Aviv Yaish
My research delves into the intricate relationship between the economics and security of distributed systems, such as cryptocurrencies. If you want to collaborate or discuss my research interests, feel free to get in touch. This includes bright undergrads looking for a tutorial work mentor.
Bio. I am a Ph.D. candidate at the Hebrew University. I am also a research consultant at Matter Labs, and a visiting researcher at the University of Innsbruck, funded by an AIANI visiting researcher fellowship. During my studies, I was generously supported by an Ethereum Foundation grant, the four-year merit-based Ze’ev Jabotinsky Fellowship for Ph.D. students, and the Hebrew University’s rector award for first-in-class M.Sc. students.
News
| Nov 5, 2023 | Yuzhe Tang kindly invited me to present Speculative DoS at Syracuse University on Dec. 22! |
|---|---|
| Sep 29, 2023 | I was invited to speak at YoungEC ‘24! |
| Sep 25, 2023 | I will present Speculative DoS at Tokenomics ‘23. |
| Aug 30, 2023 | The Vulnerable Nature of Decentralized Governance in DeFi was accepted to DeFi23. |
| Aug 24, 2023 | I’ll present Suboptimality in DeFi at the Science of DeFi Stability workshop on September 1st. |
Selected Papers
2023
- The Vulnerable Nature of Decentralized Governance in DeFiMaya Dotan, Aviv Yaish, Hsin-Chu Yin, and 2 more authorsIn Proceedings of the 2023 ACM CCS Workshop on Decentralized Finance and Security, 2023
Decentralized Finance (DeFi) platforms are often governed by Decentralized Autonomous Organizations (DAOs) which are implemented via governance protocols. Governance tokens are distributed to users of the platform, granting them voting rights in the platform’s governance protocol. Many DeFi platforms have already been subject to attacks resulting in the loss of millions of dollars in user funds. In this paper we show that governance tokens are often not used as intended and may be harmful to the security of DeFi platforms. We show that (1) users often do not use governance tokens to vote, (2) that voting rates are negatively correlated to gas prices, (3) voting is very centralized. We explore vulnerabilities in the design of DeFi platform’s governance protocols and analyze different governance attacks, focusing on the transferable nature of voting rights via governance tokens. Following the movement and holdings of governance tokens, we show they are often used to perform a single action and then sold off. We present evidence of DeFi platforms using other platforms’ governance protocols to promote their own agenda at the expense of the host platform.
@inproceedings{dotan2023vulnerable, address = {New York, NY, USA}, author = {Dotan, Maya and Yaish, Aviv and Yin, Hsin-Chu and Tsytkin, Eytan and Zohar, Aviv}, booktitle = {Proceedings of the 2023 ACM CCS Workshop on Decentralized Finance and Security}, keywords = {governance, blockchains, cryptocurrencies}, location = {Copenhagen, Denmark}, publisher = {Association for Computing Machinery}, series = {DeFi '23}, title = {The Vulnerable Nature of Decentralized Governance in DeFi}, year = {2023} } - Correct Cryptocurrency ASIC Pricing: Are Miners Overpaying?Aviv Yaish, and Aviv ZoharIn 5th Conference on Advances in Financial Technologies (AFT 2023), 2023
Cryptocurrencies that are based on Proof-of-Work (PoW) often rely on special purpose hardware to perform so-called mining operations that secure the system, with miners receiving freshly minted tokens as a reward for their work. A notable example of such a cryptocurrency is Bitcoin, which is primarily mined using application specific integrated circuit (ASIC) based machines. Due to the supposed profitability of cryptocurrency mining, such hardware has been in great demand in recent years, in-spite of high associated costs like electricity. In this work, we show that because mining rewards are given in the mined cryptocurrency, while expenses are usually paid in some fiat currency such as the United States Dollar (USD), cryptocurrency mining is in fact a bundle of financial options. When exercised, each option converts electricity to tokens. We provide a method of pricing mining hardware based on this insight, and prove that any other price creates arbitrage. Our method shows that contrary to the popular belief that mining hardware is worth less if the cryptocurrency is highly volatile, the opposite effect is true: volatility increases value. Thus, if a coin’s volatility decreases, some miners may leave, affecting security. We compare the prices produced by our method to prices obtained from popular tools currently used by miners and show that the latter only consider the expected returns from mining, while neglecting to account for the inherent risk in mining, which is due to the high exchange-rate volatility of cryptocurrencies. Finally, we show that the returns made from mining can be imitated by trading in bonds and coins, and create such imitating investment portfolios. Historically, realized revenues of these portfolios have outperformed mining, showing that indeed hardware is mispriced.
@inproceedings{yaish2023correct, author = {Yaish, Aviv and Zohar, Aviv}, booktitle = {5th Conference on Advances in Financial Technologies (AFT 2023)}, title = {Correct Cryptocurrency ASIC Pricing: Are Miners Overpaying?}, year = {2023}, address = {Dagstuhl, Germany}, editor = {Bonneau, Joseph and Weinberg, S. Matthew}, pages = {2:1--2:25}, publisher = {Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik}, series = {Leibniz International Proceedings in Informatics (LIPIcs)}, volume = {282}, annote = {Keywords: Cryptocurrency, Blockchain, Proof of Work, Economics}, doi = {10.4230/LIPIcs.AFT.2023.2}, isbn = {978-3-95977-303-4}, issn = {1868-8969}, url = {https://doi.org/10.4230/LIPIcs.AFT.2023.2}, } - Uncle Maker: (Time)Stamping Out The Competition in EthereumAviv Yaish, Gilad Stern, and Aviv ZoharIn Proceedings of the 30th ACM Conference on Computer and Communications Security (CCS ’23), 2023
We present an attack on Ethereum’s consensus mechanism which can be used by miners to obtain consistently higher mining rewards compared to the honest protocol. This attack is novel in that it does not entail withholding blocks or any behavior which has a non-zero probability of earning less than mining honestly, in contrast with the existing literature. This risk-less attack relies instead on manipulating block timestamps, and carefully choosing whether and when to do so. We present this attack as an algorithm, which we then analyze to evaluate the revenue a miner obtains from it, and its effect on a miner’s absolute and relative share of the main-chain blocks. The attack allows an attacker to replace competitors’ main-chain blocks after the fact with a block of its own, thus causing the replaced block’s miner to lose all transactions fees for the transactions contained within the block, which will be demoted from the main-chain. This block, although “kicked-out” of the main-chain, will still be eligible to be referred to by other main-chain blocks, thus becoming what is commonly called in Ethereum an uncle. We proceed by defining multiple variants of this attack, and assessing whether any of these attacks has been performed in the wild. Surprisingly, we find that this is indeed true, making this the first case of a confirmed consensus-level manipulation performed on a major cryptocurrency. Additionally, we implement a variant of this attack as a patch for geth, Ethereum’s most popular client, making it the first consensus-level attack on Ethereum which is implemented as a patch. Finally, we suggest concrete fixes for Ethereum’s protocol and implemented them as a patch for geth which can be adopted quickly and mitigate the attack and its variants.
@conference{yaish2023uncle, author = {Yaish, Aviv and Stern, Gilad and Zohar, Aviv}, conferencetitle = {Proceedings of the 30th ACM Conference on Computer and Communications Security}, keywords = {decentralized finance, proof of work, blockchain, cryptocurrency}, series = {CCS '23}, title = {Uncle Maker: (Time)Stamping Out The Competition in Ethereum}, year = {2023} }
2022
- Blockchain Stretching & Squeezing: Manipulating Time for Your Best InterestAviv Yaish, Saar Tochner, and Aviv ZoharIn Proceedings of the 23rd ACM Conference on Economics and Computation, 2022
We present a novel way for cryptocurrency miners to manipulate the effective interest-rate on loans or deposits they make on decentralized finance (DeFi) platforms by manipulating difficulty-adjustment algorithms (DAAs) and changing the block-rate. This presents a new class of strategic manipulations available to miners. These manipulations allow miners to stretch and squeeze the time between consecutive blocks. We analyze these manipulations both analytically and empirically, and show that a 25% miner can stretch the time between consecutive blocks by up to 54% in Ethereum and 33% in Bitcoin, and squeeze it by up to 9% in Ethereum. Ethereum is particularly vulnerable, and even relatively small miners can seriously affect the block-rate. An interesting application of these manipulations is to create an artificial interest-rate gap between loans taken from one DeFi platform which accrues interest according to block height (such as Compound) and deposited in some other platform that does so according to elapsed time (like a bank, or other DeFi platforms such as Aave). Hence, stretching and squeezing the block-rate can decrease the interest paid on DeFi loans relative to external financial platforms. The profit made from this interest-rate gap provides a large incentive for miners to deviate. For example, a 25% Ethereum miner using our manipulations can increase mining profits by up to 35%, even after taking potential losses into consideration, such as less block-rewards. Our analysis of these manipulations and their mitigations has broad implications with regards to commonly-used cryptocurrency mechanisms and paradigms, such as Ethereum’s difficulty-adjustment algorithm and reward schemes, with Ethereum’s handling of uncle blocks being particularly manipulable. Interestingly, Bitcoin’s mechanism is more resistant Ethereum’s, owing to its larger incentives and a more resilient DAA.
@inproceedings{yaish2022blockchain, address = {New York, NY, USA}, author = {Yaish, Aviv and Tochner, Saar and Zohar, Aviv}, booktitle = {Proceedings of the 23rd ACM Conference on Economics and Computation}, doi = {10.1145/3490486.3538250}, isbn = {9781450391504}, keywords = {decentralized finance, proof of work, blockchain, cryptocurrency}, location = {Boulder, CO, USA}, numpages = {24}, pages = {65–88}, publisher = {Association for Computing Machinery}, series = {EC '22}, title = {Blockchain Stretching & Squeezing: Manipulating Time for Your Best Interest}, url = {https://doi.org/10.1145/3490486.3538250}, year = {2022} }
Preprints
2023
-
Greedy Transaction Fee Mechanisms for (Non-)myopic MinersYotam Gafni, and Aviv YaishIn Annual Conference of the Israeli Chapter of the Game Theory Society, 2023Decentralized cryptocurrencies are payment systems that rely on aligning the incentives of users and miners to operate correctly and offer a high quality of service to users. Recent literature studies the mechanism design problem of the auction serving as a cryptocurrency’s transaction fee mechanism (TFM). We present a general framework that captures both myopic and non-myopic settings, as well as different possible strategic models for users. Within this general framework, when restricted to the myopic case, we show that while the mechanism that requires a user to "pay-as-bid", and greedily chooses among available transactions based on their fees, is not dominant strategy incentive-compatible for users, it has a Bayesian-Nash equilibrium where bids are slightly shaded. Relaxing this incentive compatibility requirement circumvents the impossibility results proven by previous works, and allows for an approximately revenue and welfare optimal, myopic miner incentive-compatible (MMIC), and off-chain-agreement (OCA)-proof mechanism. We prove these guarantees using different benchmarks, and show that the pay-as-bid greedy auction is the revenue optimal Bayesian incentive-compatible, MMIC and 1-OCA-proof mechanism among a large class of mechanisms. We move beyond the myopic setting explored in the literature, to one where users offer transaction fees for their transaction to be accepted, as well as report their urgency level by specifying the time to live of the transaction, after which it expires. We analyze pay-as-bid mechanisms in this setting, and show the competitive ratio guarantees provided by the greedy allocation rule. We then present a better-performing non-myopic rule, and analyze its competitive ratio. The above analysis is stated in terms of a cryptocurrency TFM, but applies to other settings, such as cloud computing and decentralized "gig" economy, as well.
@conference{gafni2023greedy, author = {Gafni, Yotam and Yaish, Aviv}, conferencetitle = {Annual Conference of the Israeli Chapter of the Game Theory Society}, keywords = {Optimal Auctions, Blockchain, Mechanism Design, Transaction Fee Mechanisms}, numpages = {38}, preprint = {true}, title = {Greedy Transaction Fee Mechanisms for (Non-)myopic Miners}, year = {2023} } -
Blockchain Censorship2023Permissionless blockchains promise to be resilient against censorship by a single entity. This suggests that deterministic rules, and not third-party actors, are responsible for deciding if a transaction is appended to the blockchain or not. In 2022, the U.S. Office of Foreign Assets Control (OFAC) sanctioned a Bitcoin mixer and an Ethereum application, putting the neutrality of permissionless blockchains to the test. In this paper, we formalize quantify and analyze the security impact of blockchain censorship. We start by defining censorship, followed by a quantitative assessment of current censorship practices. We find that 46% of Ethereum blocks were made by censoring actors that intend to comply with OFAC sanctions, indicating the significant impact of OFAC sanctions on the neutrality of public blockchains. We further uncover that censorship not only impacts neutrality, but also security. We show how after Ethereum’s move to Proof-of-Stake (PoS) and adoption of Proposer-Builder Separation (PBS) the inclusion of censored transactions was delayed by an average of 85%. Inclusion delays compromise a transaction’s security by, e.g., strengthening a sandwich adversary. Finally we prove a fundamental limitation of PoS and Proof-of-Work (PoW) protocols against censorship resilience.
@misc{wahrstatter2023blockchain, author = {Wahrstätter, Anton and Ernstberger, Jens and Yaish, Aviv and Zhou, Liyi and Qin, Kaihua and Tsuchiya, Taro and Steinhorst, Sebastian and Svetinovic, Davor and Christin, Nicolas and Barczentewicz, Mikolaj and Gervais, Arthur}, keywords = {Cryptocurrency, Blockchain, DeFi, Censorship}, numpages = {16}, preprint = {true}, title = {Blockchain Censorship}, year = {2023} } -
Speculative Denial-of-Service Attacks in Ethereum2023The expressiveness of Turing-complete blockchains implies that verifying a transaction’s validity requires executing it on the current blockchain state. Transaction fees are designed to compensate actors for resources expended on transactions, but can only be charged from transactions included in blocks. In this work, we show that adversaries can craft malicious transactions that decouple the work imposed on blockchain actors from the compensation offered in return. We introduce three attacks: (i) ConditionalExhaust, the first conditional Resource Exhaustion Attack (REA) against blockchain actors. (ii) MemPurge, an attack for evicting transactions from victims’ mempools. (iii) These attack are augmented by GhostTX, the first attack on the reputation system used in Ethereum’s Proposer-Builder Separation ecosystem. We empirically evaluate the attacks on an Ethereum testnet. The worst-case result we find is that by combining ConditionalExhaust and MemPurge, an adversary can simultaneously burden victims’ computational resources and clog their mempools, to the point where victims are unable to include transactions in their blocks. Thus, victims create empty blocks, thereby hurting the system’s liveness. The expected cost of a one-shot combined attack is $376, but becomes much cheaper if the adversary is a validator. For other attackers, costs decrease if censorship is prevalent in the network. ConditionalExhaust and MemPurge are made possible by inherent features of Turing-complete blockchains. Potential mitigations may result in reducing a ledger’s scalability, an undesirable outcome likely harming its competitiveness.
@misc{yaish2023speculative, author = {Yaish, Aviv and Qin, Kaihua and Zhou, Liyi and Zohar, Aviv and Gervais, Arthur}, howpublished = {Cryptology ePrint Archive, Paper 2023/956}, keywords = {Ethereum, blockchain, cryptocurrencies, security, denial-of-service}, numpages = {24}, preprint = {true}, title = {Speculative Denial-of-Service Attacks in Ethereum}, url = {https://eprint.iacr.org/2023/956}, year = {2023} } -
Suboptimality in DeFi2023The Decentralized Finance (DeFi) ecosystem has proven to be immensely popular in facilitating financial operations such as lending and exchanging assets, with Ethereum-based platforms holding a combined amount of more than 30 billion USD. The public availability of these platforms’ code together with real-time data on all user interactions and platform liquidity has given rise to sophisticated automatic tools that recognize profit opportunities on behalf of users and seize them. In this work, we formalize three core DeFi primitives which together are responsible for a daily volume of over 100 million USD in Ethereum-based platforms alone: (1) lending and borrowing funds, (2) liquidation of insolvent loans, and (3) using flash-swaps to close arbitrage opportunities between cryptocurrency exchanges. The profit which can be made from each primitive is then cast as an optimization problem that can be readily solved. We use our formalization to analyze several case studies for each primitive, showing that popular platforms and tools which promise to automatically optimize profits for users, actually fall short. In specific instances, the profits can be increased by more than 100%, with highest amount of “missed” revenue by a single suboptimal action equal to 428.14 ETH, or roughly 517K USD. Finally, we show that many missed opportunities to make a profit do not go unnoticed by other users. Indeed, suboptimal transactions are sometimes immediately followed by “trailing” back-running transactions which extract additional profits using similar actions. By analyzing a subset of such events, we uncover that some users who frequently create such trailing transactions are heavily tied to specific miners, meaning that all of their transactions appear only in blocks mined by one miner in particular. As some of the backrun non-optimal transactions are private, we hypothesize that the users who create them are, in fact, miners (or users collaborating with miners) who use inside information known only to them to make a profit, thus gaining an unfair advantage.
@misc{yaish2023suboptimality, author = {Yaish, Aviv and Dotan, Maya and Qin, Kaihua and Zohar, Aviv and Gervais, Arthur}, howpublished = {Cryptology ePrint Archive, Paper 2023/892}, keywords = {Cryptocurrency, Blockchain, DeFi, Miner Extractable Value}, numpages = {25}, preprint = {true}, title = {Suboptimality in DeFi}, url = {https://eprint.iacr.org/2023/892}, year = {2023} }
