ACM CCS Workshop on
Decentralized Finance and Security
November 30, 2023 — Copenhagen, Denmark
co-located with the ACM Conference on Computer and Communications Security 2023


Rethinking the 'D' in DAO: Voting-Bloc Entropy, Bribery, and Dark DAOs

Ari Juels

Weill Family Foundation and Joan and Sanford I. Weill Professor
Jacobs Technion-Cornell Institute
Cornell Tech


Decentralized Autonomous Organizations (DAOs) are an appealing new way to govern communities through code. There's wide acknowledgement that the 'D,' i.e., 'Decentralization' in DAOs, requires active participation by diverse stakeholders. But how can we accurately measure such participation? In this talk, I'll introduce a metric called Voting-Bloc Entropy (VBE). A rethinking of standard metrics like token holdings, VBE offers a nuanced understanding of community dynamics within DAOs. It also yields new insights about how to preserve and increase decentralization.

One such insight is a looming challenge: systemic bribery. To underscore the practical nature of this threat and the importance of countermeasures, I'll describe our implementation of a Dark DAO—a private market for vote-selling.


Ari Juels is the Weill Family Foundation and Joan and Sanford I. Weill Professor in the Jacobs Technion-Cornell Institute at Cornell Tech and the Technion and a Computer Science faculty member at Cornell University. He is a Co-Director of the Initiative for CryptoCurrencies and Contracts (IC3). He is also Chief Scientist at Chainlink Labs.

He is the author of crypto-thriller The Oracle, which will be released on 20 February 2024 (Talos Press).

He was the Chief Scientist of RSA, Director of RSA Laboratories, and a Distinguished Engineer at EMC (now Dell EMC), where he worked until 2013. He received his Ph.D. in computer science from U.C. Berkeley.

His recent areas of interest include blockchains, cryptocurrency, and smart contracts, as well as applied cryptography, user authentication, and privacy.


Start End Session Title
9:00 9:05 Welcome & opening
9:05 10:00 Keynote Rethinking the 'D' in DAO: Voting-Bloc Entropy, Bribery, and Dark DAOs
Ari Juels
10:00 10:20 MEV Time Moves Faster When There is Nothing You Anticipate: The Role of Time in MEV Rewards
Burak Öz (Technical University of Munich), Benjamin Kraner (University of Zurich), Nicolò Vallarano (University of Zurich), Bingle Stegmann Kruger (University of Cape Town), Florian Matthes (Technical University of Munich), Claudio Juan Tessone (University of Zurich)
10:20 10:40 MEV Makes Everyone Happy under Greedy Sequencing Rule
Yuhao Li (Columbia University), Mengqian Zhang (New York University), Jichen Li (Peking University), Elynn Y. Chen (New York University), Xi Chen (New York University), Xiaotie Deng (Peking University)
10:40 11:00 Tea Break ☕️☕️☕️
11:00 12:00 Tutorial Defi Protocol Security
Yajin Zhou
12:00 13:30 Lunch 🥪🥪🥪
13:30 13:50 DeFi Security: For Fun and Profit Why Trick Me: The Honeypot Traps on Decentralized Exchanges
Rundong Gan (University of Guelph), Le Wang (University of Guelph), Xiaodong Lin (University of Guelph)
13:50 14:10 The Vulnerable Nature of Decentralized Governance in DeFi
Maya Dotan (Hebrew University of Jerusalem), Aviv Yaish (Hebrew University of Jerusalem), Hsin-Chu Yin (Hebrew University of Jerusalem), Eytan Tsytkin (Hebrew University of Jerusalem), Aviv Zohar (Hebrew University of Jerusalem)
14:10 14:30 Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems
Weilin Li (University of Science and Technology of China), Zhun Wang (Institute for Network Science and Cyberspace of Tsinghua University), Chenyu Li (Institute of Information Engineering Chinese Academy of Sciences), Heying Chen (University of Science and Technology of China), Taiyu Wong (Institute for Network Science and Cyberspace of Tsinghua University), Pengyu Sun (University of Science and Technology of China), Yufei Yu (Tsinghua University), Chao Zhang (Tsinghua University)
14:30 15:00 Coffee Break ☕️☕️☕️
15:00 15:45 Sponsor Talk Ripple Effects of the Vyper Case: How Security Events Impact the Market
15:45 16:05 New DeFi Primitives and Insights Pricing Personalized Preferences for Privacy Protection in Constant Function Market Makers
Mohak Goyal (Stanford University), Geoffrey Ramseyer (Stanford University)
16:05 16:25 R-Pool and Settlement Markets for Recoverable ERC-20R Tokens
Kaili Wang (Circle), Qinchen Wang (Stanford University), Calvin Cai (Circle), Dan Boneh (Stanford University)
16:25 16:45 Contagion in Decentralized Lending Protocols: A Case Study of Compound
Natkamon Tovanich (École Polytechnique), Myriam Kassoul (École Polytechnique), Simon Weidenholzer (University of Essex), Julien Prat (CNRS and École Polytechnique)
16:45 16:50 Closing remarks
16:50 - Social time

Call for Papers

Important Dates

  • Submission deadline: August 1, 2023
  • Author notification: August 28, 2023
  • Camera-ready deadline: September 8, 2023
  • Workshop: November 30, 2023
All due times are 11:59 PM Anywhere on Earth (UTC-12).


Powered by blockchains, Decentralized Finance (DeFi) has grown to a significant economy covering exchanges, borrowing/lending, margin trading, derivatives, and more. However, the security of DeFi have to date not received much scrutiny or attention. Indeed, both old (buggy smart contracts, key management failures, etc.) and new security problems (bribery attacks, MEV, etc.) rampage and have cost billions of dollars in loss.

The purpose of this workshop is to unite researchers with deep knowledge in the many subfields of DeFi (network, consensus, game theory, programming language, economics and security), to jointly revisit their security and privacy properties. The primary aim of the workshop is to elaborate on how we can protect DeFi users from malicious trading entities and what kind of attacks those could mount. The workshop, therefore, aims to solicit novel works that refine the fundamental tensions between security, privacy, usability, economic efficiency and performance of DeFi. Second, the workshop aims to provide an academic forum for scholars to exchange, through breaks in virtual social places as well as to participate in an open panel discussion by the end of the workshop.

Program Committee Co-chairs

Program Committee

Steering Committee

Topics of Interest

Topics of interest include (but are not limited to):

  • Systematizations of DeFi
  • Existing and new DeFi attacks
  • Forensics
  • Security relevant DeFi measurements and empirical studies
  • Security of DeFi smart contracts
  • Security of the DeFi application logic
  • Formal analysis, correct by design, security frameworks
  • Security of DeFi governance (manipulation resistance)
  • DeFi composability (e.g., its security and economic implications)
  • Security of over and under-collateralized Lending
  • New financial concepts and their security implications (e.g., flash loans)
  • Manipulation resilience of Stablecoins
  • Exchange Security (manipulation resilience, front-running, sandwich)
  • Derivatives
  • Insurances
  • Secure margin and leverage trading
  • DeFi on Layer 2
  • Miner Extractable Value
  • Security impact of DeFi on other layers (e.g., consensus, network layer)
  • DeFi scalability issues and solutions
  • Security and economic trade-offs
  • User studies
  • DeFi Privacy (e.g., transaction graph analysis, mixer)
  • Token models
  • Censorship resistance

Submissions Policy

Any link to previously published or concurrently submitted papers by any of the writers must be clearly documented in all submissions, i.e., submissions must be original work. Your submission will be rejected if you fail to define and explain contribution overlaps. It is not allowed to send the same paper to another venue with proceedings or a journal at the same time, as this would result in a desk reject. Please contact the program committee chairs if you have any questions.


Papers on Systemization of Knowledge (SoK) are welcome. These aren't surveys of previous academic work, but rather a set of findings that have been presented informally by the open-source community or used in operational projects. SoK submissions should have an “SoK:” prefix in the title.

Anonymous Submission

Papers must be provided in a way that allows for anonymous reviews: no author names or affiliations should appear on the title page, and the submission should not disclose the authors' identities in the document. When referring to your prior work, please pretend that prior work is written by someone else. Then blind the references itself if a third-person reference isn't possible (unusual). This policy is not breached if the paper is released as a technical report or in an online archive. If you have any concerns, please contact the program chairs. Papers that are not anonymized correctly should be rejected without its content being reviewed.

Conflict of Interest

When submitting a research paper, the submission site will inquire about any possible conflicts of interest between the paper's authors and members of the program committee (PC). According to the following definition, it is the sole duty of all authors of a paper to recognize all possible conflict-of-interest PC participants. When one or more of the following criteria apply, a paper author has a conflict of interest with a PC member:

  • The PC member is a co-author of the submitted paper.
  • The PC member was in the last two years in the same company or university as a co-author of the submitted paper.
  • The PC member collaborated with a co-author in the last two years.
  • No matter how long ago, the PC member is or was a co-author's primary thesis advisor.
  • No matter how long ago, a co-author is or was the PC member's primary thesis advisor.
  • The author's PC member is a relative or close personal friend.

Whenever a PC member or co-chair is in conflict with a paper, the PC member or co-chair must not review the paper nor have access to the reviews or discussions. Any other case in which the authors believe they have a dispute or conflict with a PC member, they must proactively explain the reason to the PC chairs, who will mark the conflict if necessary. As of the submission date, papers with incorrect or incomplete conflict of interest details will be automatically refused. When one of the program co-chairs is unable to decide on a paper, the other co-chair would become responsible. When all program co-chairs are in conflict, the paper will be delegated to a neutral committee member. Co-chairs of the program are not permitted to be authors or co-authors on any submission.

Human Subjects and Ethical Considerations

Papers that perform human subject studies, evaluate data extracted from human subjects (even anonymized data), or otherwise place humans in danger or affect their financial condition must:

  • If appropriate, state whether the study obtained approval or a waiver from each author's institutional ethics review board (IRB).
  • Examine the measures taken to ensure that participants and those who could have been hurt by an experiment were treated ethically and respectfully.

If the submission reveals novel bugs or vulnerabilities (for example, software flaws in a program or design flaws in a hardware system), the authors must explain the steps they have taken or intend to take to fix these flaws in detail (e.g., by disclosing vulnerabilities to the vendors). If the submission includes personally identifiable information (PII) or other forms of confidential data, the same rules apply. If a paper poses serious ethical or legal issues, it may be rejected.

Page Limit and Formatting

We welcome papers of up to 6 pages, excluding references and bibliographies, in the double column ACM CCS format (using the sigconf style). Submissions should be anonymized. Authors of accepted papers must guarantee that one of the authors will register and present the paper at the workshop.

Submission Server