Secure Execution of Smart Contracts
This project focuses on research addressing the emerging requirements for supporting the whole lifecycle of smart contract infrastructures that are based on distributed ledger technology. The outcomes allow for a better understanding of security implications that arise with the use of smart-contract-based systems and ways to adapt smart contracts to different fields of application while still maintaining a level of security according to requested requirements.
Smart contracts can be considered technology that relates to trusted execution environments (TEEs) and multi-party computation (MPC) in the sense that its goal is to enable verifiable computation and execution of program code within a distributed environment, without having to rely on trusted third parties. Cryptocurrencies and blockchain technologies have played a crucial role and acted as a steppingstone for smart contracts by providing the underlying platforms to support such a trustless distributed environment.
At the time this project was started in 2017, many characteristics and security guarantees of blockchain technologies were not fully understood and researched. In regard to smart contracts, the first available platforms such as Ethereum presented their own designs which, while being formally specified, were largely unproven to be viable in practice and could not draw upon any prior experience for the specific context of smart contracts. Further, it was not clear how the addition of being able to execute quasi Turing-complete smart contract code as part of user transactions could affect the overall guarantees of these systems.
Within our research we adopt a holistic viewpoint on smart contract security that is aimed at identifying and incorporating a wide range of aspects and requirements, ranging from
- the secure and sustainable operation of the underlying distributed ledger platforms, over
- the analysis and identification of novel attack vectors against cryptocurrencies, such as leveraging game theoretic incentives and trustless execution of smart contracts, to
- investigating smart contract based techniques for trustless and efficient cross-chain exchange of cryptocurrency assets.
Our results satisfy the underlying goals of the SESC project, but they have also proven to be highly relevant to current design issues and goals of state of the art smart contract platforms. The following examples serve to highlight this statement.
- Our research efforts towards the generation of secure distributed randomness as a fundamental building block for sustainable Proof-of-Stake and other distributed ledger systems has been positively reinforced and confirmed as the currently largest smart contract platform, namely Ethereum, intends to transition to a new platform design where a randomness beacon (called the beacon chain) takes a cornerstone position.
- Our smart contract based design for creating trustless cross-chain interoperable cryptocurrency backed assets can prove to be an invaluable resource for the recent hype surrounding decentralized finance (DeFi).
- Our insights regarding transaction ordering and other bribing attacks that leverage, but can also target, smart contract platforms are proving to become increasingly relevant, especially in the context of new applications such as DeFi, which heavily rely on interacting with smart contracts and where the concrete order of transactions and computations can have a large impact on the financial outcome as well as overall security.
For further information on findings and publications, please contact SBA’s project leads Aljosha Judmayer and Nicholas Stifter.
- The project was led by SBA Research.
- Industry partners: Venionaire Capital and handcheque.
- Blocks & Chains Bibliography
Related News, Events and Projects
- SBA @ Blockchain Summit 2019
- Aljosha Judmayer and Nicholas Stifter on Bitcoin und Blockchain (profil news articel)
- ABC – Austrian Blockchain Center
- Dagstuhl Seminar: Blockchains, Smart Contracts and Future Applications
This project was funded by the FFG.