forked from rdi-berkeley/metaverse
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathindex.html
153 lines (143 loc) · 12.5 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>DeFi Research | Berkeley RDI</title>
<meta name="description"
content="Decentralised Finance (DeFi) research at the UC Berkeley Center for Responsible, Decentralized Intelligence">
<link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet"
integrity="sha384-gH2yIJqKdNHPEq0n4Mqa/HGKIhSkIHeL5AyhkYV8i59U5AR6csBvApHHNl/vI1Bx" crossorigin="anonymous">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.2/css/all.min.css"
integrity="sha512-1sCRPdkRXhBV2PBLUdRb4tMg1w2YPf37qatUFeS7zlBy7jJI8Lf4VHwWfZZfpXtYSLy85pkm9GaYVYMfw5BC1A=="
crossorigin="anonymous" referrerpolicy="no-referrer"/>
<link href="metaverse.css" rel="stylesheet">
</head>
<body>
<nav class="navbar navbar-expand-lg bg-light">
<div class="container">
<a class="navbar-brand" href="#">Research @ <img alt="Berkeley Logo" src="img/rdi-sm.png" height="30"></a>
<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav ms-auto mb-2 mb-lg-0">
<li class="nav-item">
<a class="nav-link" href="https://rdi.berkeley.edu">RDI Home</a>
</li>
<li class="nav-item">
<a class="nav-link active" href="https://rdi.berkeley.edu/research">Research Home</a>
</li>
<li class="nav-item dropdown">
<a class="nav-link" href="https://rdi.berkeley.edu/zkp">Zero Knowledge Proofs</a>
</li>
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" role="button" data-bs-toggle="dropdown" aria-expanded="false">
Metaverse Research
</a>
<ul class="dropdown-menu">
<li><a class="dropdown-item" href="https://rdi.berkeley.edu/metadata">MetaData</a></li>
<li><a class="dropdown-item" href="https://rdi.berkeley.edu/metaguard">MetaGuard</a></li>
<li><a class="dropdown-item" href="https://rdi.berkeley.edu/metaverse-sok">Privacy SoK</a></li>
<li><a class="dropdown-item" href="https://rdi.berkeley.edu/vr-identification">Identification</a></li>
<li><hr class="dropdown-divider"></li>
<li><a class="dropdown-item" href="https://rdi.berkeley.edu/metaverse">View All</a></li>
</ul>
</li>
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" role="button" data-bs-toggle="dropdown"
aria-expanded="false">
DeFi Research
</a>
<ul class="dropdown-menu">
<li><a class="dropdown-item" href="https://rdi.berkeley.edu/defi-attacks">DeFi Attacks</a></li>
<li><a class="dropdown-item" href="https://rdi.berkeley.edu/blockchain-llm">Blockchain LLM</a>
<li><a class="dropdown-item" href="https://rdi.berkeley.edu/clue">Clue</a>
</li>
<li>
<hr class="dropdown-divider">
</li>
<li><a class="dropdown-item" href="https://rdi.berkeley.edu/defi">View All</a></li>
</ul>
</li>
</ul>
</div>
</div>
</nav>
<div class="bg-secondary py-5">
<div class="container">
<div class="card mt-4">
<div class="row align-items-center">
<div class="col-lg-12">
<div class="p-4">
<h4>VFIX: Facilitating Software Maintenance of Smart Contracts via Automatically Fixing Vulnerabilities</h4>
<h6 class="text-secondary">2024 | Pengcheng Fang · Peng Gao · Yun Peng · Qingzhao Zhang · Tao Xie · Dawn Song · Prateek Mittal · Sanjeev Kulkarni · Zhuotao Liu · Xusheng Xiao | <a href="https://www.computer.org/csdl/proceedings-article/icsme/2024/956800a013/22NQCjiVMs0">https://www.computer.org/csdl/proceedings-article/icsme/2024/956800a013/22NQCjiVMs0</a> | ICSME 2024 </h6>
<p class="text-justify">The growing use of smart contracts has made them prime targets for cybercriminals, resulting in substantial financial losses. Accurately patching newly discovered vulnerabilities is essential for maintaining deployed contracts. This paper proposes VFIX, an automated security patch generation framework for vulnerable smart contracts. VFIX integrates template-based repair with novel static program analysis techniques to accurately fix vulnerabilities. Given an input smart contract, VFIX first detects issues using multiple static verification tools, then applies template-based patches while leveraging program dependency analysis and pointer analysis to accurately infer and populate fix parameters. Finally, VFIX verifies the patched contract to ensure it is vulnerability-free. Our evaluations on 144 real smart contracts containing different types of vulnerabilities show that VFIX can successfully fix 94% of the vulnerabilities and preserve the expected normal behaviors of the smart contracts.
</p>
<p class="mb-0"><a class="btn btn-primary btn-sm"
href="https://www.computer.org/csdl/proceedings-article/icsme/2024/956800a013/22NQCjiVMs0"><i
class="fa fa-arrow-up-right-from-square"></i> Learn More</a></p>
</div>
</div>
</div>
</div>
<div class="card mt-4">
<div class="row align-items-center">
<div class="col-lg-12">
<div class="p-4">
<h4>Towards Automated Security Analysis of Smart Contracts based on Execution Property Graph</h4>
<h6 class="text-secondary">2023 | Kaihua Qin* · Zhe Ye* · Zhun Wang · Weilin Li · Liyi Zhou · Chao Zhang · Dawn Song · Arthur Gervais | <a href="https://arxiv.org/abs/2305.14046">https://arxiv.org/abs/2305.14046</a></h6>
<p class="text-justify">Identifying and mitigating vulnerabilities in smart contracts is crucial, especially considering the rapid growth and increasing complexity of DeFi platforms. To address the challenges associated with securing these contracts, we introduce a versatile dynamic analysis framework specifically designed for the EVM. This comprehensive framework focuses on tracking contract executions, capturing valuable runtime information, while introducing and employing the EPG to propose a unique graph traversal technique that swiftly detects potential smart contract attacks. Our approach showcases its efficacy with rapid average graph traversal time per transaction and high true positive rates. The successful identification of a zero-day vulnerability affecting Uniswap highlights the framework's potential to effectively uncover smart contract vulnerabilities in complex DeFi systems…
</p>
<p class="mb-0"><a class="btn btn-primary btn-sm"
href="https://rdi.berkeley.edu/clue"><i
class="fa fa-arrow-up-right-from-square"></i> Learn More</a></p>
</div>
</div>
</div>
</div>
<div class="card mt-4">
<div class="row align-items-center">
<div class="col-lg-12">
<div class="p-4">
<h4>SoK: Decentralised Finance (DeFi) Attacks</h4>
<h6 class="text-secondary">2023 | Liyi Zhou · Xihan Xiong · Jens Ernstberger · Stefanos Chaliasos · Zhipeng Wang · Ye Wang · Kaihua Qin · Roger Wattenhofer · Dawn Song · Arthur Gervais | <a href="https://arxiv.org/abs/2208.13035">https://arxiv.org/abs/2208.13035</a>
| IEEE S&P 2023 </h6>
<p class="text-justify">We investigate 77 academic papers, 30 audit reports, and 181 real-world incidents. Our open data reveals several gaps between academia and the practitioners' community. For example, few academic papers address "price oracle attacks" and "permissonless interactions", while our data suggests that they are the two most frequent incident types (15% and 10.5% correspondingly). We also investigate potential defenses, and find that: (i) 103 (56%) of the attacks are not executed atomically, granting a rescue time frame for defenders; (ii) SoTA bytecode similarity analysis can at least detect 31 vulnerable/23 adversarial contracts; and (iii) 33 (15.3%) of the adversaries leak potentially identifiable information by interacting with centralized exchanges…
</p>
<p class="mb-0"><a class="btn btn-primary btn-sm"
href="https://rdi.berkeley.edu/defi-attacks"><i
class="fa fa-arrow-up-right-from-square"></i> Learn More</a></p>
</div>
</div>
</div>
</div>
<div class="card mt-4">
<div class="row align-items-center">
<div class="col-lg-12">
<div class="p-4">
<h4>Blockchain Large Language Models</h4>
<h6 class="text-secondary">2023 | Yu Gai* · Liyi Zhou* · Kaihua Qin · Dawn Song · Arthur Gervais | <a href="https://arxiv.org/pdf/2304.12749.pdf">https://arxiv.org/pdf/2304.12749.pdf</a></h6>
<p class="text-justify">This paper presents a dynamic, real-time approach to detecting anomalous blockchain transactions. The proposed tool, BlockGPT, generates tracing representations of blockchain activity and trains from scratch a large language model to act as a real-time Intrusion Detection System. Unlike traditional methods, BlockGPT is designed to offer an unrestricted search space and does not rely on predefined rules or patterns, enabling it to detect a broader range of anomalies. We demonstrate the effectiveness of BlockGPT through its use as an anomaly detection tool for Ethereum transactions. In our experiments, it effectively identifies abnormal transactions among a dataset of 68M transactions and has a batched throughput of 2284 transactions per second on average. Our results show that, BlockGPT identifies abnormal transactions by ranking 49 out of 124 attacks among the top-3 most abnormal transactions interacting with their victim contracts. This work makes contributions to the field of blockchain transaction analysis by introducing a custom data encoding compatible with the transformer architecture, a domain-specific tokenization technique, and a tree encoding method specifically crafted for the Ethereum Virtual Machine (EVM) trace representation…
</p>
<p class="mb-0"><a class="btn btn-primary btn-sm"
href="https://rdi.berkeley.edu/blockchain-llm"><i
class="fa fa-arrow-up-right-from-square"></i> Learn More</a></p>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="bg-dark text-white text-center py-2">
<div class="container">
<p class="m-0">Copyright ©2022 UC Regents | Email us at <a href="mailto:[email protected]">[email protected]</a>.
</p>
</div>
</div>
<script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js"
integrity="sha384-A3rJD856KowSb7dwlZdYEkO39Gagi7vIsF0jrRAoQmDKKtQBHUuLZ9AsSv4jD4Xa"
crossorigin="anonymous"></script>
</body>
</body>
</html>