• A journey into Bitcoin metadata

    M. Bartoletti, B. Bellomy, L. Pompianu.

    Journal of Grid Computing, 2019.

    Read abstract

    Besides recording transfers of currency, the Bitcoin blockchain is being used to save metadata — i.e. arbitrary pieces of data which do not affect transfers of bitcoins. This can be done by using different techniques, and for different purposes. For instance, a growing number of protocols embed metadata in the blockchain to certify and transfer the ownership of a variety of assets beyond cryptocurrency. A point of debate in the Bitcoin community is whether metadata negatively impact on the effectiveness of Bitcoin with respect to its primary function. This paper is a systematic analysis of the usage of Bitcoin metadata over the years. We discuss all the known techniques to embed metadata in the Bitcoin blockchain; we then extract metadata, and analyse them from different angles.

  • Verifying Liquidity of Bitcoin Contracts

    M. Bartoletti, R. Zunino.

    Presented at Principles of Security and Trust, 2019.

    Read abstract

    A landmark security property of smart contracts is liquidity: in a non-liquid contract, it may happen that some funds remain frozen. The relevance of this issue is witnessed by a recent liquidity attack to the Ethereum Parity Wallet, which has frozen 160M USD within the contract, making this sum unredeemable by any user. We address the problem of verifying liquidity of Bitcoin contracts. Focussing on itML, a contracts DSL with a computationally sound compiler to Bitcoin, we study various notions of liquidity. Our main result is that liquidity of BitML contracts is decidable, in all the proposed variants. To prove this, we first transform the infinite-state semantics of BitML into a finite-state one, which focusses on the behaviour of any given set of contracts, abstracting the moves of the context. With respect to the chosen contracts, this abstraction in sound and complete. Our decision procedure for liquidity is then based on model-checking the finite space of states of the abstraction. The computational soundness of the BitML compiler allows to lift this result from the symbolic to the computational level: if our decision procedure establishes that a contract is liquid, then it will be such also under a computational adversary, and vice versa.

  • A true concurrent model of smart contracts executions

    M. Bartoletti, L. Galletta, M. Murgia.

    arXiv preprint 1905.04366, 2019.

    Read abstract

    One of the key features of modern blockchain platforms is the possibility of executing smart contracts, i.e. computer programs that transfer digital assets between users, according to pre-agreed rules. Crucially, the execution of smart contracts must be correct even in the presence of (a minority of) adversaries in the peer-to-peer network that maintains the blockchain. To enforce this property without a trusted authority, the nodes follow a consensus protocol, which determines which node can extend the blockchain at each moment. To this aim, nodes first collect a set of transactions from the network, representing the actions on the smart contracts required by users. Then, to compute the new state of the smart contracts, they put these transactions in sequence (in an arbitrary order), and execute them serially. Once this block of transactions is appended to the blockchain, the other nodes of the network validate it, by re-executing the transactions in the same order. The serial execution of transactions does not take advantage of the multi-core architecture of modern processors, so contributing to limit the throughput of blockchains. In this paper we devise a static analysis technique for parallelizing the execution of transactions, in a formal setting based on Ethereum, the most widespread platform for smart contracts.

  • Developing secure Bitcoin contracts with BitML

    N. Atzei, M. Bartoletti, S. Lande, N. Yoshida, R. Zunino.

    arXiv preprint 1905.07639, 2019.

    Read abstract

    We present a toolchain for developing and verifying smart contracts that can be executed on Bitcoin. The toolchain is based on BitML, a recent domain-specific language for smart contracts with a computationally sound embedding into Bitcoin. Our toolchain automatically verifies relevant properties of contracts, among which liquidity, ensuring that funds do not remain frozen within a contract forever. A compiler is provided to translate BitML contracts into sets of standard Bitcoin transactions: executing a contract corresponds to appending these transactions to the blockchain. We assess our toolchain through a benchmark of representative contracts.


  • SoK: unraveling Bitcoin smart contracts

    N. Atzei, M. Bartoletti, T. Cimoli, S. Lande, R. Zunino.

    Presented at Principles of Security and Trust, 2018.

    Read abstract

    Albeit the primary usage of Bitcoin is to exchange currency, its blockchain and consensus mechanism can also be exploited to securely execute some forms of smart contracts. These are agreements among mutually distrusting parties, which can be automatically enforced without resorting to a trusted intermediary. Over the last few years a variety of smart contracts for Bitcoin have been proposed, both by the academic community and by that of developers. However, the heterogeneity in their treatment, the informal (often incomplete or imprecise) descriptions, and the use of poorly documented Bitcoin features, pose obstacles to the research. In this paper we present a comprehensive survey of smart contracts on Bitcoin, in a uniform framework. Our treatment is based on a new formal specification language for smart contracts, which also helps us to highlight some subtleties in existing informal descriptions, making a step towards automatic verification. We discuss some obstacles to the diffusion of smart contracts on Bitcoin, and we identify the most promising open research challenges.

  • A formal model of Bitcoin transactions

    N. Atzei, M. Bartoletti, S. Lande, R. Zunino.

    Presented at Financial Cryptography and Data Security, 2018.

    Read abstract

    We propose a formal model of Bitcoin transactions, which is sufficiently abstract to enable formal reasoning, and at the same time is concrete enough to serve as an alternative documentation to Bitcoin. We use our model to formally prove some well-formedness properties of the Bitcoin blockchain, for instance that each transaction can only be spent once. We release an open-source tool through which programmers can write transactions in our abstract model, and compile them into standard Bitcoin transactions.

  • BitML: a calculus for Bitcoin smart contracts

    M. Bartoletti, R. Zunino.

    Presented at ACM CCS, 2018.

    Read abstract

    We propose a domain-specific language for smart contracts, which allows participants to transfer cryptocurrency according to agreed contract terms. We define a symbolic and a computational model for reasoning about their security. In the symbolic model, participants act according to the semantics of the domain-specific language. Instead, in the computational model they exchange bitstrings, and publish transactions on the Bitcoin blockchain. A compiler is provided to translate smart contracts into standard Bitcoin transactions. We prove the correctness of our compiler, showing that computational attacks to compiled smart contracts are also observable in the symbolic model.

  • Fun with Bitcoin smart contracts

    M. Bartoletti, T. Cimoli, R. Zunino.

    Presented at ISOLA, 2018.

    Read abstract

    Besides simple transfers of currency, Bitcoin also enables various forms of smart contracts, i.e. protocols where users interact within pre-agreed rules, which determine (possibly depending on the actual interaction) how currency is eventually distributed. This paper provides a gentle introduction to Bitcoin smart contracts, which we specify by abstracting from the underlying Bitcoin machinery. To this purpose we exploit BitML, a recent DSL for smart contracts executable on Bitcoin.

  • Blockchain for social good: a quantitative analysis

    M. Bartoletti, T. Cimoli, L. Pompianu, S. Serusi.

    Presented at GOODTECHS, 2018.

    Read abstract

    The advent of blockchain technologies has given a boost to social good projects, which are trying to exploit various characteristic features of blockchains: the quick and inexpensive transfer of cryptocurrency, the transparency of transactions, the ability to tokenize any kind of assets, and the increase in trustworthiness due to decentralization. However, the swift pace of innovation in blockchain technologies, and the hype that has surrounded their “disruptive potential”, make it difficult to understand whether these technologies are applied correctly, and what one should expect when trying to apply them to social good projects. This paper addresses these issues, by systematically analysing a collection of 95 blockchain-enabled social good projects. Focussing on measurable and objective aspects, we try to answer various relevant questions: which features of blockchains are most commonly used? Do projects have success in fund raising? Are they making appropriate choices on the blockchain architecture? How many projects are released to the public, and how many are eventually abandoned?

  • Data mining for detecting Bitcoin Ponzi schemes

    M. Bartoletti, B. Pes, S. Serusi.

    Presented at Crypto Valley Conference on Blockchain Technology, 2018.

    Read abstract

    Soon after its introduction in 2009, Bitcoin has been adopted by cyber-criminals, which rely on its pseudonymity to implement virtually untraceable scams. One of the typical scams that operate on Bitcoin are the so-called Ponzi schemes. These are fraudulent investments which repay users with the funds invested by new users that join the scheme, and implode when it is no longer possible to find new investments. Despite being illegal in many countries, Ponzi schemes are now proliferating on Bitcoin, and they keep alluring new victims, who are plundered of millions of dollars. We apply data mining techniques to detect Bitcoin addresses related to Ponzi schemes. Our starting point is a dataset of features of real-world Ponzi schemes, that we construct by analysing, on the Bitcoin blockchain, the transactions used to perform the scams. We use this dataset to experiment with various machine learning algorithms, and we assess their effectiveness through standard validation protocols and performance metrics. The best of the classifiers we have experimented can identify most of the Ponzi schemes in the dataset, with a low number of false positives.

  • Smart contracts vulnerabilities: a call for blockchain software engineering?

    Giuseppe Destefanis, Michele Marchesi, Marco Ortu, Roberto Tonelli, Andrea Bracciali, Robert Hierons.

    Presented at IWBOSE, 2018.

    Read abstract

    Smart Contracts have gained tremendous popularity in the past few years, to the point that billions of US Dollars are currently exchanged every day through such technology. However, since the release of the Frontier network of Ethereum in 2015, there have been many cases in which the execution of Smart Contracts managing Ether coins has led to problems or conflicts. Compared to traditional Software Engineering, a discipline of Smart Contract and Blockchain programming, with standardized best practices that can help solve the mentioned problems and conflicts, is not yet sufficiently developed. Furthermore, Smart Contracts rely on a non-standard software life-cycle, according to which, for instance, delivered applications can hardly be updated or bugs resolved by releasing a new version of the software. In this paper we advocate the need for a discipline of Blockchain Software Engineering, addressing the issues posed by smart contract programming and other applications running on blockchains.We analyse a case of study where a bug discovered in a Smart Contract library, and perhaps "unsafe" programming, allowed an attack on Parity, a wallet application, causing the freezing of about 500K Ethers (about 150M USD, in November 2017). In this study we analyze the source code of Parity and the library, and discuss how recognised best practices could mitigate, if adopted and adapted, such detrimental software misbehavior. We also reflect on the specificity of Smart Contract software development, which makes some of the existing approaches insufficient, and call for the definition of a specific Blockchain Software Engineering.

  • The ICO phenomenon and its relationships with Ethereum smart contract environment

    Gianni Fenu, Lodovica Marchesi, Michele Marchesi, Roberto Tonelli.

    Presented at IWBOSE, 2018.

    Read abstract

    Initial Coin Offerings (ICO) are public offers of new cryptocurrencies in exchange of existing ones, aimed to finance projects in the blockchain development arena. In the last 8 months of 2017, the total amount gathered by ICOs exceeded 4 billion US$, and overcame the venture capital funnelled toward high tech initiatives in the same period. A high percentage of ICOs is managed through Smart Contracts running on Ethereum blockchain, and in particular to ERC-20 Token Standard Contract. In this work we examine 1387 ICOs, published on December 31, 2017 on website, gathering information relevant to the assessment of their quality and software development management, including data on their development teams. We also study, at the same date, the financial data of 450 ICO tokens available on website, among which 355 tokens are managed on Ethereum blochain. We define success criteria for the ICOs, based on the funds actually gathered, and on the behavior of the price of the related tokens, finding the factors that most likely influence the ICO success likeliness.

  • A Petri Nets Model for Blockchain Analysis

    A. Pinna, R. Tonelli, M. Orrù, M. Marchesi.

    The Computer Journal, 2018

    Read abstract

    A Blockchain is a global shared infrastructure where cryptocurrency transactions among addresses are recorded, validated and made publicly available in a peer-to-peer network. To date, the best known and important cryptocurrency is the bitcoin. In this paper, we focus on this cryptocurrency and in particular on the modeling of the Bitcoin Blockchain by using the Petri Nets formalism. The proposed model allows us to quickly collect information about identities owning Bitcoin addresses and to recover measures and statistics on the Bitcoin network. By exploiting algebraic formalism, we reconstructed an Entities network associated to Blockchain transactions gathering together Bitcoin addresses into the single entity holding permits to manage Bitcoins held by those addresses. The model allows also to identify a set of behaviors typical of Bitcoin owners, like that of using an address only once, and to reconstruct chains for this behavior together with the rate of firing. Our model is highly flexible and can easily be adapted to include different features of the Bitcoin cryptocurrency system. By exploiting algebraic formalism, we reconstructed an Entities network associated to Blockchain transactions gathering together Bitcoin addresses into the single entity holding permits to manage Bitcoins held by those addresses. The model allows also to identify a set of behaviors typical of Bitcoin owners, like that of using an address only once, and to reconstruct chains for this behavior together with the rate of firing. Our model is highly flexible and can easily be adapted to include different features of the Bitcoin cryptocurrency system.


  • An analysis of Bitcoin OP_RETURN metadata

    M. Bartoletti, L. Pompianu.

    Presented at the Bitcoin Workshop, 2017.

    Read abstract

    The Bitcoin protocol allows to save arbitrary data on the blockchain through a special instruction of the scripting language, called OP_RETURN. A growing number of protocols exploit this feature to extend the range of applications of the Bitcoin blockchain beyond transfer of currency. A point of debate in the Bitcoin community is whether loading data through OP_RETURN can negatively affect the performance of the Bitcoin network with respect to its primary goal. This paper is an empirical study of the usage of OP_RETURN over the years. We identify several protocols based on OP_RETURN, which we classify by their application domain. We measure the evolution in time of the usage of each protocol, the distribution of OP_RETURN transactions by application domain, and their space consumption.

  • An empirical analysis of smart contracts: platforms, applications, and design patterns

    M. Bartoletti, L. Pompianu.

    Presented at Workshop on Trusted Smart Contracts, 2017.

    Read abstract

    Smart contracts are computer programs that can be consistently executed by a network of mutually distrusting nodes, without the arbitration of a trusted authority. Because of their resilience to tampering, smart contracts are appealing in many scenarios, especially in those which require transfers of money to respect certain agreed rules (like in financial services and in games). Over the last few years many platforms for smart contracts have been proposed, and some of them have been actually implemented and used. We study how the notion of smart contract is interpreted in some of these platforms. Focussing on the two most widespread ones, Bitcoin and Ethereum, we quantify the usage of smart contracts in relation to their application domain. We also analyse the most common programming patterns in Ethereum, where the source code of smart contracts is available.

  • A general framework for blockchain analytics

    M. Bartoletti, A. Bracciali, S. Lande, and L. Pompianu

    Presented at SERIAL, 2017

    Read abstract

    Modern cryptocurrencies exploit decentralised blockchains to record a public and unalterable history of transactions. Besides transactions, further information is stored for different, and often undisclosed, purposes, making the blockchains a rich and increasingly growing source of valuable information, in part of difficult interpretation. Many data analytics have been developed, mostly based on specifically designed and ad-hoc engineered approaches. We propose a general-purpose framework, seamlessly supporting data analytics on both Bitcoin and Ethereum - currently the two most prominent cryptocurrencies. Such a framework allows us to integrate relevant blockchain data with data from other sources, and to organise them in a database, either SQL or NoSQL. Our framework is released as an open-source Scala library. We illustrate the distinguishing features of our approach on a set of significant use cases, which allow us to empirically compare ours to other competing proposals, and evaluate the impact of the database choice on scalability.

  • A Proof-of-Stake protocol for consensus on Bitcoin subchains

    M. Bartoletti, S. Lande, A.S. Podda.

    Presented at Workshop on Trusted Smart Contracts, 2017.

    Read abstract

    Although the transactions on the Bitcoin blockchain have the main purpose of recording currency transfers, they can also carry a few bytes of metadata. A sequence of transaction metadata forms a subchain of the Bitcoin blockchain, and it can be used to store a tamper-proof execution trace of a smart contract. Except for the trivial case of contracts which admit any trace, in general there may exist inconsistent subchains which represent incorrect contract executions. A crucial issue is how to make it difficult, for an adversary, to subvert the execution of a contract by making its subchain inconsistent. Existing approaches either postulate that subchains are always consistent, or give weak guarantees about their security (for instance, they are susceptible to Sybil attacks). We propose a consensus protocol, based on Proof-of-Stake, that incentivizes nodes to consistently extend the subchain. We empirically evaluate the security of our protocol, and we show how to exploit it as the basis for smart contracts on Bitcoin.

  • A survey of attacks on Ethereum smart contracts (SoK)

    N. Atzei, M. Bartoletti, T. Cimoli.

    Presented at Principles of Security and Trust, 2017.

    Read abstract

    Smart contracts are computer programs that can be correctly executed by a network of mutually distrusting nodes, without the need of an external trusted authority. Since smart contracts handle and transfer assets of considerable value, besides their correct execution it is also crucial that their implementation is secure against attacks which aim at stealing or tampering the assets. We study this problem in Ethereum, the most well-known and used framework for smart contracts so far. We analyse the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities. We show a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.

  • Banking on Blockchain: Costs Savings Thanks to the Blockchain Technology

    L. Cocco, A. Pinna, M. Marchesi

    Future Internet, 2017.

    Read abstract

    This paper looks at the challenges and opportunities of implementing blockchain technology across banking, providing food for thought about the potentialities of this disruptive technology. The blockchain technology can optimize the global financial infrastructure, achieving sustainable development, using more efficient systems than at present. In fact, many banks are currently focusing on blockchain technology to promote economic growth and accelerate the development of green technologies. In order to understand the potential of blockchain technology to support the financial system, we studied the actual performance of the Bitcoin system, also highlighting its major limitations, such as the significant energy consumption due to the high computing power required, and the high cost of hardware. We estimated the electrical power and the hash rate of the Bitcoin network, over time, and, in order to evaluate the efficiency of the Bitcoin system in its actual operation, we defined three quantities: "economic efficiency", "operational efficiency", and "efficient service". The obtained results show that by overcoming the disadvantages of the Bitcoin system, and therefore of blockchain technology, we could be able to handle financial processes in a more efficient way than under the current system.

  • Blockchain-oriented Software Engineering: Challenges and New Directions

    S. Porru, A. Pinna, M. Marchesi, R. Tonelli.

    Presented at the IEEE/ACM 39th IEEE International Conference on Software Engineering Companion, 2017.

    Read abstract

    In this work, we acknowledge the need for software engineers to devise specialized tools and techniques for blockchain-oriented software development. Ensuring effective testing activities, enhancing collaboration in large teams, and facilitating the development of smart contracts all appear as key factors in the future of blockchain-oriented software development.

  • Constant-deposit multiparty lotteries on Bitcoin

    M. Bartoletti, R. Zunino.

    Presented at the Bitcoin Workshop, 2017.

    Read abstract

    An active research trend is to exploit the consensus mechanism of cryptocurrencies to secure the execution of distributed applications. In particular, some recent works have proposed fair lotteries which work on Bitcoin. These protocols, however, require a deposit from each player which grows quadratically with the number of players. We propose a fair lottery on Bitcoin which only requires a constant deposit.

  • Dissecting Ponzi schemes on Ethereum: identification, analysis, and impact

    M. Bartoletti, S. Carta, T. Cimoli, R. Saia.

    Presented at P2PFISY, 2017

    Read abstract

    Ponzi schemes are financial frauds where, under the promise of high profits, users put their money, recovering their investment and interests only if enough users after them continue to invest money. Originated in the offline world 150 years ago, Ponzi schemes have since then migrated to the digital world, approaching first on the Web, and more recently hanging over cryptocurrencies like Bitcoin. Smart contract platforms like Ethereum have provided a new opportunity for scammers, who have now the possibility of creating "trustworthy" frauds that still make users lose money, but at least are guaranteed to execute "correctly". We present a comprehensive survey of Ponzi schemes on Ethereum, analysing their behaviour and their impact from various viewpoints. Perhaps surprisingly, we identify a remarkably high number of Ponzi schemes, despite the hosting platform has been operating for less than two years.

  • Using an artificial financial market for studying a cryptocurrency market

    L. Cocco, G. Concas, M. Marchesi.

    Journal of Economic Interaction and Coordination - Springer, 2017

    Read abstract

    This paper presents an agent-based artificial cryptocurrency market in which heterogeneous agents buy or sell cryptocurrencies, in particular Bitcoins. In this market, there are two typologies of agents, Random Traders and Chartists, which interact with each other by trading Bitcoins. Each agent is initially endowed with a finite amount of crypto and/or fiat cash and issues buy and sell orders, according to her strategy and resources. The number of Bitcoins increases over time with a rate proportional to the real one, even if the mining process is not explicitly modelled. The model proposed is able to reproduce some of the real statistical properties of the price returns observed in the Bitcoin real market. In particular, it is able to reproduce the unit root property, the fat tail phenomenon and the volatility clustering. The simulator has been implemented using object-oriented technology, and could be considered a valid starting point to study and analyse the cryptocurrency market and its future evolutions.


  • Bitcoin Spread Prediction Using Social And Web Search Media

    M. Matta, I. Lunesu, M. Marchesi.

    Presented at the UMAP Workshops, 2015.

    Read abstract

    In the last decade, Web 2.0 services such as blogs, tweets, forums, chats, email etc. are widely used as media for communication, with satisfying results. Sharing knowledge is an important part of learning and enhancing skills. Furthermore, emotions may affect decision-making and individual behavior. Could this be considered also valid for trend analysis of bitcoin’s price whether we consider an important chatter of tweets or Web Search media results? We used this hypothesis for investigating the power of Twitter and Google Trends as predictive systems for Bitcoin price variations. We compared trends of price with Google Trends data, volume of tweets and particularly with those that express a positive sentiment. We found significant cross correlation values, especially between Bitcoin price and Google Trends data, confirming our hypothesis based on studies about trends in stock and goods market.

  • The Predictor Impact of Web Search Media On Bitcoin Trading Volumes

    M. Matta, I. Lunesu, M. Marchesi.

    Presented at the DART - Information Filtering and Retrieval, 2015.

    Read abstract

    In the last decade, Web 2.0 services have been widely used as communication media. Due to the huge amount of available information, searching has become dominant in the use of Internet. Millions of users daily interact with search engines, producing valuable sources of interesting data regarding several aspects of the world. Search queries prove to be a useful source of information in financial applications, where the frequency of searches of terms related to the digital currency can be a good measure of interest in it. Bitcoin, a decentralized electronic currency, represents a radical change in financial systems, attracting a large number of users and a lot of media attention. In this work we studied the existing relationship between Bitcoin's trading volumes and the queries volumes of Google search engine. We achieved significant cross correlation values, demonstrating search volumes power to anticipate trading volumes of Bitcoin currency.