# 三泰論文進度 ###### tags: `abclab` :::success **重點整理** **[論文 PDF](https://arxiv.org/pdf/2208.13035.pdf)** [77 papers](https://hackmd.io/VReQEF-gTt62jUBPsGuMBQ#77-papers) [30 audit reports](https://hackmd.io/VReQEF-gTt62jUBPsGuMBQ#30-audit-reports) [181 incidents](https://hackmd.io/VReQEF-gTt62jUBPsGuMBQ#181-incidents) [Tables](https://hackmd.io/VReQEF-gTt62jUBPsGuMBQ#Tables) [References](https://hackmd.io/VReQEF-gTt62jUBPsGuMBQ#References) **Abstract** few academic papers address “price oracle attacks” and “permissonless interactions”, but 15% and 10.5% the most. 1. 103 (56%) of the attacks are **not executed atomically**, granting a rescue time frame for defenders; 2. bytecode similarity analysis can at least detect **31 vulnerable / 23 adversarial contracts** 3. 33 (15.3%) of the adversaries leak potentially identifiable information **by interacting with centralized exchanges.** ::: ## Contribution ### DeFi Reference Frame ### Gap Between Attackers and Defenders ### Incident Defense ### Tracing Source of Funds --- ## 77 papers ### Soks, Surveys [21] J. Xu, K. Paruch, S. Cousaert, and Y. Feng, “Sok:Decentralized exchanges (dex) with automated market maker (amm) protocols,” ACM Computing Surveys, vol. 55, no. 11, pp. 1–50, 2023. ### Tools ### Papers ## 30 audit reports ### Boeing (表格誤植 Boesin) [139] “Sato audit,” https://sato.trade/Smart_contract_security_audit_report%E2%80%94SATO.pdf, 2021, beosin. [140] “Pinecone audit,” https://safefiles.defiyield.info/safe/files/audit/pdf/REP_Pinecone_Finance_2021_09_28.pdf, 2021, beosin. [141] “Ctoken audit,” 2021, beosin. [142] “Beatsqure audit,” 2021, beosin ### PeckShield [143] “Rabbit.fi audit,” https://github.com/peckshield/publications/blob/master/audit_reports/PeckShield-Audit-Report-Rabbit-v1.0.pdf, 2021, peckshield. [144] “Hegic audit,” https://safefiles.defiyield.info/safe/files/audit/pdf/PeckShield_Audit_Report_Hegic_v1_0.pdf, 2021, peckshield. [145] “Deri v2 audit,” https://github.com/peckshield/publications/blob/693bdb69e3e3e422b4f7e1f3130d841e631b4dab/audit_reports/PeckShieldAudit-Report-DeriV2-v1.0.pdf, 2021, peckshield. [146] “Coin98 audit,” https://safefiles.defiyield.info/safe/files/audit/pdf/PeckShield_Audit_Report_COIN98_v1_0.pdf, 2021, peckshield. [147] “Angrymining audit,” https://github.com/peckshield/publications/blob/master/audit_reports/PeckShield-Audit-Report-AngryMining-v1.0rc.pdf, 2021, peckshield. ### SlowMist [148] “Jswap audit,” https://www.slowmist.com/en/security-audit-certificate.html?id=928799684ad96ef4ed4b0c0fb12a5fae085456f874b19dc4300195b32a5a1431, 2021, slowMist. [149] “Supremex audit,” https://www.slowmist.com/security-audit-certificate.html?id=769a2454892441cfc9730e3fc39db48b75e9bb05ad33527ce1736342ff8ea8e3, 2021, slowMist. [150] “Solyard audit,” https://www.slowmist.com/security-audit-certificate.html?id=53e38102e25c3c6d8a8136edc7e859fde08ed93189c1535d642bb1cd656e5815, 2021, slowMist. [151] “Cook finance audit,” https://github.com/slowmist/Knowledge-Base/blob/master/open-report/SlowMist%20Audit%20Report%20-%20Cook%20Finance.pdf, 2021, slowMist. ### Consensys [152] “Defi saver audit,” https://github.com/defisaver/defisaver-v3-contracts/blob/main/audits/Consensys-Mar-2021.pdf, 2021, consensys. [153] “Fei tribechief audit,” https://consensys.net/diligence/audits/2021/07/fei-tribechief/, 2021, consensys. [154] “Gitcoin audit,” https://consensys.net/diligence/audits/2021/04/gitcoin-token-distribution/, 2021, consensys. [155] “Wheat audit,” https://consensys.net/diligence/audits/2021/06/growthdefi-wheat/, 2021, consensys. [156] “Umbra audit,” https://consensys.net/diligence/audits/2021/03/umbra-smart-contracts/, 2021, consensys. ### Certik [157] “Zoo audit,” https://www.certik.com/projects/zoocrypto, 2021, certik. [158] “Trister’s lend audit,” https://www.certik.com/projects/tristerlend,2021, certik. [159] “Rezerve audit,” https://www.certik.com/projects/rezerve, 2021, certik. [160] “Lfw audit,” https://www.certik.com/projects/legendfantasywar, 2021,certik. [161] “gamedao audit,” https://www.certik.com/projects/gamedao, 2021,certik. ### Trails of Bits (包含 OppenZeppelin) [162] “Complifi audit,” https://github.com/trailofbits/publications/blob/master/reviews/CompliFi.pdf, 2021, trail of Bits. [163] “Frax finance audit,” https://github.com/trailofbits/publications/blob/master/reviews/FraxFinance.pdf, 2021, trail of Bits. [164] “Yearnv2 audit,” https://github.com/trailofbits/publications/blob/master/reviews/YearnV2Vaults.pdf, 2021, trail of Bits. [165] “Alpha homora audit,” https://blog.openzeppelin.com/alpha-homora-v2/, 2021, open Zeppelin. [166] “Celo audit,” https://blog.openzeppelin.com/celo-contracts-audit/, 2021, open Zeppelin. [167] “Fei audit,” https://blog.openzeppelin.com/fei-protocol-audit/, 2021, open Zeppelin. ## 181 incidents ## Tables