ACM CCS Workshop on
Decentralized Finance and
Security (DeFi'24)
October 18th, 2024 — Salt Lake City, U.S.A.
co-located with the ACM Conference on Computer and Communications Security 2024
Photo: supplychainbeyond

Keynote -- Modern Blockchains for the Modern Security Engineer

In this talk, I discuss how modern blockchains have fundamentally different characteristics from early ones in terms of cost, latency, throughput, scaling, expressivity, governance, and power consumption. However, the evolution from the old to the modern was slow, full of setbacks, and confusion, and the significant shift in capabilities was easy to miss. Using the Sui blockchain as an example, I present the current technologies for high-performance consensus, transaction processing, execution, and data dissemination.

I argue that modern blockchains are particularly useful as a “consistent core” to engineer large open security protocols, and illustrate this through the design of a new decentralized store, Walrus. In brief, assuming their modern capabilities, modern blockchains can resolve the hard coordination problems present in large security systems in a systematic, performant, and secure manner. They are a tool every security engineer needs to have in their toolbox.

George Danezis

George Danezis

Mysten Labs & University College London

Biography

Prof George Danezis, B.A, M.A (Cantab), Ph.D, FBCS. George Danezis is Professor of Security and Privacy Engineering at the Department of Computer Science, University College London. He co-founded and acts as Chief Scientist at Mysten Labs since 2021. George has conducted research on Privacy Enhancing Technologies (PET) and Decentralized / Distributed Systems Security since 2000. His current research interests focus on secure communications, high-integrity systems to support privacy, blockchains, and decentralization. In the past, he co-founded chainspace.io in 2018, and his team was acquired in 2019 by Facebook Novi to help design the Diem payment system. In 2021, he departed and co-founded MystenLabs, to help build the Sui smart contracts platform and now the Walrus decentralized store.

Programme

Start End Session Title
9:00 9:05 Welcome & opening
9:05 10:00 Keynote Modern Blockchains for the Modern Security Engineer George Danezis
Mysten Labs & University College London
10:00 10:20 Session 1: MEV and Transaction Dynamics (Invited Talk) Demystifying DeFi MEV Activities in Flashbots Bundle In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, pp. 165-179. 2023. Best DeFi Papers Award 2023
Zihao Li, Jianfeng Li, Zheyuan He, Xiapu Luo, Ting Wang, Xiaoze Ni, Wenwu Yang, Xi Chen, and Ting Chen
10:20 10:40 MEV Sharing with Dynamic Extraction Rates
Pedro Braga, Georgios Chionas, Piotr Krysta, Stefanos Leonardos, Georgios Piliouras, and Carmine Ventre
10:40 11:00 Break ☕️☕️☕️
11:00 11:30 Sponsor Talks Transient Storage -- Use Cases, Design Patterns and Security Considerations
Julio Aguilar & Valerian Callens
Quantstamp
11:30 11:45 DeFi Protocol Security: Lessons Learned and New Developments
Yajin Zhou
BlockSec & Zhejiang University
11:45 12:00 Web3 Attack and Protection
Blue
SlowMist CTO
12:00 13:30 Lunch 🥪🥪🥪
13:30 13:50 Session 2: Transaction Efficiency and Economic Security Analysis (Invited Talk) Clockwork Finance: Automated Analysis of Economic Security in Smart Contracts In 2023 IEEE Symposium on Security and Privacy (SP), pp. 2499-2516. IEEE, 2023. Best DeFi Papers Award 2023
Kushal Babel, Philip Daian, Mahimna Kelkar, and Ari Juels
13:50 14:10 Unpacking Long-Latency Transactions in Ethereum
Chon Kit Lao, Sophie Zhou, Luyao Zhang, Fan Zhang, and Kanye Ye Wang
14:10 14:30 Break ☕️☕️☕️
14:30 14:50 Session 3: Front-Running and Security Challenges (Invited Talk) The Blockchain Imitation Game In 32nd USENIX Security Symposium (USENIX Security 23), pp. 3961-3978. 2023. Best DeFi Papers Award 2023
Kaihua Qin, Stefanos Chaliasos, Liyi Zhou, Benjamin Livshits, Dawn Song, and Arthur Gervais.
14:50 15:10 SoK: MEV Countermeasures
Sen Yang, Fan Zhang, Ken Huang, Xi Chen, Youwei Yang, Feng Zhu
15:10 15:30 Break ☕️☕️☕️
15:30 15:50 Session 4: Real-World Assets and Economic Mechanisms (Invited Talk) Foundations of Transaction Fee Mechanism Design In Proceedings of the 2023 Annual ACM-SIAM Symposium on Discrete Algorithms (SODA), pp. 3856-3899. Society for Industrial and Applied Mathematics, 2023. Best DeFi Papers Award 2023
Hao Chung, and Elaine Shi.
15:50 16:10 Exploring the Security Issues of Real World Assets (RWA)
Shijian Chen, Muhui Jiang, Xiapu Luo
16:10 16:15 Closing remarks
16:15 - Social time

Best DeFi Papers Award 2023

About the Award

Best DeFi Papers Award 2023 is presented to authors whose work represents outstanding and groundbreaking research in DeFi.

Practical Research Paper Track

  • The Blockchain Imitation Game In 32nd USENIX Security Symposium (USENIX Security 23), pp. 3961-3978. 2023.
    Kaihua Qin, Stefanos Chaliasos, Liyi Zhou, Benjamin Livshits, Dawn Song, and Arthur Gervais.
  • Demystifying DeFi MEV Activities in Flashbots Bundle In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, pp. 165-179. 2023.
    Zihao Li, Jianfeng Li, Zheyuan He, Xiapu Luo, Ting Wang, Xiaoze Ni, Wenwu Yang, Xi Chen, and Ting Chen

Theoretical Research Paper Track

  • Foundations of Transaction Fee Mechanism Design In Proceedings of the 2023 Annual ACM-SIAM Symposium on Discrete Algorithms (SODA), pp. 3856-3899. Society for Industrial and Applied Mathematics, 2023.
    Hao Chung, and Elaine Shi.
  • Clockwork Finance: Automated Analysis of Economic Security in Smart Contracts In 2023 IEEE Symposium on Security and Privacy (SP), pp. 2499-2516. IEEE, 2023.
    Kushal Babel, Philip Daian, Mahimna Kelkar, and Ari Juels

Sponsors

Gold

Silver

Supporters

Committee

Steering Committee

Program Committee Co-chairs

Program Committee

Call for Papers [+]

Overview

Decentralized Finance (DeFi) has experienced tremendous growth, transforming from a niche market to a thriving ecosystem that has captured the attention of both crypto enthusiasts and traditional financial institutions. Despite the challenges posed by market volatility and regulatory uncertainties, DeFi has continued to evolve, offering an ever-expanding array of financial services, including decentralized exchanges, yield farming platforms, stablecoins, and innovative derivatives.

As the DeFi landscape has matured, the need for robust security measures has become increasingly apparent. This workshop aims to bring together leading experts from various domains, including cryptography, game theory, economics, and cybersecurity, to collaboratively explore the current state of DeFi security and chart a path forward. By fostering interdisciplinary dialogue and showcasing cutting-edge research, we seek to identify and address the critical challenges facing DeFi, with a particular focus on safeguarding users from malicious actors and promoting the development of secure, resilient, and user-centric DeFi platforms.

In addition to the formal presentations and panel discussions, the workshop will provide ample opportunities for attendees to connect, exchange ideas, and forge new collaborations through virtual networking sessions and interactive breakout rooms. By creating a vibrant and inclusive forum for knowledge sharing and innovation, we aim to accelerate the growth of a secure and trustworthy DeFi ecosystem that can drive the next phase of global financial inclusion and empowerment.

Submission Server

https://defi24.hotcrp.com/

Important Dates

Topics of Interest

Topics of interest include (but are not limited to):

  • Anonymity and privacy-preserving techniques in DeFi
  • Applied cryptography in DeFi protocols and applications
  • Attacks, attack techniques, and attack case studies in DeFi
  • Censorship resistance in DeFi
  • Cryptographic protocols for secure DeFi transactions
  • DeFi composability and its security and privacy implications
  • DeFi fraud detection and financial crime prevention
  • DeFi on Layer 2
  • DeFi protocol governance and stakeholder voting security
  • Economic and game-theoretic analysis of DeFi security and privacy
  • Empirical studies and real-world measurements of DeFi security and privacy
  • Exchange Security (manipulation resilience, front-running, sandwich)
  • Formal analysis, verification, and correctness by design for DeFi smart contracts
  • Incentive mechanisms for promoting secure and privacy-preserving behavior in DeFi
  • Legal and regulatory issues related to DeFi security and privacy
  • Manipulation resilience of Stablecoins
  • Metrics for evaluating the security and privacy of DeFi platforms
  • Miner/maximal/blockchain extraced/extractable value (MEV/BEV) in DeFi
  • Network forensics and monitoring for DeFi security
  • Privacy-preserving smart contracts and applications in DeFi
  • Quantum-resilient cryptography for DeFi
  • Secure cryptoasset custody solutions for DeFi
  • Secure hardware and trusted execution environments (TEE) for DeFi applications
  • Secure interoperability between DeFi and centralized financial systems
  • Security and privacy challenges in decentralized autonomous organizations (DAOs)
  • Techniques for achieving privacy in decentralized exchanges and trading platforms
  • Transaction graph analysis for DeFi forensics and investigations
  • User studies on the usability and adoption of secure and privacy-preserving DeFi solutions
  • Zero-knowledge proofs and their applications in DeFi

Submissions Policy

Any link to previously published or concurrently submitted papers by any of the writers must be clearly documented in all submissions, i.e., submissions must be original work. Your submission will be rejected if you fail to define and explain contribution overlaps. It is not allowed to send the same paper to another venue with proceedings or a journal at the same time, as this would result in a desk reject. Please contact the program committee chairs if you have any questions.

Systemization of Knowledge (SoK)

Papers on Systemization of Knowledge are welcome. These aren't surveys of previous academic work, but rather a set of findings that have been presented informally by the open-source community or used in operational projects. SoK submissions should have an “SoK:” prefix in the title.

Anonymous Submission

Papers must be provided in a way that allows for anonymous reviews: no author names or affiliations should appear on the title page, and the submission should not disclose the authors' identities in the document. When referring to your prior work, please pretend that prior work is written by someone else. Then blind the references itself if a third-person reference isn't possible (unusual). This policy is not breached if the paper is released as a technical report or in an online archive. If you have any concerns, please contact the program chairs. Papers that are not anonymized correctly should be rejected without its content being reviewed.

Conflict of Interest

When submitting a research paper, the submission site will inquire about any possible conflicts of interest between the paper's authors and members of the program committee (PC). According to the following definition, it is the sole duty of all authors of a paper to recognize all possible conflict-of-interest PC participants. When one or more of the following criteria apply, a paper author has a conflict of interest with a PC member:

  • The PC member is a co-author of the submitted paper.
  • The PC member was in the last two years in the same company or university as a co-author of the submitted paper.
  • The PC member collaborated with a co-author in the last two years.
  • No matter how long ago, the PC member is or was a co-author's primary thesis advisor.
  • No matter how long ago, a co-author is or was the PC member's primary thesis advisor.
  • The author's PC member is a relative or close personal friend.

Whenever a PC member or co-chair is in conflict with a paper, the PC member or co-chair must not review the paper nor have access to the reviews or discussions. Any other case in which the authors believe they have a dispute or conflict with a PC member, they must proactively explain the reason to the PC chairs, who will mark the conflict if necessary. As of the submission date, papers with incorrect or incomplete conflict of interest details will be automatically refused. When one of the program co-chairs is unable to decide on a paper, the other co-chair would become responsible. When all program co-chairs are in conflict, the paper will be delegated to a neutral committee member. Co-chairs of the program are not permitted to be authors or co-authors on any submission.

Human Subjects and Ethical Considerations

Papers that perform human subject studies, evaluate data extracted from human subjects (even anonymized data), or otherwise place humans in danger or affect their financial condition must:

  • If appropriate, state whether the study obtained approval or a waiver from each author's institutional ethics review board (IRB).
  • Examine the measures taken to ensure that participants and those who could have been hurt by an experiment were treated ethically and respectfully.

If the submission reveals novel bugs or vulnerabilities (for example, software flaws in a program or design flaws in a hardware system), the authors must explain the steps they have taken or intend to take to fix these flaws in detail (e.g., by disclosing vulnerabilities to the vendors). If the submission includes personally identifiable information (PII) or other forms of confidential data, the same rules apply. If a paper poses serious ethical or legal issues, it may be rejected.

Page Limit and Formatting

We welcome papers of up to 8 pages, excluding references and bibliographies, in the double column ACM CCS format (using the sigconf style). Submissions should be anonymized. Authors of accepted papers must guarantee that one of the authors will register and present the paper at the workshop.

Call for Best DeFi Papers Award 2023 [+]

About the Award

Best DeFi Papers Award 2023 is presented to authors whose work represents outstanding and groundbreaking research in all essential aspects of DeFi. The award will be bestowed upon four distinguished papers focused on the following perspectives:

  • Track A: Best Theoretical Research Paper (x2)
  • Track B: Best Practical Research Paper (x2)

The award carries a USDT/DAI/USDC $500 prize for each winning paper and comes with a statue and certificate to commemorate.

Eligibility and Submission

Authors must self-nominate their work for consideration. Eligible papers should address topics within DeFi and must have been published in a peer-reviewed journal, conference, or workshop with proceedings between January 1, 2023, and December 31, 2023.

Schedule

  • 1st July: Call for nomination opened
  • 15th July: Call for nomination finished
  • 16th July ~ 20th August: ACM DeFi Security PC Internal Voting Period
  • 25th August: Award recipients are notified

Additional Information

Only authors of the awarded papers will be notified via email. These authors will then be required to present their papers at the ACM CCS Workshop on Decentralized Finance and Security 2024 (DeFi'24), which will be held in Salt Lake City on October 18th. Presentations can be given either remotely or on-site.

Additionally, authors of awarded papers will be required to submit a 2-minute video summarizing their research, which will be featured on our website.

Instructions for PC Members (Optional Voting)

As a respected member of the ACM DeFi Security Program Committee, your expertise and judgment are crucial in determining the recipients of this year’s awards. Below, you will find the nominated papers across two tracks. Please review each submission carefully and cast your vote according to the guidelines provided.

Confidentiality

Please keep your vote confidential to maintain the integrity of the selection process.

Voting Criteria

Consider the originality, impact, clarity, and relevance of the research to DeFi in your evaluation.

Voting Process

For each track, please select up to two papers that you believe are most deserving of the award. You can also choose to abstain if you feel that none of the papers meet the award criteria.

Anonymity

This is an anonymous poll. Only invited emails can vote, and only one response is allowed per voter. However, you may edit your response if needed.

Review Process

We will reveal the top two results in each track on the 21st of July. The chairs will then further review these four papers to determine if they are appropriate for the award. If any paper is deemed unsuitable, an email will be sent to all committee members explaining the reasons for its removal.

Call for Sponsorship [+]

We are thrilled to invite you to sponsor our upcoming workshop on the security and privacy aspects of DeFi. This event brings together leading researchers, industry experts, and enthusiasts to discuss the latest developments, challenges, and solutions in the rapidly evolving DeFi landscape.

As a sponsor, you will have the unique opportunity to showcase your brand, products, or services to a highly targeted and engaged audience. Your support will not only contribute to the success of the workshop but also demonstrate your commitment to fostering innovation and promoting best practices in DeFi security and privacy.

We offer three sponsorship tiers to accommodate various levels of involvement and budget:

  • Gold: 2 ETH
  • Silver: 1 ETH
  • Bronze: 0.5 ETH

If you are interested in sponsoring our event, please send email to chairs@defi.security.

Questions?

Send direct queries via email to chairs@defi.security.