-
Defying the Odds: Solana's Unexpected Resilience in Spite of the Security Challenges Faced by Developers
Authors:
Sébastien Andreina,
Tobias Cloosters,
Lucas Davi,
Jens-Rene Giesen,
Marco Gutfleisch,
Ghassan Karame,
Alena Naiakshina,
Houda Naji
Abstract:
Solana gained considerable attention as one of the most popular blockchain platforms for deploying decentralized applications. Compared to Ethereum, however, we observe a lack of research on how Solana smart contract developers handle security, what challenges they encounter, and how this affects the overall security of the ecosystem. To address this, we conducted the first comprehensive study on…
▽ More
Solana gained considerable attention as one of the most popular blockchain platforms for deploying decentralized applications. Compared to Ethereum, however, we observe a lack of research on how Solana smart contract developers handle security, what challenges they encounter, and how this affects the overall security of the ecosystem. To address this, we conducted the first comprehensive study on the Solana platform consisting of a 90-minute Solana smart contract code review task with 35 participants followed by interviews with a subset of seven participants. Our study shows, quite alarmingly, that none of the participants could detect all important security vulnerabilities in a code review task and that 83% of the participants are likely to release vulnerable smart contracts. Our study also sheds light on the root causes of developers' challenges with Solana smart contract development, suggesting the need for better security guidance and resources. In spite of these challenges, our automated analysis on currently deployed Solana smart contracts surprisingly suggests that the prevalence of vulnerabilities - especially those pointed out as the most challenging in our developer study - is below 0.3%. We explore the causes of this counter-intuitive resilience and show that frameworks, such as Anchor, are aiding Solana developers in deploying secure contracts.
△ Less
Submitted 19 June, 2024;
originally announced June 2024.
-
Dissipative Dicke time crystals: an atoms' point of view
Authors:
Simon B. Jäger,
Jan Mathis Giesen,
Imke Schneider,
Sebastian Eggert
Abstract:
We develop and study an atom-only description of the Dicke model with time-periodic couplings between atoms and a dissipative cavity mode. The cavity mode is eliminated giving rise to effective atom-atom interactions and dissipation. We use this effective description to analyze the dynamics of the atoms that undergo a transition to a dynamical superradiant phase with macroscopic coherences in the…
▽ More
We develop and study an atom-only description of the Dicke model with time-periodic couplings between atoms and a dissipative cavity mode. The cavity mode is eliminated giving rise to effective atom-atom interactions and dissipation. We use this effective description to analyze the dynamics of the atoms that undergo a transition to a dynamical superradiant phase with macroscopic coherences in the atomic medium and the light field. Using Floquet theory in combination with the atom-only description we provide a precise determination of the phase boundaries and of the dynamical response of the atoms. From this we can predict the existence of dissipative time crystals that show a subharmonic response with respect to the driving frequency. We show that the atom-only theory can describe the relaxation into such a dissipative time crystal and that the dam** rate can be understood in terms of a cooling mechanism.
△ Less
Submitted 8 July, 2024; v1 submitted 29 September, 2023;
originally announced October 2023.
-
Fuzz on the Beach: Fuzzing Solana Smart Contracts
Authors:
Sven Smolka,
Jens-Rene Giesen,
Pascal Winkler,
Oussama Draissi,
Lucas Davi,
Ghassan Karame,
Klaus Pohl
Abstract:
Solana has quickly emerged as a popular platform for building decentralized applications (DApps), such as marketplaces for non-fungible tokens (NFTs). A key reason for its success are Solana's low transaction fees and high performance, which is achieved in part due to its stateless programming model. Although the literature features extensive tooling support for smart contract security, current so…
▽ More
Solana has quickly emerged as a popular platform for building decentralized applications (DApps), such as marketplaces for non-fungible tokens (NFTs). A key reason for its success are Solana's low transaction fees and high performance, which is achieved in part due to its stateless programming model. Although the literature features extensive tooling support for smart contract security, current solutions are largely tailored for the Ethereum Virtual Machine. Unfortunately, the very stateless nature of Solana's execution environment introduces novel attack patterns specific to Solana requiring a rethinking for building vulnerability analysis methods.
In this paper, we address this gap and propose FuzzDelSol, the first binary-only coverage-guided fuzzing architecture for Solana smart contracts. FuzzDelSol faithfully models runtime specifics such as smart contract interactions. Moreover, since source code is not available for the large majority of Solana contracts, FuzzDelSol operates on the contract's binary code. Hence, due to the lack of semantic information, we carefully extracted low-level program and state information to develop a diverse set of bug oracles covering all major bug classes in Solana. Our extensive evaluation on 6049 smart contracts shows that FuzzDelSol's bug oracles find bugs with a high precision and recall. To the best of our knowledge, this is the largest evaluation of the security landscape on the Solana mainnet.
△ Less
Submitted 4 October, 2023; v1 submitted 6 September, 2023;
originally announced September 2023.
-
Why Capsule Neural Networks Do Not Scale: Challenging the Dynamic Parse-Tree Assumption
Authors:
Matthias Mitterreiter,
Marcel Koch,
Joachim Giesen,
Sören Laue
Abstract:
Capsule neural networks replace simple, scalar-valued neurons with vector-valued capsules. They are motivated by the pattern recognition system in the human brain, where complex objects are decomposed into a hierarchy of simpler object parts. Such a hierarchy is referred to as a parse-tree. Conceptually, capsule neural networks have been defined to realize such parse-trees. The capsule neural netw…
▽ More
Capsule neural networks replace simple, scalar-valued neurons with vector-valued capsules. They are motivated by the pattern recognition system in the human brain, where complex objects are decomposed into a hierarchy of simpler object parts. Such a hierarchy is referred to as a parse-tree. Conceptually, capsule neural networks have been defined to realize such parse-trees. The capsule neural network (CapsNet), by Sabour, Frosst, and Hinton, is the first actual implementation of the conceptual idea of capsule neural networks. CapsNets achieved state-of-the-art performance on simple image recognition tasks with fewer parameters and greater robustness to affine transformations than comparable approaches. This sparked extensive follow-up research. However, despite major efforts, no work was able to scale the CapsNet architecture to more reasonable-sized datasets. Here, we provide a reason for this failure and argue that it is most likely not possible to scale CapsNets beyond toy examples. In particular, we show that the concept of a parse-tree, the main idea behind capsule neuronal networks, is not present in CapsNets. We also show theoretically and experimentally that CapsNets suffer from a vanishing gradient problem that results in the starvation of many capsules during training.
△ Less
Submitted 4 January, 2023;
originally announced January 2023.
-
Convexity Certificates from Hessians
Authors:
Julien Klaus,
Niklas Merk,
Konstantin Wiedom,
Sören Laue,
Joachim Giesen
Abstract:
The Hessian of a differentiable convex function is positive semidefinite. Therefore, checking the Hessian of a given function is a natural approach to certify convexity. However, implementing this approach is not straightforward since it requires a representation of the Hessian that allows its analysis. Here, we implement this approach for a class of functions that is rich enough to support classi…
▽ More
The Hessian of a differentiable convex function is positive semidefinite. Therefore, checking the Hessian of a given function is a natural approach to certify convexity. However, implementing this approach is not straightforward since it requires a representation of the Hessian that allows its analysis. Here, we implement this approach for a class of functions that is rich enough to support classical machine learning. For this class of functions, it was recently shown how to compute computational graphs of their Hessians. We show how to check these graphs for positive semidefiniteness. We compare our implementation of the Hessian approach with the well-established disciplined convex programming (DCP) approach and prove that the Hessian approach is at least as powerful as the DCP approach for differentiable functions. Furthermore, we show for a state-of-the-art implementation of the DCP approach that, for differentiable functions, the Hessian approach is actually more powerful. That is, it can certify the convexity of a larger class of differentiable functions.
△ Less
Submitted 19 October, 2022;
originally announced October 2022.
-
Vectorized and performance-portable Quicksort
Authors:
Mark Blacher,
Joachim Giesen,
Peter Sanders,
Jan Wassenberg
Abstract:
Recent works showed that implementations of Quicksort using vector CPU instructions can outperform the non-vectorized algorithms in widespread use. However, these implementations are typically single-threaded, implemented for a particular instruction set, and restricted to a small set of key types. We lift these three restrictions: our proposed 'vqsort' algorithm integrates into the state-of-the-a…
▽ More
Recent works showed that implementations of Quicksort using vector CPU instructions can outperform the non-vectorized algorithms in widespread use. However, these implementations are typically single-threaded, implemented for a particular instruction set, and restricted to a small set of key types. We lift these three restrictions: our proposed 'vqsort' algorithm integrates into the state-of-the-art parallel sorter 'ips4o', with a geometric mean speedup of 1.59. The same implementation works on seven instruction sets (including SVE and RISC-V V) across four platforms. It also supports floating-point and 16-128 bit integer keys. To the best of our knowledge, this is the fastest sort for non-tuple keys on CPUs, up to 20 times as fast as the sorting algorithms implemented in standard libraries. This paper focuses on the practical engineering aspects enabling the speed and portability, which we have not yet seen demonstrated for a Quicksort implementation. Furthermore, we introduce compact and transpose-free sorting networks for in-register sorting of small arrays, and a vector-friendly pivot sampling strategy that is robust against adversarial input.
△ Less
Submitted 12 May, 2022;
originally announced May 2022.
-
Optimization for Classical Machine Learning Problems on the GPU
Authors:
Sören Laue,
Mark Blacher,
Joachim Giesen
Abstract:
Constrained optimization problems arise frequently in classical machine learning. There exist frameworks addressing constrained optimization, for instance, CVXPY and GENO. However, in contrast to deep learning frameworks, GPU support is limited. Here, we extend the GENO framework to also solve constrained optimization problems on the GPU. The framework allows the user to specify constrained optimi…
▽ More
Constrained optimization problems arise frequently in classical machine learning. There exist frameworks addressing constrained optimization, for instance, CVXPY and GENO. However, in contrast to deep learning frameworks, GPU support is limited. Here, we extend the GENO framework to also solve constrained optimization problems on the GPU. The framework allows the user to specify constrained optimization problems in an easy-to-read modeling language. A solver is then automatically generated from this specification. When run on the GPU, the solver outperforms state-of-the-art approaches like CVXPY combined with a GPU-accelerated solver such as cuOSQP or SCS by a few orders of magnitude.
△ Less
Submitted 30 March, 2022;
originally announced March 2022.
-
Practical Mitigation of Smart Contract Bugs
Authors:
Jens-Rene Giesen,
Sebastien Andreina,
Michael Rodler,
Ghassan O. Karame,
Lucas Davi
Abstract:
In spite of their popularity, develo** secure smart contracts remains a challenging task. Existing solutions are either impractical as they do not support many complex real-world contracts or leave the burden to developers for fixing bugs. In this paper, we propose the first practical smart contract compiler, called HCC, which automatically inserts security hardening checks at the source-code le…
▽ More
In spite of their popularity, develo** secure smart contracts remains a challenging task. Existing solutions are either impractical as they do not support many complex real-world contracts or leave the burden to developers for fixing bugs. In this paper, we propose the first practical smart contract compiler, called HCC, which automatically inserts security hardening checks at the source-code level. HCC develops a code property graph (CPG) to model control-flows and data-flows of a given smart contract. Due to the CPG notation, HCC can be applied to various smart contract platforms and programming languages. We demonstrate the effectiveness of this approach on Ethereum's Solidity smart contracts and show that it efficiently mitigates reentrancy and integer bugs. We also show how to integrate HCC within other blockchain platforms such as Hyperledger Fabric. Our evaluation on 10k real-world contracts demonstrates that HCC is highly practical and effective.
△ Less
Submitted 1 March, 2022;
originally announced March 2022.
-
A Simple and Efficient Tensor Calculus for Machine Learning
Authors:
Sören Laue,
Matthias Mitterreiter,
Joachim Giesen
Abstract:
Computing derivatives of tensor expressions, also known as tensor calculus, is a fundamental task in machine learning. A key concern is the efficiency of evaluating the expressions and their derivatives that hinges on the representation of these expressions. Recently, an algorithm for computing higher order derivatives of tensor expressions like Jacobians or Hessians has been introduced that is a…
▽ More
Computing derivatives of tensor expressions, also known as tensor calculus, is a fundamental task in machine learning. A key concern is the efficiency of evaluating the expressions and their derivatives that hinges on the representation of these expressions. Recently, an algorithm for computing higher order derivatives of tensor expressions like Jacobians or Hessians has been introduced that is a few orders of magnitude faster than previous state-of-the-art approaches. Unfortunately, the approach is based on Ricci notation and hence cannot be incorporated into automatic differentiation frameworks from deep learning like TensorFlow, PyTorch, autograd, or JAX that use the simpler Einstein notation. This leaves two options, to either change the underlying tensor representation in these frameworks or to develop a new, provably correct algorithm based on Einstein notation. Obviously, the first option is impractical. Hence, we pursue the second option. Here, we show that using Ricci notation is not necessary for an efficient tensor calculus and develop an equally efficient method for the simpler Einstein notation. It turns out that turning to Einstein notation enables further improvements that lead to even better efficiency.
The methods that are described in this paper have been implemented in the online tool www.MatrixCalculus.org for computing derivatives of matrix and tensor expressions.
An extended abstract of this paper appeared as "A Simple and Efficient Tensor Calculus", AAAI 2020.
△ Less
Submitted 7 October, 2020;
originally announced October 2020.
-
GENO -- GENeric Optimization for Classical Machine Learning
Authors:
Sören Laue,
Matthias Mitterreiter,
Joachim Giesen
Abstract:
Although optimization is the longstanding algorithmic backbone of machine learning, new models still require the time-consuming implementation of new solvers. As a result, there are thousands of implementations of optimization algorithms for machine learning problems. A natural question is, if it is always necessary to implement a new solver, or if there is one algorithm that is sufficient for mos…
▽ More
Although optimization is the longstanding algorithmic backbone of machine learning, new models still require the time-consuming implementation of new solvers. As a result, there are thousands of implementations of optimization algorithms for machine learning problems. A natural question is, if it is always necessary to implement a new solver, or if there is one algorithm that is sufficient for most models. Common belief suggests that such a one-algorithm-fits-all approach cannot work, because this algorithm cannot exploit model specific structure and thus cannot be efficient and robust on a wide variety of problems. Here, we challenge this common belief. We have designed and implemented the optimization framework GENO (GENeric Optimization) that combines a modeling language with a generic solver. GENO generates a solver from the declarative specification of an optimization problem class. The framework is flexible enough to encompass most of the classical machine learning problems. We show on a wide variety of classical but also some recently suggested problems that the automatically generated solvers are (1) as efficient as well-engineered specialized solvers, (2) more efficient by a decent margin than recent state-of-the-art solvers, and (3) orders of magnitude more efficient than classical modeling language plus solver approaches.
△ Less
Submitted 31 May, 2019;
originally announced May 2019.
-
Ising Models with Latent Conditional Gaussian Variables
Authors:
Frank Nussbaum,
Joachim Giesen
Abstract:
Ising models describe the joint probability distribution of a vector of binary feature variables. Typically, not all the variables interact with each other and one is interested in learning the presumably sparse network structure of the interacting variables. However, in the presence of latent variables, the conventional method of learning a sparse model might fail. This is because the latent vari…
▽ More
Ising models describe the joint probability distribution of a vector of binary feature variables. Typically, not all the variables interact with each other and one is interested in learning the presumably sparse network structure of the interacting variables. However, in the presence of latent variables, the conventional method of learning a sparse model might fail. This is because the latent variables induce indirect interactions of the observed variables. In the case of only a few latent conditional Gaussian variables these spurious interactions contribute an additional low-rank component to the interaction parameters of the observed Ising model. Therefore, we propose to learn a sparse + low-rank decomposition of the parameters of an Ising model using a convex regularized likelihood problem. We show that the same problem can be obtained as the dual of a maximum-entropy problem with a new type of relaxation, where the sample means collectively need to match the expected values only up to a given tolerance. The solution to the convex optimization problem has consistency properties in the high-dimensional setting, where the number of observed binary variables and the number of latent conditional Gaussian variables are allowed to grow with the number of training samples.
△ Less
Submitted 8 July, 2019; v1 submitted 28 January, 2019;
originally announced January 2019.
-
Distributed Convex Optimization with Many Convex Constraints
Authors:
Joachim Giesen,
Sören Laue
Abstract:
We address the problem of solving convex optimization problems with many convex constraints in a distributed setting. Our approach is based on an extension of the alternating direction method of multipliers (ADMM) that recently gained a lot of attention in the Big Data context. Although it has been invented decades ago, ADMM so far can be applied only to unconstrained problems and problems with li…
▽ More
We address the problem of solving convex optimization problems with many convex constraints in a distributed setting. Our approach is based on an extension of the alternating direction method of multipliers (ADMM) that recently gained a lot of attention in the Big Data context. Although it has been invented decades ago, ADMM so far can be applied only to unconstrained problems and problems with linear equality or inequality constraints. Our extension can handle arbitrary inequality constraints directly. It combines the ability of ADMM to solve convex optimization problems in a distributed setting with the ability of the Augmented Lagrangian method to solve constrained optimization problems, and as we show, it inherits the convergence guarantees of ADMM and the Augmented Lagrangian method.
△ Less
Submitted 6 April, 2018; v1 submitted 7 October, 2016;
originally announced October 2016.
-
A Combinatorial Algorithm to Compute Regularization Paths
Authors:
Bernd Gärtner,
Joachim Giesen,
Martin Jaggi,
Torsten Welsch
Abstract:
For a wide variety of regularization methods, algorithms computing the entire solution path have been developed recently. Solution path algorithms do not only compute the solution for one particular value of the regularization parameter but the entire path of solutions, making the selection of an optimal parameter much easier. Most of the currently used algorithms are not robust in the sense tha…
▽ More
For a wide variety of regularization methods, algorithms computing the entire solution path have been developed recently. Solution path algorithms do not only compute the solution for one particular value of the regularization parameter but the entire path of solutions, making the selection of an optimal parameter much easier. Most of the currently used algorithms are not robust in the sense that they cannot deal with general or degenerate input. Here we present a new robust, generic method for parametric quadratic programming. Our algorithm directly applies to nearly all machine learning applications, where so far every application required its own different algorithm.
We illustrate the usefulness of our method by applying it to a very low rank problem which could not be solved by existing path tracking methods, namely to compute part-worth values in choice based conjoint analysis, a popular technique from market research to estimate consumers preferences on a class of parameterized options.
△ Less
Submitted 27 March, 2009;
originally announced March 2009.
-
On a non-CP-violating electric dipole moment of elementary particles
Authors:
J. Giesen
Abstract:
A description of elementary particles should be based on irreducible representations of the Poincaré group. In the theory of massive representations of the full Poincaré group there are essentially four different cases. One of them corresponds to the ordinary Dirac theory. The extension of Dirac theory to the remaining three cases makes it possible to describe an anomalous electric dipole moment…
▽ More
A description of elementary particles should be based on irreducible representations of the Poincaré group. In the theory of massive representations of the full Poincaré group there are essentially four different cases. One of them corresponds to the ordinary Dirac theory. The extension of Dirac theory to the remaining three cases makes it possible to describe an anomalous electric dipole moment of elementary particles without breaking the reflections.
△ Less
Submitted 31 October, 1994;
originally announced October 1994.