Research Papers

Original Research November 2024

Taxonomy of Reentrancy Vulnerabilities in DeFi Protocols

Abstract

This paper presents a classification of reentrancy vulnerabilities identified across 847 DeFi protocols between 2020-2024. We distinguish between single-function, cross-function, cross-contract, and read-only reentrancy variants. Our analysis reveals that 23% of audited protocols contained at least one reentrancy vector, with cross-contract reentrancy increasing by 340% since composable DeFi primitives emerged. We propose a formal verification framework and evaluate its effectiveness against existing static analysis tools.

This research examines reentrancy patterns in DeFi, including read-only reentrancy that exploits view functions and cross-protocol reentrancy spanning multiple contracts.

Reentrancy DeFi Security Formal Verification Static Analysis

Technical Report October 2024

Flash Loan Attack Vectors: A Quantitative Analysis of $1.2 Billion in DeFi Exploits

Abstract

Analysis of 127 flash loan attacks between January 2020 and September 2024, representing over $1.2 billion in losses. We categorize attacks into five vectors: oracle manipulation (42%), governance exploitation (18%), liquidation manipulation (15%), arbitrage amplification (14%), and reentrancy amplification (11%). 78% of attacks could have been prevented with TWAP windows exceeding 30 minutes. We propose a "flash loan resistance score" metric for evaluating protocol security.

Flash loans provide unlimited capital for a single transaction. This report analyzes attack patterns, vulnerable code patterns, and mitigation strategies.

Flash Loans Oracle Manipulation Attack Analysis Risk Metrics

Original Research September 2024

Access Control Anti-Patterns in Upgradeable Smart Contract Systems

Abstract

Upgradeable smart contracts introduce unique security challenges related to access control and privilege management. Through systematic analysis of 312 upgradeable contract systems using proxy patterns (UUPS, Transparent, Beacon), we identify 14 distinct access control anti-patterns that have led to $487 million in losses. Our findings reveal that 67% of vulnerabilities stem from improper initialization protection, while 23% involve confused privilege boundaries between proxy and implementation contracts. We present a formal model for safe upgrade paths and introduce the "Privilege Invariant Checker" (PIC), an automated tool achieving 94% detection rate for access control vulnerabilities in proxy-based systems.

This research covers access control in the context of proxy patterns and contract upgrades.

Access Control Proxy Patterns Upgradeability Automated Analysis

Survey Paper August 2024

MEV Extraction and Mitigation: A Systematic Literature Review and Empirical Analysis

Abstract

Maximal Extractable Value (MEV) represents a fundamental challenge to fair transaction ordering in blockchain systems. This survey synthesizes 89 academic papers and analyzes 2.3 million MEV transactions on Ethereum to evaluate the current state of MEV extraction and mitigation. We categorize MEV strategies into five classes: pure arbitrage (31%), sandwich attacks (28%), liquidations (24%), JIT liquidity (12%), and time-bandit attacks (5%). Our empirical analysis shows that despite the adoption of Flashbots and MEV-Boost, average MEV extraction has increased by 47% post-Merge due to proposer-builder separation. We evaluate 12 proposed mitigation mechanisms and identify threshold encryption and batch auctions as the most promising approaches for sustainable MEV reduction.

This survey examines the MEV supply chain, extraction techniques, and proposed solutions from academic and industry perspectives.

MEV Front-running Transaction Ordering Flashbots

Technical Report July 2024

Integer Arithmetic Vulnerabilities Beyond Overflow: Precision Loss and Rounding Attacks in DeFi

Abstract

While Solidity 0.8's built-in overflow protection has significantly reduced traditional integer overflow vulnerabilities, our research demonstrates that arithmetic-related exploits remain prevalent through precision loss and rounding manipulation. Analyzing 156 DeFi protocols, we identify three primary attack classes: (1) rounding direction exploitation in fee calculations, (2) precision loss amplification through repeated operations, and (3) dust accumulation attacks on fractional accounting. We present mathematical proofs for vulnerability conditions and introduce "ArithCheck," a symbolic execution framework specifically designed to detect precision-related vulnerabilities. Our tool identified 34 previously unknown vulnerabilities in mainnet contracts, of which 12 were rated high severity.

Integer security extends far beyond simple overflow. This research explores the subtle ways arithmetic operations can be exploited when protocols fail to account for the limitations of fixed-point math in Solidity.

Integer Arithmetic Precision Loss Symbolic Execution Solidity

Original Research June 2024

Cross-Chain Bridge Security: Vulnerability Patterns and Defense Mechanisms

Abstract

Cross-chain bridges have become critical infrastructure in the multi-chain ecosystem, yet they represent the highest-value targets for attackers, with over $2.5 billion lost to bridge exploits since 2021. We present a security analysis of 23 major bridge implementations across five architectural categories: hash time-locked contracts, multisig custody, validator networks, optimistic verification, and zero-knowledge proofs. Our research identifies 18 distinct vulnerability classes, with signature verification failures (38%) and message replay attacks (24%) being most prevalent. We propose a formal security model for bridge protocols and introduce the "Bridge Security Maturity Model" (BSMM) - a framework for evaluating and comparing bridge security postures across implementations.

This research provides a security framework for evaluating cross-chain bridge implementations.

Cross-Chain Bridge Security Zero-Knowledge Security Models