A quantitative notion of economic security for smart contract compositions

TL;DR

This paper introduces a quantitative security measure for smart contract compositions, specifically in DeFi, to assess how attacks on individual components can amplify systemic economic losses.

Contribution

It proposes a novel quantitative security notion for evaluating the impact of component attacks on overall system security in smart contract ecosystems.

Findings

Analyzed under-collateralized loan attacks in DeFi systems.

Demonstrated how component attacks can significantly amplify systemic losses.

Provided a framework for assessing security of complex smart contract compositions.

Abstract

Decentralized applications are often composed of multiple interconnected smart contracts. This is especially evident in DeFi, where protocols are heavily intertwined and rely on a variety of basic building blocks such as tokens, decentralized exchanges and lending protocols. A crucial security challenge in this setting arises when adversaries target individual components to cause systemic economic losses. Existing security notions focus on determining the existence of these attacks, but fail to quantify the effect of manipulating individual components on the overall economic security of the system. In this paper, we introduce a quantitative security notion that measures how an attack on a single component can amplify economic losses of the overall system. We study the fundamental properties of this notion and apply it to assess the security of key compositions. In particular, we analyse under-collateralized loan attacks in systems made of lending protocols and decentralized exchanges.