eprintid: 10182331 rev_number: 7 eprint_status: archive userid: 699 dir: disk0/10/18/23/31 datestamp: 2023-11-29 11:11:28 lastmod: 2023-11-29 11:11:28 status_changed: 2023-11-29 11:11:28 type: proceedings_section metadata_visibility: show sword_depositor: 699 creators_name: Zhou, Liyi creators_name: Qin, Kaihua creators_name: Cully, Antoine creators_name: Livshits, Benjamin creators_name: Gervais, Arthur title: On the Just-In-Time Discovery of Profit-Generating Transactions in DeFi Protocols ispublished: pub divisions: UCL divisions: B04 divisions: C05 divisions: F48 note: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions. abstract: Decentralized Finance (DeFi) is a blockchain-asset-enabled finance ecosystem with millions of daily USD transaction volume, billions of locked up USD, as well as a plethora of newly emerging protocols (for lending, staking, and exchanges). Because all transactions, user balances, and total value locked in DeFi are publicly readable, a natural question that arises is: how can we automatically craft profitable transactions across the intertwined DeFi platforms?In this paper, we investigate two methods that allow us to automatically create profitable DeFi trades, one well-suited to arbitrage and the other applicable to more complicated settings. We first adopt the Bellman-Ford-Moore algorithm with DeFiPoser-ARB and then create logical DeFi protocol models for a theorem prover in DeFiPoser-SMT. While DeFiPoser-ARB focuses on DeFi transactions that form a cycle and performs very well for arbitrage, DeFiPoser-SMT can detect more complicated profitable transactions. We estimate that DeFiPoser-ARB and DeFiPoser-SMT can generate an average weekly revenue of 191.48 ETH (76,592 USD) and 72.44 ETH (28,976 USD) respectively, with the highest transaction revenue being 81.31 ETH (32,524 USD) and 22.40 ETH (8,960 USD) respectively. We further show that DeFiPoser-SMT finds the known economic bZx attack from February 2020, which yields 0.48M USD. Our forensic investigations show that this opportunity existed for 69 days and could have yielded more revenue if exploited one day earlier. Our evaluation spans 150 days, given 96 DeFi protocol actions, and 25 assets.Looking beyond the financial gains mentioned above, forks deteriorate the blockchain consensus security, as they increase the risks of double-spending and selfish mining. We explore the implications of DeFiPoser-ARB and DeFiPoser-SMT on blockchain consensus. Specifically, we show that the trades identified by our tools exceed the Ethereum block reward by up to 874×. Given optimal adversarial strategies provided by a Markov Decision Process (MDP), we quantify the value threshold at which a profitable transaction qualifies as Miner Extractable Value (MEV) and would incentivize MEV-aware miners to fork the blockchain. For instance, we find that on Ethereum, a miner with a hash rate of 10% would fork the blockchain if an MEV opportunity exceeds 4× the block reward. date: 2021-08-26 date_type: published publisher: IEEE official_url: https://doi.org/10.1109/SP40001.2021.00113 oa_status: green full_text_type: other language: eng primo: open primo_central: open_green verified: verified_manual elements_id: 2112527 doi: 10.1109/sp40001.2021.00113 lyricists_name: Gervais, Arthur lyricists_id: AGERV21 actors_name: Gervais, Arthur actors_id: AGERV21 actors_role: owner full_text_status: public pres_type: paper publication: 2021 IEEE Symposium on Security and Privacy (SP) place_of_pub: San Francisco, CA, USA pagerange: 919-936 event_title: 2021 IEEE Symposium on Security and Privacy (SP) event_dates: 24 May 2021 - 27 May 2021 book_title: 2021 IEEE Symposium on Security and Privacy (SP) citation: Zhou, Liyi; Qin, Kaihua; Cully, Antoine; Livshits, Benjamin; Gervais, Arthur; (2021) On the Just-In-Time Discovery of Profit-Generating Transactions in DeFi Protocols. In: 2021 IEEE Symposium on Security and Privacy (SP). (pp. pp. 919-936). IEEE: San Francisco, CA, USA. Green open access document_url: https://discovery.ucl.ac.uk/id/eprint/10182331/1/2103.02228.pdf