Abstract
Traditionally, security and economics functionalities in IT financial services and protocols (FinTech) have been perceived as separate objectives. We argue that keeping them separate is a bad idea for FinTech “Decentralized Autonomous Organizations” (DAOs). In fact, security and economics are one for DAOs: we show that the failure of a security property, e.g. anonymity, can destroy a DAOs because economic attacks can be tailgated to security attacks. This is illustrated by the examples of “TheDAO” (built on the Ethereum platform) and the DAOed version of a Futures Exchange. We claim that security and economics vulnerabilities, which we named seconomics vulnerabilities, are indeed new “beasts” to be reckoned with.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
More detail on this hack can be found at http://blog.erratasec.com/2016/06/etheriumdao-hack-similfied.html.
- 2.
When invoking a contract at another Ethereum address this may have redefined its methods or the fallback method. Therefore the new redefined method will be called instead of the original expected method.
- 3.
References
Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on ethereum smart contracts. Technical report, Cryptology ePrint Archive: Report 2016/1007 (2016). https://eprint.iacr.org/2016/1007
Binder, R.V.: Testing object-oriented software: a survey. J. Softw. Test. Verif. Reliab. 6(3), 125–252 (1996)
Chakravarty, S., Stavrou, A., Keromytis, A.D.: Traffic analysis against low-latency anonymity networks using available bandwidth estimation. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 249–267. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15497-3_16
Cox, B.J.: The need for specification and testing languages. J. Object-Oriented Program. 1(2), 44–47 (1988)
Duffield, E., Diaz, D.: Dash: a privacy centric cryptocurrency (2014)
Ethereum: A next-generation smart contract and decentralized application platform (2015). https://github.com/ethereum/wiki/wiki/White-Paper. Accessed 30 Dec 2015
Massacci, F., Ngo, C.N., Nie, J., Venturi, D., Williams, J.: FuturesMEX: secure distributed futures market exchange. Submitted for publication (2017)
Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_32
Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed e-cash from bitcoin. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 397–411. IEEE (2013)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Technical report, Unknown (2008)
O’Gorman, G., Blott, S.: Improving stream correlation attacks on anonymous networks. In: Proceedings of the 2009 ACM symposium on Applied Computing, pp. 2024–2028. ACM (2009)
Sander, T., Ta-Shma, A.: Auditable, anonymous electronic cash. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 555–572. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_35
Sasson, E.B., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., Virza, M.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 459–474. IEEE (2014)
Spulber, D.F.: Market microstructure and intermediation. J. Econ. Perspect. 10(3), 135–152 (1996). http://www.jstor.org/stable/2138524
Yang, J., Cui, A., Stolfo, S., Sethumadhavan, S.: Concurrency attacks. In: Presented as part of the 4th USENIX Workshop on Hot Topics in Parallelism (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Massacci, F., Ngo, C.N., Nie, J., Venturi, D., Williams, J. (2017). The Seconomics (Security-Economics) Vulnerabilities of Decentralized Autonomous Organizations. In: Stajano, F., Anderson, J., Christianson, B., Matyáš, V. (eds) Security Protocols XXV. Security Protocols 2017. Lecture Notes in Computer Science(), vol 10476. Springer, Cham. https://doi.org/10.1007/978-3-319-71075-4_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-71075-4_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-71074-7
Online ISBN: 978-3-319-71075-4
eBook Packages: Computer ScienceComputer Science (R0)