European Commission logo
English English
CORDIS - EU research results

Blockchain Attack and Defense Techniques

Periodic Reporting for period 2 - BAnDIT (Blockchain Attack and Defense Techniques)

Reporting period: 2021-03-01 to 2023-02-28

BAnDiT was a 4-year H2020 ITN MSCA project that provide a platform for industrial-academic collaborations for the analysis and development of advanced and secure blockchain-based applications. This platform showed how the synergy between Industry and Academia can bring additional value that is far more than just the sum of the two components taken separately. In this joint work, all the partners contributed with different and complementary skills and expertise, in topics ranging from technical aspects to more multidisciplinary perspectives, digging into the foundations of blockchain from a legal and a financial angle.

BAnDiT gave early-stage researchers (ESRs) the opportunity to become key future contributors to the creation of top class security applications, based on the latest blockchain technology features and satisfying real societal needs. More in detail, following the training programme offered by BAnDiT the ESRs were able to test blockchain-based applications against advanced persistent threats and to detect on-the-fly malicious behaviors that may threaten the confidentiality, integrity and availability of exchanged data. The project was structured around two main aims​: 1. Develop an advanced platform to test real persistent threats to BCT and assess the weaknesses of blockchain applications/systems; ​2.Foster partnership between Industry and Academia ​in a powerful emerging technology of great impact in our society.
At the core of the program are four ESRs. All of them enrolled in the PhD program at the Universitat Pompeu Fabra. The student who started first (ESR1) defended the thesis last March obtaining the maximum qualification of Excellent. The tribunal was formed by 3 researchers of recognized prestige in the field. The other 3 PhD students continue their thesis at a good pace, with numerous international publications, and in fact, although they could deposit the thesis (a draft of the thesis was sent in February as deliverable), they will do it during the course of this year since we found funding for them. For ESR2 and ESR4 we have secured a grant from Prococol Labs to fund their final year of PhD, and for ESR3 we have secured funding from Ethereum Foundation. It is worth noting that both Protocol Labs and Ethereum Foundation are world leading companies in the blockchain field, and that all of them actively participated in securing resources for such funding. This process, guided and supervised by their supervisors, is also very important in the training process. We intentionally sought funding from the business world to encourage these industrial doctoral students to collaborate with companies.

In addition, the PI of the project and ESR4 supervisor at the Universitat Pompeu Fabra obtained a grant under the Universitat Pompeu Fabra's Planetary Wellbeing program to use Blockchain as a Governance Platform for Renewable Energy Communities. ESR4 participated intensively in the proposal preparation. Finally ESR1 will be hired to execute the project for 4 months. It is also expected that this will foster collaboration between the different ESRs and result in some international publication.

The industrial aspect of all of them has crystallized not only in funding collaborations with companies in their fourth year of PhD, but also in the fact that the ESR1 has embarked on exploring the possibility of valorizing its results in the form of a spin-off under the guidance of the PI of the project. Jointly they have been granted with a competitive grant (INNOVALORA) of 50k from Pompeu Fabra University to start shaping the spin-off.
The research carried out by ESRs has produced a series of results that have a high potential of being exploited. We summarize them as follows:

1. Blockchain analysis tools. Topological Data Analysis (TDA) is a recent field in mathematics whose aim is to uncover, understand and exploit the topological and geometric structure underlying complex and possibly high dimensional data. It proposes new well-founded mathematical theories and computational tools that can be used independently or in combination with other data analysis and statistical learning techniques.

2. New Decentralized Exchange (DEX) protocols. ESR1 developed a series of DDEX protocols which promise to reduce some of the negative externalities caused by the temporary monopolisation of power by block producers. These theoretical results are presented in a way which makes their exploitation straightforward.

3. Potential Vulnerability in IoT Blockchain. ESR2 has developed a simulation using the IOTA blockchain's offline Tangle functionality demonstrating a potential vulnerability in the use of offline Tangle synchronization process. Using a prototype simulation, we investigated the effects of the tip selection algorithm on offline transactions, the solidification effect, and partial synchrony considering a subset of nodes are disconnected from the IOTA main net.

4. Economic analysis of Cyber Vulnerabilities: ESR4 Research activity has so far explored several technical and economic aspects of the sustainability of cryptocurrencies, by surveying the most recent literature in the domain and performing event studies on real-world cryptocurrency datasets highlighting the behavior of systems under attack.

5. Legal Analysis of Blockchain Cyber Regulation in the EU: ESR4 explored then legal aspects of blockchain and crypto asset cyber security, thus highlighting the relationships between observed and anticipated threats in BCT systems and (arguably) the last line of defense for resolving the emerging controversies that is provided by the judicial system. The research provided an overview the newest EU proposals for regulations concerning blockchains and crypto-asset and underline EU’s goal to foster further innovation and development in this field. The Research also proposed ways to mitigate cyber-related risks.

6. Policy aspect of MEV: ESR4 research also dealt with issues related to decentralized governance design in relation to MEV under the PBS framework. The research provided a tech-policy perspective which also underlined security and economic concerns which should be addressed by policy.

7. Machine learning and Rug pulls: ESR4 anlyzed scams in Decentralized exchanges, using a method of performing scams known as rug pull. The authors collected all the transactions related to the Uniswap V2 exchange and proposed a machine learning algorithm to label tokens as scams. After manually analyzing the data, a theoretical classification of different malicious maneuvers in the Uniswap protocol was devised. Then, various machine-learning-based algorithms were proposed, with new features related to the token propagation and smart contract heuristics to detect potential rug pulls before they occur. The results suggested that new more involved tools could use scam non-sophisticated users.