Smart contract-enabled blockchains allow building decentralized applications in which mutually-distrusted parties can work together. Recently, oracle services emerged to provide these applications with real-world data feeds. Unfortunately, these capabilities have been used for malicious purposes under what is called criminal smart contracts. A few works explored this dark side and showed a variety of such attacks. However, none of them considered collaborative attacks against targets that reside outside the blockchain ecosystem. In this paper, we bridge this gap and introduce a smart contract-based framework that allows a sponsor to orchestrate a collaborative attack among (pseudo)anonymous attackers and reward them for that. While all previous works required a technique to quantify an attacker's individual contribution, which could be infeasible with respect to real-world targets, our framework avoids that. This is done by developing a novel scheme for trustless collaboration through betting. That is, attackers bet on an event (i.e., the attack takes place) and then work on making that event happen (i.e., perform the attack). By taking DDoS as a usecase, we formulate attackers' interaction as a game, and formally prove that these attackers will collaborate in proportion to the amount of their bets in the game's unique equilibrium. We also model our framework and its reward function as an incentive mechanism and prove that it is a strategy proof and budget-balanced one. Finally, we conduct numerical simulations to demonstrate the equilibrium behavior of our framework.
翻译:智能合同化的链条可以建立分散化的应用,使互不信任的各方能够共同合作。最近,出现了神灵服务,为这些应用程序提供真实世界的数据信息。不幸的是,这些能力被用于恶意目的,这是所谓的犯罪智能合同。少数作品探索了这一黑暗面,展示了各种此类袭击。然而,没有一个作品考虑对位于封闭链系生态系统之外的目标进行协作袭击。在本文中,我们弥合了这一差距,并引入了一个智能合同框架,使赞助者能够在(假冒的)匿名攻击者之间策划合作攻击,并以此奖励他们。虽然以往的所有工作都需要一种技术来量化攻击者个人的贡献,而这种能力可能无法用在现实世界目标方面,但我们的框架避免了这种恶意。这是通过制定无信任合作的新计划来完成的。这就是,攻击者打赌一个事件(即攻击发生),然后进行一个基于智能的合同框架,让事件发生(即执行攻击),并以此来奖励他们。通过将DDoS作为使用证据,我们把攻击者的个人贡献的相互作用作为游戏的游戏,并正式地证明他们的行为标准。我们作为游戏的游戏的正确性框架。我们可以证明, 的游戏的游戏的游戏的游戏和游戏的正确性框架。