.}{15}{section*.11}%
\contentsline {subsection}{\numberline {2.4.1}Stablecoins/Synthetic Assets}{16}{subsection.2.4.1}%
\contentsline {subsection}{\numberline {2.4.2}Decentralized Exchange (DeX)}{16}{subsection.2.4.2}%
\contentsline {subsection}{\numberline {2.4.3}Lending}{17}{subsection.2.4.3}%
\contentsline {subsection}{\numberline {2.4.4}Ethereum Name Service (ENS)}{18}{subsection.2.4.4}%
\contentsline {subsection}{\numberline {2.4.5}Derivatives}{18}{subsection.2.4.5}%
\contentsline {subsection}{\numberline {2.4.6}Yield Farming}{19}{subsection.2.4.6}%
\contentsline {subsection}{\numberline {2.4.7}Privacy Tools}{19}{subsection.2.4.7}%
\contentsline {subsection}{\numberline {2.4.8}Liquidation}{19}{subsection.2.4.8}%
\contentsline {chapter}{\numberline {3}Upgradeability of Smart Contracts on Ethereum}{21}{chapter.3}%
\contentsline {section}{\numberline {3.1}Introductory Remarks}{21}{section.3.1}%
\contentsline {section}{\numberline {3.2}Contributions and Related Work}{23}{section.3.2}%
\contentsline {section}{\numberline {3.3}Classification of Upgrade Patterns}{23}{section.3.3}%
\contentsline {paragraph}{Updating vs. upgrading.}{23}{section*.12}%
\contentsline {subsection}{\numberline {3.3.1}Parameter Configuration}{24}{subsection.3.3.1}%
\contentsline {subsection}{\numberline {3.3.2}Functional Component Change}{25}{subsection.3.3.2}%
\contentsline {subsection}{\numberline {3.3.3}Consensus Override}{26}{subsection.3.3.3}%
\contentsline {subsection}{\numberline {3.3.4}Contract Migration}{27}{subsection.3.3.4}%
\contentsline {subsection}{\numberline {3.3.5}\texttt {CREATE2}-based Metamorphosis}{27}{subsection.3.3.5}%
\contentsline {subsection}{\numberline {3.3.6}\texttt {CALL}-based Data Separation}{29}{subsection.3.3.6}%
\contentsline {subsection}{\numberline {3.3.7}\texttt {DELEGATECALL}-based Data Separation}{30}{subsection.3.3.7}%
\contentsline {section}{\numberline {3.4}Evaluation Framework}{32}{section.3.4}%
\contentsline {subsection}{\numberline {3.4.1}Properties}{33}{subsection.3.4.1}%
\contentsline {subsubsection}{Can replace entire logic}{33}{section*.15}%
\contentsline {subsubsection}{No need to migrate state from old contract}{33}{section*.16}%
\contentsline {subsubsection}{User endpoint address not changed}{34}{section*.17}%
\contentsline {subsubsection}{No need to instrument source}{34}{section*.18}%
\contentsline {subsubsection}{No need to deploy a new contract}{34}{section*.19}%
\contentsline {subsubsection}{No indirection between contracts}{34}{section*.20}%
\contentsline {subsubsection}{No downtime to upgrade}{35}{section*.21}%
\contentsline {subsubsection}{Function Selector Clashes}{35}{section*.22}%
\contentsline {subsubsection}{Storage Clashes}{35}{section*.23}%
\contentsline {subsection}{\numberline {3.4.2}Take-Aways}{35}{subsection.3.4.2}%
\contentsline {subsection}{\numberline {3.4.3}Speed of an Upgrade}{35}{subsection.3.4.3}%
\contentsline {subsection}{\numberline {3.4.4}Cost of Upgrade}{37}{subsection.3.4.4}%
\contentsline {subsection}{\numberline {3.4.5}Gas Overhead for Users}{38}{subsection.3.4.5}%
\contentsline {subsection}{\numberline {3.4.6}Useability}{38}{subsection.3.4.6}%
\contentsline {subsection}{\numberline {3.4.7}Dealing with two New Versions of a Dapp}{39}{subsection.3.4.7}%
\contentsline {subsection}{\numberline {3.4.8}System Complexity}{40}{subsection.3.4.8}%
\contentsline {section}{\numberline {3.5}Finding Upgradeable Contracts}{41}{section.3.5}%
\contentsline {subsection}{\numberline {3.5.1}Methodology}{42}{subsection.3.5.1}%
\contentsline {paragraph}{Finding proxies.}{42}{section*.25}%
\contentsline {paragraph}{Distinguishing forwarders and upgradeability patterns.}{43}{section*.26}%
\contentsline {subsection}{\numberline {3.5.2}Assignment Checker Module}{45}{subsection.3.5.2}%
\contentsline {subsection}{\numberline {3.5.3}Results}{48}{subsection.3.5.3}%
\contentsline {section}{\numberline {3.6}Finding the Admin}{48}{section.3.6}%
\contentsline {subsection}{\numberline {3.6.1}Methodology}{50}{subsection.3.6.1}%
\contentsline {paragraph}{Finding the admin account's address.}{50}{section*.30}%
\contentsline {paragraph}{Finding the admin type.}{50}{section*.31}%
\contentsline {subsubsection}{EIP-1967.}{51}{section*.32}%
\contentsline {subsubsection}{Non EIP-1967.}{52}{section*.33}%
\contentsline {subsection}{\numberline {3.6.2}Results}{54}{subsection.3.6.2}%
\contentsline {section}{\numberline {3.7}Attacking Universal Upgradeable Proxy Standard (UUPS) Contracts}{55}{section.3.7}%
\contentsline {section}{\numberline {3.8}Concluding Remarks}{58}{section.3.8}%
\contentsline {chapter}{\numberline {4}Oracles: From the Ground Truth to Market Manipulation}{60}{chapter.4}%
\contentsline {section}{\numberline {4.1}Introduction}{60}{section.4.1}%
\contentsline {section}{\numberline {4.2}Preliminaries}{61}{section.4.2}%
\contentsline {paragraph}{Methodology.}{62}{section*.35}%
\contentsline {paragraph}{Oracle Use-Cases.}{62}{section*.36}%
\contentsline {section}{\numberline {4.3}Related Work}{63}{section.4.3}%
\contentsline {section}{\numberline {4.4}Modular Work Flow}{64}{section.4.4}%
\contentsline {subsection}{\numberline {4.4.1}Ground Truth}{65}{subsection.4.4.1}%
\contentsline {subsection}{\numberline {4.4.2}Data Sources}{67}{subsection.4.4.2}%
\contentsline {subsubsection}{Humans.}{67}{section*.38}%
\contentsline {subsubsection}{Sensors.}{68}{section*.39}%
\contentsline {subsubsection}{Databases and application programming interfaces (APIs).}{68}{section*.40}%
\contentsline {subsubsection}{Smart Contracts.}{69}{section*.41}%
\contentsline {subsection}{\numberline {4.4.3}Data Feeders}{70}{subsection.4.4.3}%
\contentsline {subsubsection}{Source Authentication.}{70}{section*.42}%
\contentsline {subsubsection}{Confidentiality.}{71}{section*.43}%
\contentsline {subsubsection}{Non-Repudiation.}{72}{section*.44}%
\contentsline {subsection}{\numberline {4.4.4}Selection of Data Feeders}{72}{subsection.4.4.4}%
\contentsline {subsubsection}{Centralized (Allowlist) Selection.}{73}{section*.46}%
\contentsline {subsubsection}{Decentralized (Allowlist) Selection through Voting.}{73}{section*.47}%
\contentsline {subsubsection}{Decentralized Selection through Staking.}{74}{section*.48}%
\contentsline {subsubsection}{Evaluation Framework on the selection of data feeders}{76}{section*.49}%
\contentsline {subsection}{\numberline {4.4.5}Aggregation of Data Feeds}{77}{subsection.4.4.5}%
\contentsline {subsubsection}{Statistical Measures.}{78}{section*.50}%
\contentsline {subsubsection}{Stale Data.}{79}{section*.51}%
\contentsline {subsection}{\numberline {4.4.6}Dispute Phase}{79}{subsection.4.4.6}%
\contentsline {subsubsection}{Provider-level and Data-level Vetting}{80}{section*.52}%
\contentsline {subsubsection}{Determining the Truth}{80}{section*.53}%
\contentsline {subsubsection}{Consequences for Incorrect Data}{82}{section*.55}%
\contentsline {subsubsection}{Consequences for Data Feeder}{83}{section*.56}%
\contentsline {subsection}{\numberline {4.4.7}Classification of Current Oracle Projects}{84}{subsection.4.4.7}%
\contentsline {section}{\numberline {4.5}Interacting with the Blockchain}{85}{section.4.5}%
\contentsline {subsection}{\numberline {4.5.1}Off-chain Infrastructure}{87}{subsection.4.5.1}%
\contentsline {subsubsection}{Monitoring the Blockchain}{87}{section*.58}%
\contentsline {subsubsection}{Connection to Data Source}{87}{section*.59}%
\contentsline {subsubsection}{Data Feeders Network}{88}{section*.60}%
\contentsline {subsubsection}{Transaction Creation}{88}{section*.61}%
\contentsline {subsection}{\numberline {4.5.2}Blockchain Infrastructure}{89}{subsection.4.5.2}%
\contentsline {subsubsection}{Blockchain Node}{89}{section*.62}%
\contentsline {subsubsection}{Block Creation}{90}{section*.63}%
\contentsline {subsubsection}{Consensus}{91}{section*.64}%
\contentsline {subsection}{\numberline {4.5.3}Smart Contracts}{92}{subsection.4.5.3}%
\contentsline {subsubsection}{Oracle Interaction Models}{92}{section*.65}%
\contentsline {subsubsection}{Oracle's Smart Contract}{93}{section*.66}%
\contentsline {paragraph}{Implementation Flaws}{93}{section*.67}%
\contentsline {paragraph}{Governance}{94}{section*.68}%
\contentsline {subsubsection}{Data Consumer Smart Contract}{95}{section*.69}%
\contentsline {section}{\numberline {4.6}Concluding Remarks}{96}{section.4.6}%
\contentsline {chapter}{\numberline {5}Stablecoins and Synthetic Assets in DeFi}{98}{chapter.5}%
\contentsline {section}{\numberline {5.1}Introductory Remarks}{98}{section.5.1}%
\contentsline {paragraph}{Relation to Dai.}{99}{section*.70}%
\contentsline {section}{\numberline {5.2}Contributions and Related Work}{100}{section.5.2}%
\contentsline {section}{\numberline {5.3}Financial Characteristics}{102}{section.5.3}%
\contentsline {subsection}{\numberline {5.3.1}How Much Should You Pay for a Black Coin?}{102}{subsection.5.3.1}%
\contentsline {subsection}{\numberline {5.3.2}Why Would You Want a Red Coin?}{104}{subsection.5.3.2}%
\contentsline {section}{\numberline {5.4}Research Agenda: Extending Red-Black Coins}{104}{section.5.4}%
\contentsline {subsection}{\numberline {5.4.1}Fungibility}{105}{subsection.5.4.1}%
\contentsline {subsection}{\numberline {5.4.2}Redemption}{106}{subsection.5.4.2}%
\contentsline {subsection}{\numberline {5.4.3}Under-collateralization}{107}{subsection.5.4.3}%
\contentsline {subsection}{\numberline {5.4.4}Autonomy}{108}{subsection.5.4.4}%
\contentsline {section}{\numberline {5.5}Concluding Remarks}{109}{section.5.5}%
\contentsline {chapter}{\numberline {6}Conclusion and Future Work}{110}{chapter.6}%
\contentsline {chapter}{Bibliography}{112}{section*.73}%