SaTC: CORE: Medium: Proactive and Reactive Mechanisms for Safer Smart Contracts

SaTC：核心：中：更安全的智能合约的主动和反应机制

• 批准号: 1704615
• 负责人: Ari Juels
• 金额: $ 119.99万
• 依托单位: Cornell University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-08-01 至 2022-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1704615&HistoricalAwards=false
• 关键词: SaTC; CORE; Medium; Proactive; Reactive

Smart contracts are autonomously executing programs that can manipulate digital assets. Their key capability is the creation of trustworthy transaction environments: They can execute arbitrarily complex agreements in a manner that is fair to all parties. Smart contracts promise to have a transformative societal impact, bringing radical new efficiency to sectors as diverse as finance, digital media, and insurance. An impediment to the successful deployment of smart contracts, however, is their heightened susceptibility to bugs, which can lead directly to violation of contractual obligations and even theft of assets. Thus, new ways of ensuring the trustworthiness of smart contracts are needed. This research project attacks the problem of trustworthiness in smart contracts from two sides. It explores new, proactive, language-based mechanisms for increasing the assurance that contracts are correctly implemented before deployment. Not all errors can be caught prior to deployment, however, so the project also investigates reactive mechanisms for preventing and mitigating the damage caused by incorrectly programmed smart contracts. The reactive methods explored in this research include the principled use of bug bounties to incentivize discovery and reporting of bugs, coupled with built-in mitigation mechanisms that alter contract behavior when bugs are uncovered. The outcomes of this research will include new scientific foundations for smart contract assurance that are applicable to the broader problem of software assurance, as well as practical methods that combine proactive and reactive tools to achieve heightened trustworthiness in deployed smart contracts.

智能合约是可以自主执行的程序，可以操纵数字资产。它们的关键能力是创建可信赖的交易环境：它们可以以对各方公平的方式执行任意复杂的协议。智能合约有望产生变革性的社会影响，为金融、数字媒体和保险等不同行业带来全新的效率。然而，成功部署智能合约的一个障碍是它们对错误的敏感性增加，这可能直接导致违反合同义务，甚至盗窃资产。因此，需要新的方法来确保智能合约的可信度。该研究项目从两个方面解决了智能合约中的可信度问题。它探讨了新的、积极主动的、基于语言的机制，以增加合同在部署前得到正确执行的保证。然而，并不是所有的错误都可以在部署之前被捕获，因此该项目还研究了反应机制，以防止和减轻错误编程的智能合约造成的损害。在这项研究中探索的反应性方法包括原则性地使用bug奖金来激励发现和报告bug，再加上内置的缓解机制，当发现bug时会改变合同行为。这项研究的成果将包括适用于更广泛的软件保证问题的智能合约保证的新科学基础，以及结合联合收割机主动和被动工具以提高部署的智能合约可信度的实用方法。

项目成果

The Hydra Framework for Principled, Automated Bug Bounties

用于有原则的、自动化的 Bug 赏金的 Hydra 框架

• DOI: 10.1109/msec.2019.2914109
• 发表时间: 2019
• 期刊: IEEE Security & Privacy
• 影响因子: 1.9
• 作者: Breidenbach, Lorenz;Daian, Philip;Tramer, Florian;Juels, Ari
• 通讯作者: Juels, Ari

Heterogeneous Paxos

异构Paxos

• 发表时间: 2021
• 期刊: OPODIS: International Conference on Principles of Distributed Systems
• 作者: Sheff, Isaac;Wang, Xinwen;van Renesse, Robbert;Myers, Andrew C.
• 通讯作者: Myers, Andrew C.

Securing Smart Contracts with Information Flow

通过信息流保护智能合约

• 发表时间: 2020
• 期刊: International Symposium on Foundations and Applications of Blockchain
• 作者: Cecchetti, Ethan;Yao, Siqiu;Ni, Haobin;Myers, Andrew C.
• 通讯作者: Myers, Andrew C.

Tesseract: Real-Time Cryptocurrency Exchange Using Trusted Hardware

• DOI: 10.1145/3319535.3363221
• 发表时间: 2019-11
• 期刊: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Iddo Bentov;Yan Ji;Fan Zhang;Lorenz Breidenbach;Philip Daian;A. Juels

Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts

• DOI: 10.1109/eurosp.2019.00023
• 发表时间: 2018-04
• 期刊: 2019 IEEE European Symposium on Security and Privacy (EuroS&P)
• 作者: Raymond Cheng;Fan Zhang;Jernej Kos;Warren He;Nicholas Hynes;Noah M. Johnson;A. Juels;Andrew K. Miller-Andre