Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems

The rapid growth and adoption of decentralized finance (DeFi) systems have been accompanied by various threats, notably those emerging from vulnerabilities in their intricate design. In our work, we introduce and define an attack strategy termed as Role-Play Attack, in which the attacker acts as mul...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Li, Weilin, Wang, Zhun, Li, Chenyu, Chen, Heying, Wong, Taiyu, Sun, Pengyu, Yu, Yufei, Zhang, Chao
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator Li, Weilin
Wang, Zhun
Li, Chenyu
Chen, Heying
Wong, Taiyu
Sun, Pengyu
Yu, Yufei
Zhang, Chao
description The rapid growth and adoption of decentralized finance (DeFi) systems have been accompanied by various threats, notably those emerging from vulnerabilities in their intricate design. In our work, we introduce and define an attack strategy termed as Role-Play Attack, in which the attacker acts as multiple roles concurrently to exploit the DeFi system and cause substantial financial losses. We provide a formal definition of this strategy and demonstrate its potential impacts by revealing the total loss of \$435.1M caused by 14 historical attacks with applying this pattern. Besides, we mathematically analyzed the attacks with top 2 losses and retrofitted the corresponding attack pattern by concrete execution, indicating that this strategy could increase the potential profit for original attacks by \$3.34M (51.4%) and \$3.76M (12.0%), respectively.
doi_str_mv 10.48550/arxiv.2310.01081
format Article
fullrecord <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_2310_01081</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2310_01081</sourcerecordid><originalsourceid>FETCH-LOGICAL-a671-5fdf7e0eaf6d5e751c567696ba33d2b8b4faefc38e7917844c180264e0e2b3f43</originalsourceid><addsrcrecordid>eNotj01LwzAYx3PxINMP4Mkc9dCZNK87jm1VYaC4Cd7K0_TJCGuz0QZZ_fR209Mf_m_wI-SOs6m0SrEn6E7he5qL0WCcWX5Nvj5jC_0-xB39ODSYvTcw0HlK4PZ0kzpIuAvY0xDp6nRsDiGdm0t0GMewCT9Y0yJEiA7pwxKL8Eg3Q5-w7W_IlYemx9t_nZBtsdouXrL12_PrYr7OQBueKV97gwzB61qhUdwpbfRMVyBEnVe2kh7QO2HRzLixUjpuWa7lOMkr4aWYkPu_2wtaeexCC91QnhHLC6L4BeGHTFM</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems</title><source>arXiv.org</source><creator>Li, Weilin ; Wang, Zhun ; Li, Chenyu ; Chen, Heying ; Wong, Taiyu ; Sun, Pengyu ; Yu, Yufei ; Zhang, Chao</creator><creatorcontrib>Li, Weilin ; Wang, Zhun ; Li, Chenyu ; Chen, Heying ; Wong, Taiyu ; Sun, Pengyu ; Yu, Yufei ; Zhang, Chao</creatorcontrib><description>The rapid growth and adoption of decentralized finance (DeFi) systems have been accompanied by various threats, notably those emerging from vulnerabilities in their intricate design. In our work, we introduce and define an attack strategy termed as Role-Play Attack, in which the attacker acts as multiple roles concurrently to exploit the DeFi system and cause substantial financial losses. We provide a formal definition of this strategy and demonstrate its potential impacts by revealing the total loss of \$435.1M caused by 14 historical attacks with applying this pattern. Besides, we mathematically analyzed the attacks with top 2 losses and retrofitted the corresponding attack pattern by concrete execution, indicating that this strategy could increase the potential profit for original attacks by \$3.34M (51.4%) and \$3.76M (12.0%), respectively.</description><identifier>DOI: 10.48550/arxiv.2310.01081</identifier><language>eng</language><subject>Computer Science - Cryptography and Security</subject><creationdate>2023-10</creationdate><rights>http://creativecommons.org/licenses/by-nc-nd/4.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,780,885</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/2310.01081$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.2310.01081$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Li, Weilin</creatorcontrib><creatorcontrib>Wang, Zhun</creatorcontrib><creatorcontrib>Li, Chenyu</creatorcontrib><creatorcontrib>Chen, Heying</creatorcontrib><creatorcontrib>Wong, Taiyu</creatorcontrib><creatorcontrib>Sun, Pengyu</creatorcontrib><creatorcontrib>Yu, Yufei</creatorcontrib><creatorcontrib>Zhang, Chao</creatorcontrib><title>Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems</title><description>The rapid growth and adoption of decentralized finance (DeFi) systems have been accompanied by various threats, notably those emerging from vulnerabilities in their intricate design. In our work, we introduce and define an attack strategy termed as Role-Play Attack, in which the attacker acts as multiple roles concurrently to exploit the DeFi system and cause substantial financial losses. We provide a formal definition of this strategy and demonstrate its potential impacts by revealing the total loss of \$435.1M caused by 14 historical attacks with applying this pattern. Besides, we mathematically analyzed the attacks with top 2 losses and retrofitted the corresponding attack pattern by concrete execution, indicating that this strategy could increase the potential profit for original attacks by \$3.34M (51.4%) and \$3.76M (12.0%), respectively.</description><subject>Computer Science - Cryptography and Security</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNotj01LwzAYx3PxINMP4Mkc9dCZNK87jm1VYaC4Cd7K0_TJCGuz0QZZ_fR209Mf_m_wI-SOs6m0SrEn6E7he5qL0WCcWX5Nvj5jC_0-xB39ODSYvTcw0HlK4PZ0kzpIuAvY0xDp6nRsDiGdm0t0GMewCT9Y0yJEiA7pwxKL8Eg3Q5-w7W_IlYemx9t_nZBtsdouXrL12_PrYr7OQBueKV97gwzB61qhUdwpbfRMVyBEnVe2kh7QO2HRzLixUjpuWa7lOMkr4aWYkPu_2wtaeexCC91QnhHLC6L4BeGHTFM</recordid><startdate>20231002</startdate><enddate>20231002</enddate><creator>Li, Weilin</creator><creator>Wang, Zhun</creator><creator>Li, Chenyu</creator><creator>Chen, Heying</creator><creator>Wong, Taiyu</creator><creator>Sun, Pengyu</creator><creator>Yu, Yufei</creator><creator>Zhang, Chao</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20231002</creationdate><title>Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems</title><author>Li, Weilin ; Wang, Zhun ; Li, Chenyu ; Chen, Heying ; Wong, Taiyu ; Sun, Pengyu ; Yu, Yufei ; Zhang, Chao</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a671-5fdf7e0eaf6d5e751c567696ba33d2b8b4faefc38e7917844c180264e0e2b3f43</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Computer Science - Cryptography and Security</topic><toplevel>online_resources</toplevel><creatorcontrib>Li, Weilin</creatorcontrib><creatorcontrib>Wang, Zhun</creatorcontrib><creatorcontrib>Li, Chenyu</creatorcontrib><creatorcontrib>Chen, Heying</creatorcontrib><creatorcontrib>Wong, Taiyu</creatorcontrib><creatorcontrib>Sun, Pengyu</creatorcontrib><creatorcontrib>Yu, Yufei</creatorcontrib><creatorcontrib>Zhang, Chao</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Li, Weilin</au><au>Wang, Zhun</au><au>Li, Chenyu</au><au>Chen, Heying</au><au>Wong, Taiyu</au><au>Sun, Pengyu</au><au>Yu, Yufei</au><au>Zhang, Chao</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems</atitle><date>2023-10-02</date><risdate>2023</risdate><abstract>The rapid growth and adoption of decentralized finance (DeFi) systems have been accompanied by various threats, notably those emerging from vulnerabilities in their intricate design. In our work, we introduce and define an attack strategy termed as Role-Play Attack, in which the attacker acts as multiple roles concurrently to exploit the DeFi system and cause substantial financial losses. We provide a formal definition of this strategy and demonstrate its potential impacts by revealing the total loss of \$435.1M caused by 14 historical attacks with applying this pattern. Besides, we mathematically analyzed the attacks with top 2 losses and retrofitted the corresponding attack pattern by concrete execution, indicating that this strategy could increase the potential profit for original attacks by \$3.34M (51.4%) and \$3.76M (12.0%), respectively.</abstract><doi>10.48550/arxiv.2310.01081</doi><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier DOI: 10.48550/arxiv.2310.01081
ispartof
issn
language eng
recordid cdi_arxiv_primary_2310_01081
source arXiv.org
subjects Computer Science - Cryptography and Security
title Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-23T03%3A13%3A49IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Unmasking%20Role-Play%20Attack%20Strategies%20in%20Exploiting%20Decentralized%20Finance%20(DeFi)%20Systems&rft.au=Li,%20Weilin&rft.date=2023-10-02&rft_id=info:doi/10.48550/arxiv.2310.01081&rft_dat=%3Carxiv_GOX%3E2310_01081%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true