We identify a subtle security issue that impacts mechanism design in scenarios in which agents can absolutely commit to strategies. Absolute commitments allow the strategy of an agent to depend on the commitments made by the other agents. This changes fundamental game-theoretic assumptions by inducing a meta-game in which agents choose which strategies they commit to. We say that a game that is unaffected by such commitments is Stackelberg resilient and show that computing it is intractible in general, although it can be computed efficiently for two-player games of perfect information. We show the intuitive, but technically non-trivial result, that, if a game is resilient when some number of players have the capacity to make commitments, it is also resilient when these commitments are available to fewer players. We demonstrate the non-triviality of Stackelberg resilience by analyzing two escrow mechanisms from the literature. These mechanisms have the same intended functionality, but we show that only one is Stackelberg resilient. Our model is particularly relevant in Web3 scenarios, where these absolute commitments can be realized by the automated and irrevocable nature of smart contracts. Our work highlights an important issue in ensuring the secure design of Web3. In particular, our work suggests that smart contracts already deployed on major blockchains may be susceptible to these attacks.
翻译:暂无翻译