Papers | Aviv Yaish

2024

USENIXSEC24
Speculative Denial-of-Service Attacks in Ethereum

Aviv Yaish, Kaihua Qin, Liyi Zhou, and 2 more authors

In 33rd USENIX Security Symposium (USENIX Security 24), 2024

🏆 Awarded a Flashbots bounty
🏆 Awarded an Ethereum Foundation bounty
🏆 Ranked 63rd in MLSEC’s Normalized Top-100 Security Papers list
📰 Covered by Blockworks

Abs Bib HTML PDF Blog Talk

Transaction fees compensate actors for resources expended on transactions and can only be charged from transactions included in blocks. But, the expressiveness of Turing-complete contracts implies that verifying if transactions can be included requires executing them on the current blockchain state. In this work, we show that adversaries can craft malicious transactions that decouple the work imposed on blockchain actors from the compensation offered in return. We introduce three attacks: (i) ConditionalExhaust, a conditional resource-exhaustion attack against blockchain actors. (ii) MemPurge, an attack for evicting transactions from actors’ mempools. (iii) GhostTX, an attack on the reputation system used in Ethereum’s proposer-builder separation ecosystem. We evaluate our attacks on an Ethereum testnet and find that by combining ConditionalExhaust and MemPurge, adversaries can simultaneously burden victims’ computational resources and clog their mempools to the point where victims are unable to include transactions in blocks. Thus, victims create empty blocks, thereby hurting the system’s liveness. The attack’s expected cost is $376, but becomes cheaper if adversaries are validators. For other attackers, costs decrease if censorship is prevalent in the network. ConditionalExhaust and MemPurge are made possible by inherent features of Turing-complete blockchains, and potential mitigations may result in reducing a ledger’s scalability.
@inproceedings{yaish2024speculative, author = {Yaish, Aviv and Qin, Kaihua and Zhou, Liyi and Zohar, Aviv and Gervais, Arthur}, booktitle = {33rd USENIX Security Symposium (USENIX Security 24)}, title = {Speculative Denial-of-Service Attacks in Ethereum}, year = {2024}, address = {Philadelphia, PA}, publisher = {USENIX Association}, keywords = {Ethereum, blockchain, cryptocurrencies, security, denial-of-service}, numpages = {25}, url = {https://www.usenix.org/conference/usenixsecurity24/presentation/yaish}, series = {USENIXSEC '24}, 🏆 Awarded an Ethereum Foundation bounty 🏆 Ranked 63rd in MLSEC's Normalized Top-100 Security Papers list 📰 Covered by [Blockworks](https://mail.blockworks.com/p/thursday-attacking-mailbag)} }
EC24
Barriers to Collusion-resistant Transaction Fee Mechanisms

Yotam Gafni, and Aviv Yaish

In Proceedings of the 25th ACM Conference on Economics and Computation, 2024

Abs Bib HTML PDF Blog

To allocate transactions to blocks, cryptocurrencies use an auction-like transaction fee mechanism (TFM). A conjecture of Roughgarden [Rou21] asks whether there is a TFM that is incentive compatible for both the users and the miner, and is also resistant to off-chain agreements (OCAs) between these parties, a collusion notion that captures the ability of users and the miner to jointly deviate for profit. The work of Chung and Shi [CS23] tackles the problem using the different collusion resistance notion of side-channel proofness (SCP), and shows an impossibility given this notion. We show that OCA-proofness and SCP are different, with SCP being strictly stronger. We then fully characterize the intersection of deterministic dominant strategy incentive-compatible (DSIC) and OCA-proof mechanisms, as well as deterministic MMIC and OCA-proof ones, and use this characterization to show that only the trivial mechanism is DSIC, myopic miner incentive-compatible (MMIC) and OCA-proof. We also show that a randomized mechanism can be at most 0.842-efficient in the worst case, and that the impossibility of a non-trivial DSIC, MMIC and OCA-proof extends to a couple of natural classes of randomized mechanisms.
@inproceedings{gafni2024barriers, address = {New York, NY, USA}, author = {Gafni, Yotam and Yaish, Aviv}, booktitle = {Proceedings of the 25th ACM Conference on Economics and Computation}, title = {Barriers to Collusion-resistant Transaction Fee Mechanisms}, year = {2024}, url = {https://doi.org/10.1145/3670865.3673469}, publisher = {Association for Computing Machinery}, keywords = {Optimal Auctions, Blockchain, Mechanism Design, Transaction Fee Mechanisms}, location = {New Haven, CT, USA}, series = {EC '24} }
MARBLE24
Discrete & Bayesian Transaction Fee Mechanisms

Yotam Gafni, and Aviv Yaish

In Mathematical Research for Blockchain Economy, 2024

Abs Bib HTML PDF

Cryptocurrencies employ auction-esque transaction fee mechanisms (TFMs) to allocate transactions to blocks, and to determine how much fees miners can collect from transactions. Several impossibility results show that TFMs that satisfy a standard set of "good" properties obtain low revenue, and in certain cases, no revenue at all. In this work, we circumvent previous impossibilities by showing that when desired TFM properties are reasonably relaxed, simple mechanisms can obtain strictly positive revenue. By discretizing fees, we design a TFM that satisfies the extended TFM desiderata: it is dominant strategy incentive-compatible (DSIC), myopic miner incentive-compatible (MMIC), side-contract-proof (SCP) and obtains asymptotically optimal revenue (i.e., linear in the number of allocated bids), and optimal revenue when considering separable TFMs. If instead of discretizing fees we relax the DSIC and SCP properties, we show that Bitcoin’s TFM, after applying the revelation principle, is Bayesian incentive-compatible (BIC), MMIC, off-chain-agreement (OCA) proof, and approximately revenue-optimal. We reach our results by characterizing the class of multi-item OCA-proof mechanisms, which may be of independent interest.
@inproceedings{gafni2024discrete, address = {Cham}, author = {Gafni, Yotam and Yaish, Aviv}, booktitle = {Mathematical Research for Blockchain Economy}, doi = {10.1007/978-3-031-68974-1_8}, editor = {Leonardos, Stefanos and Alfieri, Elise and Knottenbelt, William and Pardalos, Panos}, isbn = {978-3-031-68974-1}, pages = {145--171}, title = {Discrete & Bayesian Transaction Fee Mechanisms}, year = {2024}, url = {https://doi.org/10.1007/978-3-031-68974-1_8}, publisher = {Springer Nature Switzerland}, keywords = {Auctions, Mechanism Design, Incentives}, location = {Malaga, Spain}, series = {MARBLE '24} }
WWW24
Blockchain Censorship

Anton Wahrstätter, Jens Ernstberger, Aviv Yaish, and 8 more authors

In Proceedings of the ACM on Web Conference 2024, 2024

Abs Bib HTML PDF Blog

Permissionless blockchains promise resilience against censorship by a single entity. This suggests that deterministic rules, not third-party actors, decide whether a transaction is appended to the blockchain. In 2022, the U.S. ØFAC sanctioned a Bitcoin mixer and an Ethereum application, challenging the neutrality of permissionless blockchains. In this paper, we formalize, quantify, and analyze the security impact of blockchain censorship. We start by defining censorship, followed by a quantitative assessment of current censorship practices. We find that 46% of Ethereum blocks were made by censoring actors complying with OFAC sanctions, indicating the significant impact of OFAC sanctions on the neutrality of public blockchains. We discover that censorship affects not only neutrality but also security. After Ethereum’s transition to ¶oS, censored transactions faced an average delay of 85%, compromising their security and strengthening sandwich adversaries.
@inproceedings{wahrstatter2024blockchain, author = {Wahrst\"{a}tter, Anton and Ernstberger, Jens and Yaish, Aviv and Zhou, Liyi and Qin, Kaihua and Tsuchiya, Taro and Steinhorst, Sebastian and Svetinovic, Davor and Christin, Nicolas and Barczentewicz, Mikolaj and Gervais, Arthur}, booktitle = {Proceedings of the ACM on Web Conference 2024}, title = {Blockchain Censorship}, year = {2024}, address = {New York, NY, USA}, pages = {1632–1643}, publisher = {Association for Computing Machinery}, series = {WWW '24}, doi = {10.1145/3589334.3645431}, file = {:wahrstatter2023blockchain - Blockchain Censorship.pdf:PDF}, isbn = {9798400701719}, keywords = {bitcoin, blockchain, censorship, ethereum}, location = {Singapore, Singapore}, numpages = {12}, url = {https://doi.org/10.1145/3589334.3645431}, }
WWW24
Incentives in the Ether: Practical Cryptocurrency Economics & Security

Aviv Yaish

In Companion Proceedings of the ACM on Web Conference 2024, 2024

Abs Bib HTML PDF Talk

Cryptocurrencies are becoming increasingly important for the modern economy. Prior literature focuses on aligning actor incentives to ensure the secure and efficient operation of cryptocurrencies against adversarial threats that are unobserved in the wild. In this work, we address the gap between the theory and practice of cryptocurrencies by advancing realistic approaches to analyze the economics and security of key cryptocurrency components: consensus mechanisms, Transaction Fee Mechanisms (TFMs), and the application layer. We present novel models of these components that we evaluate both theoretically and using cryptocurrency clients. We augment our evaluation with the first evidence of an in-the-wild attack on a major cryptocurrency, highlighting our approach’s practicality. Results contained in our work were adopted by cryptocurrency platforms that hold user assets worth over $300 billion.
@inproceedings{yaish2024incentives, address = {New York, NY, USA}, author = {Yaish, Aviv}, booktitle = {Companion Proceedings of the ACM on Web Conference 2024}, doi = {10.1145/3589335.3651268}, isbn = {9798400701726}, keywords = {cryptocurrency, economics, mechanism design, security}, location = {Singapore, Singapore}, pages = {1230–1233}, publisher = {Association for Computing Machinery}, title = {Incentives in the Ether: Practical Cryptocurrency Economics & Security}, series = {WWW '24}, url = {https://doi.org/10.1145/3589335.3651268}, year = {2024} }
SBC24
Suboptimality in DeFi

Aviv Yaish, Maya Dotan, Kaihua Qin, and 2 more authors

In The Science of Blockchain Conference 2024, 2024

🏆 Received the 4th Annual CBER Conference’s best paper award

Abs Bib HTML PDF Talk

The decentralized finance (DeFi) ecosystem has proven to be popular in facilitating financial operations, such as token exchange and lending. The public availability of DeFi platforms’ code, together with real-time data on all user interactions with them, has given rise to complex tools that find and seize profit opportunities on behalf of users. In this work, we show that both users and the aforementioned tools sometimes act suboptimally. In specific instances which we examine, their profits can be increased by more than 100%, with the highest amount of missed revenue by a suboptimal action reaching 428.14ETH ($517K). To reach these findings, we examine core DeFi primitives which are responsible for a daily volume of over 100 million USD in Ethereum alone: (1) lending and borrowing funds, (2) using flashswaps to close arbitrage opportunities between decentralized exchanges (DEXs), (3) liquidation of insolvent loans using flashswaps. The profit which can be made from each primitive is then cast as an optimization problem that can be solved. We show that missed opportunities to make a profit are noticed by others, and are sometimes followed by back-running transactions which extract profits using similar actions. By analyzing these events, we find that some transactions are circumstantially tied to specific miners, and hypothesize they use their knowledge of private orderflow for a profit. Essentially, this is an instance of miner-extractable value (MEV) “in action”.
@conference{yaish2024suboptimality, author = {Yaish, Aviv and Dotan, Maya and Qin, Kaihua and Zohar, Aviv and Gervais, Arthur}, conferencetitle = {The Science of Blockchain Conference 2024}, url = {https://ia.cr/2023/892}, keywords = {Cryptocurrency, Blockchain, DeFi, Miner Extractable Value}, numpages = {25}, title = {Suboptimality in DeFi}, year = {2024}, }
2024
Strategic Vote Timing in Elections With Public Tallies

Aviv Yaish, Svetlana Abramova, and Rainer Böhme

2024

Abs Bib HTML PDF

We study the effect of public tallies on elections, in a setting where voting is costly and voters are allowed to strategically time their votes. The strategic importance of choosing \emphwhen to vote arises when votes are public, such as in online event scheduling polls (e. g., Doodle), or in blockchain governance mechanisms. In particular, there is a tension between voting early to influence future votes and waiting to observe interim results and avoid voting costs if the outcome has already been decided. Our study draws on empirical findings showing that “temporal” bandwagon effects occur when interim results are revealed to the electorate: late voters are more likely to vote for leading candidates. To capture this phenomenon, we analyze a novel model where the electorate consists of informed voters who have a preferred candidate, and uninformed swing voters who can be swayed according to the interim outcome at the time of voting. In our main results, we prove the existence of equilibria where both early and late voting occur with a positive probability, and we characterize conditions that lead to the appearance of “last minute” voting behavior, where all informed voters vote late.
@misc{yaish2024strategic, author = {Yaish, Aviv and Abramova, Svetlana and Böhme, Rainer}, title = {Strategic Vote Timing in Elections With Public Tallies}, year = {2024}, url = {https://doi.org/10.48550/arXiv.2402.09776}, }

2024

Mechanism Design for ZK-Rollup Prover Markets

Wenhao Wang, Lulu Zhou, Aviv Yaish, and 3 more authors

2024

@misc{wang2024mechanism,
  title = {Mechanism Design for ZK-Rollup Prover Markets},
  author = {Wang, Wenhao and Zhou, Lulu and Yaish, Aviv and Zhang, Fan and Fisch, Ben and Livshits, Benjamin},
  year = {2024},
  eprint = {2404.06495},
  archiveprefix = {arXiv},
  primaryclass = {cs.GT},
  url = {https://doi.org/10.48550/arXiv.2404.06495},
}

2024
Competitive Revenue Extraction from Time-Discounted Transactions in the Semi-Myopic Regime

Yotam Gafni, and Aviv Yaish

2024

Abs Bib HTML PDF

Decentralized cryptocurrencies are payment systems that rely on aligning the incentives of users and miners to operate correctly and offer a high quality of service to users. Recent literature studies the mechanism design problem of the auction serving as a cryptocurrency’s transaction fee mechanism (TFM). We find that a non-myopic modelling of miners falls close to another well-known problem: that of online buffer management for packet switching. The main difference is that unlike packets which are of a fixed size throughout their lifetime, in a financial environment, user preferences (and therefore revenue extraction) may be time-dependent. We study the competitive ratio guarantees given a certain discount rate, and show how existing methods from packet scheduling, which we call "the undiscounted case", perform suboptimally in the more general discounted setting. Most notably, we find a novel, simple, memoryless, and optimal deterministic algorithm for the semi-myopic case, when the discount factor is up to ≈ 0.770018. We also present a randomized algorithm that achieves better performance than the best possible deterministic algorithm, for any discount rate.
@misc{gafni2024competitive, author = {Gafni, Yotam and Yaish, Aviv}, title = {Competitive Revenue Extraction from Time-Discounted Transactions in the Semi-Myopic Regime}, year = {2024}, url = {https://doi.org/10.48550/arXiv.2402.08549}, }
2024
TierDrop: Harnessing Airdrop Farmers for User Growth

Aviv Yaish, and Benjamin Livshits

Jul 2024

arXiv:2407.01176 [cs] type: article

Abs Bib HTML PDF

Blockchain platforms attempt to expand their user base by awarding tokens to users, a practice known as issuing airdrops. Empirical data and related work implies that previous airdrops fall short of their stated aim of attracting long-term users, partially due to adversarial farmers who game airdrop mechanisms and receive an outsize share of rewards. In this work, we argue that given the futility of fighting farmers, the airdrop business model should be reconsidered: farmers should be harnessed to generate activity that attracts real users, i.e., strengthens network effects. To understand the impact of farmers on airdrops, we analyze their performance in a market inhabited by two competing platforms and two tiers of users: real users and farmers. We show that counterintuitively, farmers sometimes represent a necessary evil-it can be revenue-optimal for airdrop issuers to give some tokens to farmers, even in the hypothetical case where platforms could costlessly detect and banish all farmers. Although we focus on airdrops, our results generally apply to activity-based incentive schemes.
@misc{yaish2024tierdrop, author = {Yaish, Aviv and Livshits, Benjamin}, doi = {10.48550/arXiv.2407.01176}, month = jul, title = {{TierDrop}: {Harnessing} {Airdrop} {Farmers} for {User} {Growth}}, year = {2024}, keywords = {Computer Science - Computer Science and Game Theory}, url = {https://doi.org/10.48550/arXiv.2407.01176}, }

2023

CCS23
Uncle Maker: (Time)Stamping Out The Competition in Ethereum

Aviv Yaish, Gilad Stern, and Aviv Zohar

In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, Jul 2023

🏆 Received an ACM CCS distinguished paper award
📰 Covered by International Business Times, CryptoSlate, Cointelegraph

Abs Bib HTML PDF Blog Poster Talk

We present an attack on Ethereum’s consensus mechanism which can be used by miners to obtain consistently higher mining rewards compared to the honest protocol. This attack is novel in that it does not entail withholding blocks or any behavior which has a non-zero probability of earning less than mining honestly, in contrast with the existing literature. This risk-less attack relies instead on manipulating block timestamps, and carefully choosing whether and when to do so. We present this attack as an algorithm, which we then analyze to evaluate the revenue a miner obtains from it, and its effect on a miner’s absolute and relative share of the main-chain blocks. The attack allows an attacker to replace competitors’ main-chain blocks after the fact with a block of its own, thus causing the replaced block’s miner to lose all transactions fees for the transactions contained within the block, which will be demoted from the main-chain. This block, although “kicked-out” of the main-chain, will still be eligible to be referred to by other main-chain blocks, thus becoming what is commonly called in Ethereum an uncle. We proceed by defining multiple variants of this attack, and assessing whether any of these attacks has been performed in the wild. Surprisingly, we find that this is indeed true, making this the first case of a confirmed consensus-level manipulation performed on a major cryptocurrency. Additionally, we implement a variant of this attack as a patch for geth, Ethereum’s most popular client, making it the first consensus-level attack on Ethereum which is implemented as a patch. Finally, we suggest concrete fixes for Ethereum’s protocol and implemented them as a patch for geth which can be adopted quickly and mitigate the attack and its variants.
@inproceedings{yaish2023uncle, author = {Yaish, Aviv and Stern, Gilad and Zohar, Aviv}, booktitle = {Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security}, keywords = {decentralized finance, proof of work, blockchain, cryptocurrency}, series = {CCS '23}, title = {Uncle Maker: (Time)Stamping Out The Competition in Ethereum}, year = {2023}, 📰 Covered by [International Business Times](https://www.ibtimes.com/f2pool-boss-talks-about-suspected-foul-play-ethereum-mining-system-3599577), [CryptoSlate](https://cryptoslate.com/researchers-say-they-discovered-consensus-level-attack-on-ethereum-miners-cheating-the-system-to-earn-more/), [Cointelegraph](https://cointelegraph.com/news/f2pool-co-founder-responds-to-allegations-it-s-cheating-the-ethereum-pow-system)} }
DeFi@CCS23
The Vulnerable Nature of Decentralized Governance in DeFi

Maya Dotan, Aviv Yaish, Hsin-Chu Yin, and 2 more authors

In Proceedings of the 2023 Workshop on Decentralized Finance and Security, Jul 2023

Abs Bib HTML PDF Blog

Decentralized Finance (DeFi) platforms are often governed by Decentralized Autonomous Organizations (DAOs) which are implemented via governance protocols. Governance tokens are distributed to users of the platform, granting them voting rights in the platform’s governance protocol.Many DeFi platforms have already been subject to attacks resulting in the loss of millions of dollars in user funds. In this paper we show that governance tokens are often not used as intended and may be harmful to the security of DeFi platforms. We show that (1) users often do not use governance tokens to vote, (2) that voting rates are negatively correlated to gas prices, (3) voting is very centralized. We explore vulnerabilities in the design of DeFi platform’s governance protocols and analyze different governance attacks, focusing on the transferable nature of voting rights via governance tokens. Following the movement and holdings of governance tokens, we show they are often used to perform a single action and then sold off. We present evidence of DeFi platforms using other platforms’ governance protocols to promote their own agenda at the expense of the host platform.
@inproceedings{dotan2023vulnerable, address = {New York, NY, USA}, author = {Dotan, Maya and Yaish, Aviv and Yin, Hsin-Chu and Tsytkin, Eytan and Zohar, Aviv}, booktitle = {Proceedings of the 2023 Workshop on Decentralized Finance and Security}, doi = {10.1145/3605768.3623539}, file = {:dotan2023vulnerable - The Vulnerable Nature of Decentralized Governance in DeFi.pdf:PDF}, isbn = {9798400702617}, keywords = {decentralized finance, blockchains, governance}, location = {Copenhagen, Denmark}, numpages = {7}, pages = {25–31}, publisher = {Association for Computing Machinery}, series = {DeFi@CCS '23}, title = {The Vulnerable Nature of Decentralized Governance in DeFi}, url = {https://doi.org/10.1145/3605768.3623539}, year = {2023} }
IGTC23
Greedy Transaction Fee Mechanisms for (Non-)myopic Miners

Yotam Gafni, and Aviv Yaish

In 12th Annual Conference of the Israeli Chapter of the Game Theory Society, Jul 2023

Abs Bib HTML PDF Blog Poster

Decentralized cryptocurrencies are payment systems that rely on aligning the incentives of users and miners to operate correctly and offer a high quality of service to users. Recent literature studies the mechanism design problem of the auction serving as a cryptocurrency’s transaction fee mechanism (TFM). We present a general framework that captures both myopic and non-myopic settings, as well as different possible strategic models for users. Within this general framework, when restricted to the myopic case, we show that while the mechanism that requires a user to "pay-as-bid", and greedily chooses among available transactions based on their fees, is not dominant strategy incentive-compatible for users, it has a Bayesian-Nash equilibrium where bids are slightly shaded. Relaxing this incentive compatibility requirement circumvents the impossibility results proven by previous works, and allows for an approximately revenue and welfare optimal, myopic miner incentive-compatible (MMIC), and off-chain-agreement (OCA)-proof mechanism. We prove these guarantees using different benchmarks, and show that the pay-as-bid greedy auction is the revenue optimal Bayesian incentive-compatible, MMIC and 1-OCA-proof mechanism among a large class of mechanisms. We move beyond the myopic setting explored in the literature, to one where users offer transaction fees for their transaction to be accepted, as well as report their urgency level by specifying the time to live of the transaction, after which it expires. We analyze pay-as-bid mechanisms in this setting, and show the competitive ratio guarantees provided by the greedy allocation rule. We then present a better-performing non-myopic rule, and analyze its competitive ratio. The above analysis is stated in terms of a cryptocurrency TFM, but applies to other settings, such as cloud computing and decentralized "gig" economy, as well.
@conference{gafni2023greedy, author = {Gafni, Yotam and Yaish, Aviv}, conferencetitle = {12th Annual Conference of the Israeli Chapter of the Game Theory Society}, keywords = {Optimal Auctions, Blockchain, Mechanism Design, Transaction Fee Mechanisms}, numpages = {38}, title = {Greedy Transaction Fee Mechanisms for (Non-)myopic Miners}, year = {2023} }
AFT23
Correct Cryptocurrency ASIC Pricing: Are Miners Overpaying?

Aviv Yaish, and Aviv Zohar

In 5th Conference on Advances in Financial Technologies, Jul 2023

Abs Bib HTML PDF Blog Poster Talk

Cryptocurrencies that are based on Proof-of-Work (PoW) often rely on special purpose hardware to perform so-called mining operations that secure the system, with miners receiving freshly minted tokens as a reward for their work. A notable example of such a cryptocurrency is Bitcoin, which is primarily mined using application specific integrated circuit (ASIC) based machines. Due to the supposed profitability of cryptocurrency mining, such hardware has been in great demand in recent years, in-spite of high associated costs like electricity. In this work, we show that because mining rewards are given in the mined cryptocurrency, while expenses are usually paid in some fiat currency such as the United States Dollar (USD), cryptocurrency mining is in fact a bundle of financial options. When exercised, each option converts electricity to tokens. We provide a method of pricing mining hardware based on this insight, and prove that any other price creates arbitrage. Our method shows that contrary to the popular belief that mining hardware is worth less if the cryptocurrency is highly volatile, the opposite effect is true: volatility increases value. Thus, if a coin’s volatility decreases, some miners may leave, affecting security. We compare the prices produced by our method to prices obtained from popular tools currently used by miners and show that the latter only consider the expected returns from mining, while neglecting to account for the inherent risk in mining, which is due to the high exchange-rate volatility of cryptocurrencies. Finally, we show that the returns made from mining can be imitated by trading in bonds and coins, and create such imitating investment portfolios. Historically, realized revenues of these portfolios have outperformed mining, showing that indeed hardware is mispriced.
@inproceedings{yaish2023correct, address = {Dagstuhl, Germany}, annote = {Keywords: Cryptocurrency, Blockchain, Proof of Work, Economics}, author = {Yaish, Aviv and Zohar, Aviv}, booktitle = {5th Conference on Advances in Financial Technologies}, doi = {10.4230/LIPIcs.AFT.2023.2}, editor = {Bonneau, Joseph and Weinberg, S. Matthew}, isbn = {978-3-95977-303-4}, issn = {1868-8969}, pages = {2:1--2:25}, publisher = {Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik}, series = {Leibniz International Proceedings in Informatics (LIPIcs)}, title = {Correct Cryptocurrency ASIC Pricing: Are Miners Overpaying?}, url = {https://doi.org/10.4230/LIPIcs.AFT.2023.2}, volume = {282}, year = {2023} }
2023
Airdrops: Giving Money Away Is Harder Than It Seems

Johnnatan Messias^*, Aviv Yaish^*, and Benjamin Livshits

Jul 2023

Equal contribution denoted by ^*.

Abs Bib HTML PDF

Airdrops are used by blockchain applications and platforms to attract an initial user base, and to grow the user base over time. In the case of many airdrops, tokens are distributed to select users as a "reward" for interacting with the underlying platform, with a long-term goal of creating a loyal community that will generate genuine economic activity well after the airdrop has been completed. Although airdrops are widely used by the blockchain industry, a proper understanding of the factors contributing to an airdrop’s success is generally lacking. In this work, we outline the design space for airdrops, and specify a reasonable list of outcomes that an airdrop should ideally result in. We then analyze on-chain data from several larger-scale airdrops to empirically evaluate the success of previous airdrops, with respect to our desiderata. In our analysis, we demonstrate that airdrop farmers frequently dispose of the lion’s share of airdrops proceeds via exchanges. Our analysis is followed by an overview of common pitfalls that common airdrop designs lend themselves to, which are then used to suggest concrete guidelines for better airdrops.
@misc{messias2023airdrops, archiveprefix = {arXiv}, author = {Messias{$^{*}$}, Johnnatan and Yaish{$^{*}$}, Aviv and Livshits, Benjamin}, eprint = {2312.02752}, primaryclass = {cs.CR}, title = {Airdrops: Giving Money Away Is Harder Than It Seems}, url = {https://doi.org/10.48550/arXiv.2312.02752}, year = {2023} }

2022

EC22
Blockchain Stretching & Squeezing: Manipulating Time for Your Best Interest

Aviv Yaish, Saar Tochner, and Aviv Zohar

In Proceedings of the 23rd ACM Conference on Economics and Computation, Jul 2022

🏆 Awarded an Ethereum Foundation bounty

Abs Bib HTML PDF Blog Talk

We present a novel way for cryptocurrency miners to manipulate the effective interest-rate on loans or deposits they make on decentralized finance (DeFi) platforms by manipulating difficulty-adjustment algorithms (DAAs) and changing the block-rate. This presents a new class of strategic manipulations available to miners. These manipulations allow miners to stretch and squeeze the time between consecutive blocks. We analyze these manipulations both analytically and empirically, and show that a 25% miner can stretch the time between consecutive blocks by up to 54% in Ethereum and 33% in Bitcoin, and squeeze it by up to 9% in Ethereum. Ethereum is particularly vulnerable, and even relatively small miners can seriously affect the block-rate. An interesting application of these manipulations is to create an artificial interest-rate gap between loans taken from one DeFi platform which accrues interest according to block height (such as Compound) and deposited in some other platform that does so according to elapsed time (like a bank, or other DeFi platforms such as Aave). Hence, stretching and squeezing the block-rate can decrease the interest paid on DeFi loans relative to external financial platforms. The profit made from this interest-rate gap provides a large incentive for miners to deviate. For example, a 25% Ethereum miner using our manipulations can increase mining profits by up to 35%, even after taking potential losses into consideration, such as less block-rewards. Our analysis of these manipulations and their mitigations has broad implications with regards to commonly-used cryptocurrency mechanisms and paradigms, such as Ethereum’s difficulty-adjustment algorithm and reward schemes, with Ethereum’s handling of uncle blocks being particularly manipulable. Interestingly, Bitcoin’s mechanism is more resistant Ethereum’s, owing to its larger incentives and a more resilient DAA.
@inproceedings{yaish2022blockchain, address = {New York, NY, USA}, author = {Yaish, Aviv and Tochner, Saar and Zohar, Aviv}, booktitle = {Proceedings of the 23rd ACM Conference on Economics and Computation}, doi = {10.1145/3490486.3538250}, isbn = {9781450391504}, keywords = {decentralized finance, proof of work, blockchain, cryptocurrency}, location = {Boulder, CO, USA}, numpages = {24}, pages = {65–88}, publisher = {Association for Computing Machinery}, series = {EC '22}, title = {Blockchain Stretching & Squeezing: Manipulating Time for Your Best Interest}, url = {https://doi.org/10.1145/3490486.3538250}, year = {2022}, }