Abstract
Decentralized Autonomous Organizations (DAOs) are an appealing new way to govern communities through code. There's wide acknowledgement that the 'D,' i.e., 'Decentralization' in DAOs, requires active participation by diverse stakeholders. But how can we accurately measure such participation? In this talk, I'll introduce a metric called Voting-Bloc Entropy (VBE). A rethinking of standard metrics like token holdings, VBE offers a nuanced understanding of community dynamics within DAOs. It also yields new insights about how to preserve and increase decentralization.
One such insight is a looming challenge: systemic bribery. To underscore the practical nature of this threat and the importance of countermeasures, I'll describe our implementation of a Dark DAO—a private market for vote-selling.
Biography
Ari Juels is the Weill Family Foundation and Joan and Sanford I. Weill Professor in the Jacobs Technion-Cornell Institute at Cornell Tech and the Technion and a Computer Science faculty member at Cornell University. He is a Co-Director of the Initiative for CryptoCurrencies and Contracts (IC3). He is also Chief Scientist at Chainlink Labs.
He is the author of crypto-thriller The Oracle, which will be released on 20 February 2024 (Talos Press).
He was the Chief Scientist of RSA, Director of RSA Laboratories, and a Distinguished Engineer at EMC (now Dell EMC), where he worked until 2013. He received his Ph.D. in computer science from U.C. Berkeley.
His recent areas of interest include blockchains, cryptocurrency, and smart contracts, as well as applied cryptography, user authentication, and privacy.
Start | End | Session | Title |
9:00 | 9:05 | Welcome & opening | |
9:05 | 10:00 | Keynote | Rethinking the 'D' in DAO: Voting-Bloc Entropy, Bribery, and Dark DAOs Ari Juels |
10:00 | 10:20 | MEV | Time Moves Faster When There is Nothing You Anticipate: The Role of Time in MEV Rewards Burak Öz (Technical University of Munich), Benjamin Kraner (University of Zurich), Nicolò Vallarano (University of Zurich), Bingle Stegmann Kruger (University of Cape Town), Florian Matthes (Technical University of Munich), Claudio Juan Tessone (University of Zurich) |
10:20 | 10:40 | MEV Makes Everyone Happy under Greedy Sequencing Rule Yuhao Li (Columbia University), Mengqian Zhang (New York University), Jichen Li (Peking University), Elynn Y. Chen (New York University), Xi Chen (New York University), Xiaotie Deng (Peking University) |
|
10:40 | 11:00 | Tea Break | ☕️☕️☕️ |
11:00 | 12:00 | Tutorial | Defi Protocol Security Yajin Zhou |
12:00 | 13:30 | Lunch | 🥪🥪🥪 |
13:30 | 13:50 | DeFi Security: For Fun and Profit | Why Trick Me: The Honeypot Traps on Decentralized Exchanges Rundong Gan (University of Guelph), Le Wang (University of Guelph), Xiaodong Lin (University of Guelph) |
13:50 | 14:10 | The Vulnerable Nature of Decentralized Governance in DeFi Maya Dotan (Hebrew University of Jerusalem), Aviv Yaish (Hebrew University of Jerusalem), Hsin-Chu Yin (Hebrew University of Jerusalem), Eytan Tsytkin (Hebrew University of Jerusalem), Aviv Zohar (Hebrew University of Jerusalem) | |
14:10 | 14:30 | Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems Weilin Li (University of Science and Technology of China), Zhun Wang (Institute for Network Science and Cyberspace of Tsinghua University), Chenyu Li (Institute of Information Engineering Chinese Academy of Sciences), Heying Chen (University of Science and Technology of China), Taiyu Wong (Institute for Network Science and Cyberspace of Tsinghua University), Pengyu Sun (University of Science and Technology of China), Yufei Yu (Tsinghua University), Chao Zhang (Tsinghua University) |
|
14:30 | 15:00 | Coffee Break | ☕️☕️☕️ |
15:00 | 15:45 | Sponsor Talk | Ripple Effects of the Vyper Case: How Security Events Impact the Market EigenPhi |
15:45 | 16:05 | New DeFi Primitives and Insights | Pricing Personalized Preferences for Privacy Protection in Constant Function Market Makers Mohak Goyal (Stanford University), Geoffrey Ramseyer (Stanford University) |
16:05 | 16:25 | R-Pool and Settlement Markets for Recoverable ERC-20R Tokens Kaili Wang (Circle), Qinchen Wang (Stanford University), Calvin Cai (Circle), Dan Boneh (Stanford University) |
|
16:25 | 16:45 | Contagion in Decentralized Lending Protocols: A Case Study of Compound Natkamon Tovanich (École Polytechnique), Myriam Kassoul (École Polytechnique), Simon Weidenholzer (University of Essex), Julien Prat (CNRS and École Polytechnique) |
|
16:45 | 16:50 | Closing remarks | |
16:50 | - | Social time |
Powered by blockchains, Decentralized Finance (DeFi) has grown to a significant economy covering exchanges, borrowing/lending, margin trading, derivatives, and more. However, the security of DeFi have to date not received much scrutiny or attention. Indeed, both old (buggy smart contracts, key management failures, etc.) and new security problems (bribery attacks, MEV, etc.) rampage and have cost billions of dollars in loss.
The purpose of this workshop is to unite researchers with deep knowledge in the many subfields of DeFi (network, consensus, game theory, programming language, economics and security), to jointly revisit their security and privacy properties. The primary aim of the workshop is to elaborate on how we can protect DeFi users from malicious trading entities and what kind of attacks those could mount. The workshop, therefore, aims to solicit novel works that refine the fundamental tensions between security, privacy, usability, economic efficiency and performance of DeFi. Second, the workshop aims to provide an academic forum for scholars to exchange, through breaks in virtual social places as well as to participate in an open panel discussion by the end of the workshop.
Topics of interest include (but are not limited to):
Any link to previously published or concurrently submitted papers by any of the writers must be clearly documented in all submissions, i.e., submissions must be original work. Your submission will be rejected if you fail to define and explain contribution overlaps. It is not allowed to send the same paper to another venue with proceedings or a journal at the same time, as this would result in a desk reject. Please contact the program committee chairs if you have any questions.
Papers on Systemization of Knowledge (SoK) are welcome. These aren't surveys of previous academic work, but rather a set of findings that have been presented informally by the open-source community or used in operational projects. SoK submissions should have an “SoK:” prefix in the title.
Papers must be provided in a way that allows for anonymous reviews: no author names or affiliations should appear on the title page, and the submission should not disclose the authors' identities in the document. When referring to your prior work, please pretend that prior work is written by someone else. Then blind the references itself if a third-person reference isn't possible (unusual). This policy is not breached if the paper is released as a technical report or in an online archive. If you have any concerns, please contact the program chairs. Papers that are not anonymized correctly should be rejected without its content being reviewed.
When submitting a research paper, the submission site will inquire about any possible conflicts of interest between the paper's authors and members of the program committee (PC). According to the following definition, it is the sole duty of all authors of a paper to recognize all possible conflict-of-interest PC participants. When one or more of the following criteria apply, a paper author has a conflict of interest with a PC member:
Whenever a PC member or co-chair is in conflict with a paper, the PC member or co-chair must not review the paper nor have access to the reviews or discussions. Any other case in which the authors believe they have a dispute or conflict with a PC member, they must proactively explain the reason to the PC chairs, who will mark the conflict if necessary. As of the submission date, papers with incorrect or incomplete conflict of interest details will be automatically refused. When one of the program co-chairs is unable to decide on a paper, the other co-chair would become responsible. When all program co-chairs are in conflict, the paper will be delegated to a neutral committee member. Co-chairs of the program are not permitted to be authors or co-authors on any submission.
Papers that perform human subject studies, evaluate data extracted from human subjects (even anonymized data), or otherwise place humans in danger or affect their financial condition must:
If the submission reveals novel bugs or vulnerabilities (for example, software flaws in a program or design flaws in a hardware system), the authors must explain the steps they have taken or intend to take to fix these flaws in detail (e.g., by disclosing vulnerabilities to the vendors). If the submission includes personally identifiable information (PII) or other forms of confidential data, the same rules apply. If a paper poses serious ethical or legal issues, it may be rejected.
We welcome papers of up to 6 pages, excluding references and bibliographies, in the double column ACM CCS format (using the sigconf style). Submissions should be anonymized. Authors of accepted papers must guarantee that one of the authors will register and present the paper at the workshop.
Send direct queries via email to chairs@defi.security.