• BitML: a calculus for Bitcoin smart contracts

    M. Bartoletti, R. Zunino.

    Cryptology ePrint Archive: Report 2018/122, 2018.

    Read abstract

    We propose a domain-specific language for smart contracts, which allows participants to transfer cryptocurrency according to agreed contract terms. We define a symbolic and a computational model for reasoning about their security. In the symbolic model, participants act according to the semantics of the domain-specific language. Instead, in the computational model they exchange bitstrings, and publish transactions on the Bitcoin blockchain. A compiler is provided to translate smart contracts into standard Bitcoin transactions. We prove the correctness of our compiler, showing that computational attacks to compiled smart contracts are also observable in the symbolic model.

  • Fun with Bitcoin smart contracts

    M. Bartoletti, T. Cimoli, R. Zunino.

    Cryptology ePrint Archive: Report 2018/398, 2018.

    Read abstract

    Besides simple transfers of currency, Bitcoin also enables various forms of smart contracts, i.e. protocols where users interact within pre-agreed rules, which determine (possibly depending on the actual interaction) how currency is eventually distributed. This paper provides a gentle introduction to Bitcoin smart contracts, which we specify by abstracting from the underlying Bitcoin machinery. To this purpose we exploit BitML, a recent DSL for smart contracts executable on Bitcoin.

  • SoK: unraveling Bitcoin smart contracts

    N. Atzei, M. Bartoletti, T. Cimoli, S. Lande, R. Zunino.

    Presented at Principles of Security and Trust, 2018.

    Read abstract

    Albeit the primary usage of Bitcoin is to exchange currency, its blockchain and consensus mechanism can also be exploited to securely execute some forms of smart contracts. These are agreements among mutually distrusting parties, which can be automatically enforced without resorting to a trusted intermediary. Over the last few years a variety of smart contracts for Bitcoin have been proposed, both by the academic community and by that of developers. However, the heterogeneity in their treatment, the informal (often incomplete or imprecise) descriptions, and the use of poorly documented Bitcoin features, pose obstacles to the research. In this paper we present a comprehensive survey of smart contracts on Bitcoin, in a uniform framework. Our treatment is based on a new formal specification language for smart contracts, which also helps us to highlight some subtleties in existing informal descriptions, making a step towards automatic verification. We discuss some obstacles to the diffusion of smart contracts on Bitcoin, and we identify the most promising open research challenges.

  • A formal model of Bitcoin transactions

    N. Atzei, M. Bartoletti, S. Lande, R. Zunino.

    Presented at Financial Cryptography and Data Security, 2018.

    Read abstract

    We propose a formal model of Bitcoin transactions, which is sufficiently abstract to enable formal reasoning, and at the same time is concrete enough to serve as an alternative documentation to Bitcoin. We use our model to formally prove some well-formedness properties of the Bitcoin blockchain, for instance that each transaction can only be spent once. We release an open-source tool through which programmers can write transactions in our abstract model, and compile them into standard Bitcoin transactions.

  • Data mining for detecting Bitcoin Ponzi schemes

    M. Bartoletti, B. Pes, S. Serusi.

    Presented at Crypto Valley Conference on Blockchain Technology, 2018.

    Read abstract

    Soon after its introduction in 2009, Bitcoin has been adopted by cyber-criminals, which rely on its pseudonymity to implement virtually untraceable scams. One of the typical scams that operate on Bitcoin are the so-called Ponzi schemes. These are fraudulent investments which repay users with the funds invested by new users that join the scheme, and implode when it is no longer possible to find new investments. Despite being illegal in many countries, Ponzi schemes are now proliferating on Bitcoin, and they keep alluring new victims, who are plundered of millions of dollars. We apply data mining techniques to detect Bitcoin addresses related to Ponzi schemes. Our starting point is a dataset of features of real-world Ponzi schemes, that we construct by analysing, on the Bitcoin blockchain, the transactions used to perform the scams. We use this dataset to experiment with various machine learning algorithms, and we assess their effectiveness through standard validation protocols and performance metrics. The best of the classifiers we have experimented can identify most of the Ponzi schemes in the dataset, with a low number of false positives.

  • A Petri Nets Model for Blockchain Analysis

    A. Pinna, R. Tonelli, M. Orrù, M. Marchesi.

    Published in The Computer Journal, 2018

    Read abstract

    A Blockchain is a global shared infrastructure where cryptocurrency transactions among addresses are recorded, validated and made publicly available in a peer-to-peer network. To date, the best known and important cryptocurrency is the bitcoin. In this paper, we focus on this cryptocurrency and in particular on the modeling of the Bitcoin Blockchain by using the Petri Nets formalism. The proposed model allows us to quickly collect information about identities owning Bitcoin addresses and to recover measures and statistics on the Bitcoin network. By exploiting algebraic formalism, we reconstructed an Entities network associated to Blockchain transactions gathering together Bitcoin addresses into the single entity holding permits to manage Bitcoins held by those addresses. The model allows also to identify a set of behaviors typical of Bitcoin owners, like that of using an address only once, and to reconstruct chains for this behavior together with the rate of firing. Our model is highly flexible and can easily be adapted to include different features of the Bitcoin cryptocurrency system. By exploiting algebraic formalism, we reconstructed an Entities network associated to Blockchain transactions gathering together Bitcoin addresses into the single entity holding permits to manage Bitcoins held by those addresses. The model allows also to identify a set of behaviors typical of Bitcoin owners, like that of using an address only once, and to reconstruct chains for this behavior together with the rate of firing. Our model is highly flexible and can easily be adapted to include different features of the Bitcoin cryptocurrency system.


  • An analysis of Bitcoin OP_RETURN metadata

    M. Bartoletti, L. Pompianu.

    Presented at the Bitcoin Workshop, 2017.

    Read abstract

    The Bitcoin protocol allows to save arbitrary data on the blockchain through a special instruction of the scripting language, called OP_RETURN. A growing number of protocols exploit this feature to extend the range of applications of the Bitcoin blockchain beyond transfer of currency. A point of debate in the Bitcoin community is whether loading data through OP_RETURN can negatively affect the performance of the Bitcoin network with respect to its primary goal. This paper is an empirical study of the usage of OP_RETURN over the years. We identify several protocols based on OP_RETURN, which we classify by their application domain. We measure the evolution in time of the usage of each protocol, the distribution of OP_RETURN transactions by application domain, and their space consumption.

  • An empirical analysis of smart contracts: platforms, applications, and design patterns

    M. Bartoletti, L. Pompianu.

    Presented at Workshop on Trusted Smart Contracts, 2017.

    Read abstract

    Smart contracts are computer programs that can be consistently executed by a network of mutually distrusting nodes, without the arbitration of a trusted authority. Because of their resilience to tampering, smart contracts are appealing in many scenarios, especially in those which require transfers of money to respect certain agreed rules (like in financial services and in games). Over the last few years many platforms for smart contracts have been proposed, and some of them have been actually implemented and used. We study how the notion of smart contract is interpreted in some of these platforms. Focussing on the two most widespread ones, Bitcoin and Ethereum, we quantify the usage of smart contracts in relation to their application domain. We also analyse the most common programming patterns in Ethereum, where the source code of smart contracts is available.

  • A general framework for blockchain analytics

    M. Bartoletti, A. Bracciali, S. Lande, and L. Pompianu

    Presented at SERIAL, 2017

    Read abstract

    Modern cryptocurrencies exploit decentralised blockchains to record a public and unalterable history of transactions. Besides transactions, further information is stored for different, and often undisclosed, purposes, making the blockchains a rich and increasingly growing source of valuable information, in part of difficult interpretation. Many data analytics have been developed, mostly based on specifically designed and ad-hoc engineered approaches. We propose a general-purpose framework, seamlessly supporting data analytics on both Bitcoin and Ethereum - currently the two most prominent cryptocurrencies. Such a framework allows us to integrate relevant blockchain data with data from other sources, and to organise them in a database, either SQL or NoSQL. Our framework is released as an open-source Scala library. We illustrate the distinguishing features of our approach on a set of significant use cases, which allow us to empirically compare ours to other competing proposals, and evaluate the impact of the database choice on scalability.

  • A Proof-of-Stake protocol for consensus on Bitcoin subchains

    M. Bartoletti, S. Lande, A.S. Podda.

    Presented at Workshop on Trusted Smart Contracts, 2017.

    Read abstract

    Although the transactions on the Bitcoin blockchain have the main purpose of recording currency transfers, they can also carry a few bytes of metadata. A sequence of transaction metadata forms a subchain of the Bitcoin blockchain, and it can be used to store a tamper-proof execution trace of a smart contract. Except for the trivial case of contracts which admit any trace, in general there may exist inconsistent subchains which represent incorrect contract executions. A crucial issue is how to make it difficult, for an adversary, to subvert the execution of a contract by making its subchain inconsistent. Existing approaches either postulate that subchains are always consistent, or give weak guarantees about their security (for instance, they are susceptible to Sybil attacks). We propose a consensus protocol, based on Proof-of-Stake, that incentivizes nodes to consistently extend the subchain. We empirically evaluate the security of our protocol, and we show how to exploit it as the basis for smart contracts on Bitcoin.

  • A survey of attacks on Ethereum smart contracts (SoK)

    N. Atzei, M. Bartoletti, T. Cimoli.

    Presented at Principles of Security and Trust, 2017.

    Read abstract

    Smart contracts are computer programs that can be correctly executed by a network of mutually distrusting nodes, without the need of an external trusted authority. Since smart contracts handle and transfer assets of considerable value, besides their correct execution it is also crucial that their implementation is secure against attacks which aim at stealing or tampering the assets. We study this problem in Ethereum, the most well-known and used framework for smart contracts so far. We analyse the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities. We show a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.

  • Banking on Blockchain: Costs Savings Thanks to the Blockchain Technology

    L. Cocco, A. Pinna, M. Marchesi

    Published in Future Internet, 2017.

    Read abstract

    This paper looks at the challenges and opportunities of implementing blockchain technology across banking, providing food for thought about the potentialities of this disruptive technology. The blockchain technology can optimize the global financial infrastructure, achieving sustainable development, using more efficient systems than at present. In fact, many banks are currently focusing on blockchain technology to promote economic growth and accelerate the development of green technologies. In order to understand the potential of blockchain technology to support the financial system, we studied the actual performance of the Bitcoin system, also highlighting its major limitations, such as the significant energy consumption due to the high computing power required, and the high cost of hardware. We estimated the electrical power and the hash rate of the Bitcoin network, over time, and, in order to evaluate the efficiency of the Bitcoin system in its actual operation, we defined three quantities: "economic efficiency", "operational efficiency", and "efficient service". The obtained results show that by overcoming the disadvantages of the Bitcoin system, and therefore of blockchain technology, we could be able to handle financial processes in a more efficient way than under the current system.

  • Blockchain-oriented Software Engineering: Challenges and New Directions

    S. Porru, A. Pinna, M. Marchesi, R. Tonelli.

    Presented at the IEEE/ACM 39th IEEE International Conference on Software Engineering Companion, 2017.

    Read abstract

    In this work, we acknowledge the need for software engineers to devise specialized tools and techniques for blockchain-oriented software development. Ensuring effective testing activities, enhancing collaboration in large teams, and facilitating the development of smart contracts all appear as key factors in the future of blockchain-oriented software development.

  • Constant-deposit multiparty lotteries on Bitcoin

    M. Bartoletti, R. Zunino.

    Presented at the Bitcoin Workshop, 2017.

    Read abstract

    An active research trend is to exploit the consensus mechanism of cryptocurrencies to secure the execution of distributed applications. In particular, some recent works have proposed fair lotteries which work on Bitcoin. These protocols, however, require a deposit from each player which grows quadratically with the number of players. We propose a fair lottery on Bitcoin which only requires a constant deposit.

  • Dissecting Ponzi schemes on Ethereum: identification, analysis, and impact

    M. Bartoletti, S. Carta, T. Cimoli, R. Saia.

    Presented at P2PFISY, 2017

    Read abstract

    Ponzi schemes are financial frauds where, under the promise of high profits, users put their money, recovering their investment and interests only if enough users after them continue to invest money. Originated in the offline world 150 years ago, Ponzi schemes have since then migrated to the digital world, approaching first on the Web, and more recently hanging over cryptocurrencies like Bitcoin. Smart contract platforms like Ethereum have provided a new opportunity for scammers, who have now the possibility of creating "trustworthy" frauds that still make users lose money, but at least are guaranteed to execute "correctly". We present a comprehensive survey of Ponzi schemes on Ethereum, analysing their behaviour and their impact from various viewpoints. Perhaps surprisingly, we identify a remarkably high number of Ponzi schemes, despite the hosting platform has been operating for less than two years.

  • Using an artificial financial market for studying a cryptocurrency market

    L. Cocco, G. Concas, M. Marchesi.

    Published in Journal of Economic Interaction and Coordination - Springer, 2017

    Read abstract

    This paper presents an agent-based artificial cryptocurrency market in which heterogeneous agents buy or sell cryptocurrencies, in particular Bitcoins. In this market, there are two typologies of agents, Random Traders and Chartists, which interact with each other by trading Bitcoins. Each agent is initially endowed with a finite amount of crypto and/or fiat cash and issues buy and sell orders, according to her strategy and resources. The number of Bitcoins increases over time with a rate proportional to the real one, even if the mining process is not explicitly modelled. The model proposed is able to reproduce some of the real statistical properties of the price returns observed in the Bitcoin real market. In particular, it is able to reproduce the unit root property, the fat tail phenomenon and the volatility clustering. The simulator has been implemented using object-oriented technology, and could be considered a valid starting point to study and analyse the cryptocurrency market and its future evolutions.


  • Bitcoin Spread Prediction Using Social And Web Search Media

    M. Matta, I. Lunesu, M. Marchesi.

    Presented at the UMAP Workshops, 2015.

    Read abstract

    In the last decade, Web 2.0 services such as blogs, tweets, forums, chats, email etc. are widely used as media for communication, with satisfying results. Sharing knowledge is an important part of learning and enhancing skills. Furthermore, emotions may affect decision-making and individual behavior. Could this be considered also valid for trend analysis of bitcoin’s price whether we consider an important chatter of tweets or Web Search media results? We used this hypothesis for investigating the power of Twitter and Google Trends as predictive systems for Bitcoin price variations. We compared trends of price with Google Trends data, volume of tweets and particularly with those that express a positive sentiment. We found significant cross correlation values, especially between Bitcoin price and Google Trends data, confirming our hypothesis based on studies about trends in stock and goods market.

  • The Predictor Impact of Web Search Media On Bitcoin Trading Volumes

    M. Matta, I. Lunesu, M. Marchesi.

    Presented at the DART - Information Filtering and Retrieval, 2015.

    Read abstract

    In the last decade, Web 2.0 services have been widely used as communication media. Due to the huge amount of available information, searching has become dominant in the use of Internet. Millions of users daily interact with search engines, producing valuable sources of interesting data regarding several aspects of the world. Search queries prove to be a useful source of information in financial applications, where the frequency of searches of terms related to the digital currency can be a good measure of interest in it. Bitcoin, a decentralized electronic currency, represents a radical change in financial systems, attracting a large number of users and a lot of media attention. In this work we studied the existing relationship between Bitcoin's trading volumes and the queries volumes of Google search engine. We achieved significant cross correlation values, demonstrating search volumes power to anticipate trading volumes of Bitcoin currency.