Skip to main content
SpringerLink
Log in
Book cover

Cambridge International Workshop on Security Protocols

Security Protocols 2017: Security Protocols XXV pp 171–179Cite as

The Seconomics (Security-Economics) Vulnerabilities of Decentralized Autonomous Organizations

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10476))

Abstract

Traditionally, security and economics functionalities in IT financial services and protocols (FinTech) have been perceived as separate objectives. We argue that keeping them separate is a bad idea for FinTech “Decentralized Autonomous Organizations” (DAOs). In fact, security and economics are one for DAOs: we show that the failure of a security property, e.g. anonymity, can destroy a DAOs because economic attacks can be tailgated to security attacks. This is illustrated by the examples of “TheDAO” (built on the Ethereum platform) and the DAOed version of a Futures Exchange. We claim that security and economics vulnerabilities, which we named seconomics vulnerabilities, are indeed new “beasts” to be reckoned with.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    More detail on this hack can be found at http://blog.erratasec.com/2016/06/etheriumdao-hack-similfied.html.

  2. 2.

    When invoking a contract at another Ethereum address this may have redefined its methods or the fallback method. Therefore the new redefined method will be called instead of the original expected method.

  3. 3.

    Available at https://ethereumclassic.github.io/assets/ETC_Declaration_of_Independence.pdf.

References

  1. Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on ethereum smart contracts. Technical report, Cryptology ePrint Archive: Report 2016/1007 (2016). https://eprint.iacr.org/2016/1007

  2. Binder, R.V.: Testing object-oriented software: a survey. J. Softw. Test. Verif. Reliab. 6(3), 125–252 (1996)

    Article  Google Scholar 

  3. Chakravarty, S., Stavrou, A., Keromytis, A.D.: Traffic analysis against low-latency anonymity networks using available bandwidth estimation. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 249–267. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15497-3_16

    Chapter  Google Scholar 

  4. Cox, B.J.: The need for specification and testing languages. J. Object-Oriented Program. 1(2), 44–47 (1988)

    Google Scholar 

  5. Duffield, E., Diaz, D.: Dash: a privacy centric cryptocurrency (2014)

    Google Scholar 

  6. Ethereum: A next-generation smart contract and decentralized application platform (2015). https://github.com/ethereum/wiki/wiki/White-Paper. Accessed 30 Dec 2015

  7. Massacci, F., Ngo, C.N., Nie, J., Venturi, D., Williams, J.: FuturesMEX: secure distributed futures market exchange. Submitted for publication (2017)

    Google Scholar 

  8. Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_32

    Google Scholar 

  9. Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed e-cash from bitcoin. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 397–411. IEEE (2013)

    Google Scholar 

  10. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Technical report, Unknown (2008)

    Google Scholar 

  11. O’Gorman, G., Blott, S.: Improving stream correlation attacks on anonymous networks. In: Proceedings of the 2009 ACM symposium on Applied Computing, pp. 2024–2028. ACM (2009)

    Google Scholar 

  12. Sander, T., Ta-Shma, A.: Auditable, anonymous electronic cash. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 555–572. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_35

    Google Scholar 

  13. Sasson, E.B., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., Virza, M.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 459–474. IEEE (2014)

    Google Scholar 

  14. Spulber, D.F.: Market microstructure and intermediation. J. Econ. Perspect. 10(3), 135–152 (1996). http://www.jstor.org/stable/2138524

    Article  Google Scholar 

  15. Yang, J., Cui, A., Stolfo, S., Sethumadhavan, S.: Concurrency attacks. In: Presented as part of the 4th USENIX Workshop on Hot Topics in Parallelism (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Engineering and Computer Science, University of Trento, Trento, Italy

    Fabio Massacci, Chan Nam Ngo & Jing Nie

  2. Computer Science Department, Sapienza University of Rome, Rome, Italy

    Daniele Venturi

  3. Durham University Business School, Durham, UK

    Julian Williams

Authors
  1. Fabio Massacci
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chan Nam Ngo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jing Nie
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Daniele Venturi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Julian Williams
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chan Nam Ngo .

Editor information

Editors and Affiliations

  1. University of Cambridge, Cambridge, United Kingdom

    Frank Stajano

  2. Memorial University of Newfoundland, St. John’s, Newfoundland and Labrador, Canada

    Jonathan Anderson

  3. University of Hertfordshire, Hatfield, United Kingdom

    Bruce Christianson

  4. Masaryk University, Brno, Czech Republic

    Vashek Matyáš

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Massacci, F., Ngo, C.N., Nie, J., Venturi, D., Williams, J. (2017). The Seconomics (Security-Economics) Vulnerabilities of Decentralized Autonomous Organizations. In: Stajano, F., Anderson, J., Christianson, B., Matyáš, V. (eds) Security Protocols XXV. Security Protocols 2017. Lecture Notes in Computer Science(), vol 10476. Springer, Cham. https://doi.org/10.1007/978-3-319-71075-4_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-71075-4_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-71074-7

  • Online ISBN: 978-3-319-71075-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation