Publications

Submitted

  • A general framework for Bitcoin analytics

    M. Bartoletti, A. Bracciali, S. Lande, and L. Pompianu

    ArXiv, 2017

    Read abstract

    Modern cryptocurrencies exploit decentralised ledgers — the so-called blockchains — to record a public and unalterable history of transactions. These ledgers represent a rich, and increasingly growing, source of information, in part of difficult interpretation and undisclosed meaning. Many analytics, mostly based on ad-hoc engineered solutions, are being developed to discover relevant knowledge from these data. We introduce a framework for the development of custom analytics on Bitcoin — the most preeminent cryptocurrency — which also allows to integrate data within the blockchain with data retrieved form external sources. We illustrate the flexibility and effectiveness of our analytics framework by means of paradigmatic use cases.

2017

  • Dissecting Ponzi schemes on Ethereum: identification, analysis, and impact

    M. Bartoletti, S. Carta, T. Cimoli, R. Saia.

    To be presented at P2PFISY, 2017

    Read abstract

    Ponzi schemes are financial frauds where, under the promise of high profits, users put their money, recovering their investment and interests only if enough users after them continue to invest money. Originated in the offline world 150 years ago, Ponzi schemes have since then migrated to the digital world, approaching first on the Web, and more recently hanging over cryptocurrencies like Bitcoin. Smart contract platforms like Ethereum have provided a new opportunity for scammers, who have now the possibility of creating “trustworthy” frauds that still make users lose money, but at least are guaranteed to execute "correctly". We present a comprehensive survey of Ponzi schemes on Ethereum, analysing their behaviour and their impact from various viewpoints. Perhaps surprisingly, we identify a remarkably high number of Ponzi schemes, despite the hosting platform has been operating for less than two years.

  • Constant-deposit multiparty lotteries on Bitcoin

    M. Bartoletti, R. Zunino.

    Presented at the Bitcoin Workshop, 2017.

    Read abstract

    An active research trend is to exploit the consensus mechanism of cryptocurrencies to secure the execution of distributed applications. In particular, some recent works have proposed fair lotteries which work on Bitcoin. These protocols, however, require a deposit from each player which grows quadratically with the number of players. We propose a fair lottery on Bitcoin which only requires a constant deposit.

  • An analysis of Bitcoin OP_RETURN metadata

    M. Bartoletti, L. Pompianu.

    Presented at the Bitcoin Workshop, 2017.

    Read abstract

    The Bitcoin protocol allows to save arbitrary data on the blockchain through a special instruction of the scripting language, called OP_RETURN. A growing number of protocols exploit this feature to extend the range of applications of the Bitcoin blockchain beyond transfer of currency. A point of debate in the Bitcoin community is whether loading data through OP_RETURN can negatively affect the performance of the Bitcoin network with respect to its primary goal. This paper is an empirical study of the usage of OP_RETURN over the years. We identify several protocols based on OP_RETURN, which we classify by their application domain. We measure the evolution in time of the usage of each protocol, the distribution of OP_RETURN transactions by application domain, and their space consumption.

  • An empirical analysis of smart contracts: platforms, applications, and design patterns

    M. Bartoletti, L. Pompianu.

    Presented at Workshop on Trusted Smart Contracts, 2017.

    Read abstract

    Smart contracts are computer programs that can be consistently executed by a network of mutually distrusting nodes, without the arbitration of a trusted authority. Because of their resilience to tampering, smart contracts are appealing in many scenarios, especially in those which require transfers of money to respect certain agreed rules (like in financial services and in games). Over the last few years many platforms for smart contracts have been proposed, and some of them have been actually implemented and used. We study how the notion of smart contract is interpreted in some of these platforms. Focussing on the two most widespread ones, Bitcoin and Ethereum, we quantify the usage of smart contracts in relation to their application domain. We also analyse the most common programming patterns in Ethereum, where the source code of smart contracts is available.

  • A Proof-of-Stake protocol for consensus on Bitcoin subchains

    M. Bartoletti, S. Lande, A.S. Podda.

    Presented at Workshop on Trusted Smart Contracts, 2017.

    Read abstract

    Although the transactions on the Bitcoin blockchain have the main purpose of recording currency transfers, they can also carry a few bytes of metadata. A sequence of transaction metadata forms a subchain of the Bitcoin blockchain, and it can be used to store a tamper-proof execution trace of a smart contract. Except for the trivial case of contracts which admit any trace, in general there may exist inconsistent subchains which represent incorrect contract executions. A crucial issue is how to make it difficult, for an adversary, to subvert the execution of a contract by making its subchain inconsistent. Existing approaches either postulate that subchains are always consistent, or give weak guarantees about their security (for instance, they are susceptible to Sybil attacks). We propose a consensus protocol, based on Proof-of-Stake, that incentivizes nodes to consistently extend the subchain. We empirically evaluate the security of our protocol, and we show how to exploit it as the basis for smart contracts on Bitcoin.

  • A survey of attacks on Ethereum smart contracts (SoK)

    N. Atzei, M. Bartoletti, T. Cimoli.

    In Proc. Principles of Security and Trust, 2017.

    Read abstract

    Smart contracts are computer programs that can be correctly executed by a network of mutually distrusting nodes, without the need of an external trusted authority. Since smart contracts handle and transfer assets of considerable value, besides their correct execution it is also crucial that their implementation is secure against attacks which aim at stealing or tampering the assets. We study this problem in Ethereum, the most well-known and used framework for smart contracts so far. We analyse the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities. We show a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.