Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems
The rapid growth and adoption of decentralized finance (DeFi) systems have been accompanied by various threats, notably those emerging from vulnerabilities in their intricate design. In our work, we introduce and define an attack strategy termed as Role-Play Attack, in which the attacker acts as mul...
Gespeichert in:
Hauptverfasser: | , , , , , , , |
---|---|
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
container_end_page | |
---|---|
container_issue | |
container_start_page | |
container_title | |
container_volume | |
creator | Li, Weilin Wang, Zhun Li, Chenyu Chen, Heying Wong, Taiyu Sun, Pengyu Yu, Yufei Zhang, Chao |
description | The rapid growth and adoption of decentralized finance (DeFi) systems have
been accompanied by various threats, notably those emerging from
vulnerabilities in their intricate design. In our work, we introduce and define
an attack strategy termed as Role-Play Attack, in which the attacker acts as
multiple roles concurrently to exploit the DeFi system and cause substantial
financial losses. We provide a formal definition of this strategy and
demonstrate its potential impacts by revealing the total loss of \$435.1M
caused by 14 historical attacks with applying this pattern. Besides, we
mathematically analyzed the attacks with top 2 losses and retrofitted the
corresponding attack pattern by concrete execution, indicating that this
strategy could increase the potential profit for original attacks by \$3.34M
(51.4%) and \$3.76M (12.0%), respectively. |
doi_str_mv | 10.48550/arxiv.2310.01081 |
format | Article |
fullrecord | <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_2310_01081</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2310_01081</sourcerecordid><originalsourceid>FETCH-LOGICAL-a671-5fdf7e0eaf6d5e751c567696ba33d2b8b4faefc38e7917844c180264e0e2b3f43</originalsourceid><addsrcrecordid>eNotj01LwzAYx3PxINMP4Mkc9dCZNK87jm1VYaC4Cd7K0_TJCGuz0QZZ_fR209Mf_m_wI-SOs6m0SrEn6E7he5qL0WCcWX5Nvj5jC_0-xB39ODSYvTcw0HlK4PZ0kzpIuAvY0xDp6nRsDiGdm0t0GMewCT9Y0yJEiA7pwxKL8Eg3Q5-w7W_IlYemx9t_nZBtsdouXrL12_PrYr7OQBueKV97gwzB61qhUdwpbfRMVyBEnVe2kh7QO2HRzLixUjpuWa7lOMkr4aWYkPu_2wtaeexCC91QnhHLC6L4BeGHTFM</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems</title><source>arXiv.org</source><creator>Li, Weilin ; Wang, Zhun ; Li, Chenyu ; Chen, Heying ; Wong, Taiyu ; Sun, Pengyu ; Yu, Yufei ; Zhang, Chao</creator><creatorcontrib>Li, Weilin ; Wang, Zhun ; Li, Chenyu ; Chen, Heying ; Wong, Taiyu ; Sun, Pengyu ; Yu, Yufei ; Zhang, Chao</creatorcontrib><description>The rapid growth and adoption of decentralized finance (DeFi) systems have
been accompanied by various threats, notably those emerging from
vulnerabilities in their intricate design. In our work, we introduce and define
an attack strategy termed as Role-Play Attack, in which the attacker acts as
multiple roles concurrently to exploit the DeFi system and cause substantial
financial losses. We provide a formal definition of this strategy and
demonstrate its potential impacts by revealing the total loss of \$435.1M
caused by 14 historical attacks with applying this pattern. Besides, we
mathematically analyzed the attacks with top 2 losses and retrofitted the
corresponding attack pattern by concrete execution, indicating that this
strategy could increase the potential profit for original attacks by \$3.34M
(51.4%) and \$3.76M (12.0%), respectively.</description><identifier>DOI: 10.48550/arxiv.2310.01081</identifier><language>eng</language><subject>Computer Science - Cryptography and Security</subject><creationdate>2023-10</creationdate><rights>http://creativecommons.org/licenses/by-nc-nd/4.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,780,885</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/2310.01081$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.2310.01081$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Li, Weilin</creatorcontrib><creatorcontrib>Wang, Zhun</creatorcontrib><creatorcontrib>Li, Chenyu</creatorcontrib><creatorcontrib>Chen, Heying</creatorcontrib><creatorcontrib>Wong, Taiyu</creatorcontrib><creatorcontrib>Sun, Pengyu</creatorcontrib><creatorcontrib>Yu, Yufei</creatorcontrib><creatorcontrib>Zhang, Chao</creatorcontrib><title>Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems</title><description>The rapid growth and adoption of decentralized finance (DeFi) systems have
been accompanied by various threats, notably those emerging from
vulnerabilities in their intricate design. In our work, we introduce and define
an attack strategy termed as Role-Play Attack, in which the attacker acts as
multiple roles concurrently to exploit the DeFi system and cause substantial
financial losses. We provide a formal definition of this strategy and
demonstrate its potential impacts by revealing the total loss of \$435.1M
caused by 14 historical attacks with applying this pattern. Besides, we
mathematically analyzed the attacks with top 2 losses and retrofitted the
corresponding attack pattern by concrete execution, indicating that this
strategy could increase the potential profit for original attacks by \$3.34M
(51.4%) and \$3.76M (12.0%), respectively.</description><subject>Computer Science - Cryptography and Security</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNotj01LwzAYx3PxINMP4Mkc9dCZNK87jm1VYaC4Cd7K0_TJCGuz0QZZ_fR209Mf_m_wI-SOs6m0SrEn6E7he5qL0WCcWX5Nvj5jC_0-xB39ODSYvTcw0HlK4PZ0kzpIuAvY0xDp6nRsDiGdm0t0GMewCT9Y0yJEiA7pwxKL8Eg3Q5-w7W_IlYemx9t_nZBtsdouXrL12_PrYr7OQBueKV97gwzB61qhUdwpbfRMVyBEnVe2kh7QO2HRzLixUjpuWa7lOMkr4aWYkPu_2wtaeexCC91QnhHLC6L4BeGHTFM</recordid><startdate>20231002</startdate><enddate>20231002</enddate><creator>Li, Weilin</creator><creator>Wang, Zhun</creator><creator>Li, Chenyu</creator><creator>Chen, Heying</creator><creator>Wong, Taiyu</creator><creator>Sun, Pengyu</creator><creator>Yu, Yufei</creator><creator>Zhang, Chao</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20231002</creationdate><title>Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems</title><author>Li, Weilin ; Wang, Zhun ; Li, Chenyu ; Chen, Heying ; Wong, Taiyu ; Sun, Pengyu ; Yu, Yufei ; Zhang, Chao</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a671-5fdf7e0eaf6d5e751c567696ba33d2b8b4faefc38e7917844c180264e0e2b3f43</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Computer Science - Cryptography and Security</topic><toplevel>online_resources</toplevel><creatorcontrib>Li, Weilin</creatorcontrib><creatorcontrib>Wang, Zhun</creatorcontrib><creatorcontrib>Li, Chenyu</creatorcontrib><creatorcontrib>Chen, Heying</creatorcontrib><creatorcontrib>Wong, Taiyu</creatorcontrib><creatorcontrib>Sun, Pengyu</creatorcontrib><creatorcontrib>Yu, Yufei</creatorcontrib><creatorcontrib>Zhang, Chao</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Li, Weilin</au><au>Wang, Zhun</au><au>Li, Chenyu</au><au>Chen, Heying</au><au>Wong, Taiyu</au><au>Sun, Pengyu</au><au>Yu, Yufei</au><au>Zhang, Chao</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems</atitle><date>2023-10-02</date><risdate>2023</risdate><abstract>The rapid growth and adoption of decentralized finance (DeFi) systems have
been accompanied by various threats, notably those emerging from
vulnerabilities in their intricate design. In our work, we introduce and define
an attack strategy termed as Role-Play Attack, in which the attacker acts as
multiple roles concurrently to exploit the DeFi system and cause substantial
financial losses. We provide a formal definition of this strategy and
demonstrate its potential impacts by revealing the total loss of \$435.1M
caused by 14 historical attacks with applying this pattern. Besides, we
mathematically analyzed the attacks with top 2 losses and retrofitted the
corresponding attack pattern by concrete execution, indicating that this
strategy could increase the potential profit for original attacks by \$3.34M
(51.4%) and \$3.76M (12.0%), respectively.</abstract><doi>10.48550/arxiv.2310.01081</doi><oa>free_for_read</oa></addata></record> |
fulltext | fulltext_linktorsrc |
identifier | DOI: 10.48550/arxiv.2310.01081 |
ispartof | |
issn | |
language | eng |
recordid | cdi_arxiv_primary_2310_01081 |
source | arXiv.org |
subjects | Computer Science - Cryptography and Security |
title | Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems |
url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-23T03%3A13%3A49IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Unmasking%20Role-Play%20Attack%20Strategies%20in%20Exploiting%20Decentralized%20Finance%20(DeFi)%20Systems&rft.au=Li,%20Weilin&rft.date=2023-10-02&rft_id=info:doi/10.48550/arxiv.2310.01081&rft_dat=%3Carxiv_GOX%3E2310_01081%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |