Arbitrum Research & Development Collective: Elections & Applications

DAO Programs & Initiatives
10

Arbitrum Research & Development Collective - Election Application - Dedaub

Applicant Information

Background Information

Dedaub is a Web3 security vendor servicing a number of mainstream project teams, including the Ethereum Foundation, Coinbase, Chainlink, Oasis, GMX, Eigenlayer, & Lido. Over the past few years, the Dedaub team has been instrumental in the successful evolution of both the Ethereum and Arbitrum Ecosystems via tooling, security R&D studies, and security audits of some of the best-known protocols running on these chains. In addition to auditing engagements, Dedaub has developed high-fidelity static analysis and formal verification tools that have contributed towards the security of smart contract ecosystems, both independently and through their use by our white-hat hacking teams. For instance, our static analysis toolchain has found 10 high-impact vulnerabilities in large protocols (including in Uniswap, Primitive Finance, Harvest Finance, Multichain & Fantom). One such issue involving the Multichain bridge, if exploited, would have led to over a billion in crypto theft, which in turn would have resulted in several Billions in the Fantom ecosystem to be wiped out as a result. This would have been the largest crytocurrency-related vulnerability ever and netted the Dedaub team a bounty of $2m. The Dedaub team employs some of the most talented engineers and hackers in the world, and is especially renowned in the area of program analysis and cryptography. The rest of our contributions can be summarized in the following sections:

Direct Contributions to Ethereum. The Dedaub team has conducted a number of R&D security studies commissioned by the Ethereum Foundation, of EIPs that affect not only Ethereum but also its L2s. For instance, these include audits & studies for the new data structure that will soon underpin Ethereum state (Verkle trees), EIP-1884, EIP-3074, etc. In addition, our team has developed and maintained the most popular decompiler for EVM smart contracts, transaction simulation and monitoring tools.

Direct Contributions to Arbitrum Ecosystem Projects. Last year, the Dedaub team successfully audited the GMX project (specifically V2), the largest project on Arbitrum by TVL. Within this context, the deployment of GMX V2 on Arbitrum was only made possible through the development of low-latency Oracles for derivatives projects by Chainlink. This is also another project that the Dedaub team has contributed in design and audited, as a security partner of Chainlink. A number of other growing projects on Arbitrum that we have audited include: Rysk, Stella, Pendle & Gravita.

Contributions towards Arbitrum DAO

As an independent security auditor, our team has not heavily been involved in governance, largely to maintain a level of independence. However, in October 2023 Dedaub withdrew their proposal to provide security services to Arbitrum ecosystem projects in favor of more decentralized & equitable proposals by DK / Immutable Lawyer and asked our delegates to kindly vote for these proposals instead.

The Dedaub team would be delighted to contribute to the ARDC its world-class resources. Our team will be happy to review on-chain proposal code updates, both through manual means as a stop-gap measure and by developing custom security tooling. Ultimately, the latter will lead to a higher ROI for the ArbitrumDAO. Via a new system built on top of our security suite (app.dedaub.com), we can automatically simulate DAO proposals the moment they are submitted for voting, together with verifying their code changes.

Objectives & Motivation

Dedaub aims to significantly contribute to the security and resilience of the Arbitrum ecosystem. Our motivation stems from a profound commitment to safeguarding decentralized technologies and fostering trust among users and developers.

The primary objective of our proposal is to significantly enhance the security posture of the Arbitrum DAO through the development of custom security tooling. Recognizing the long-term value and higher return on investment this approach offers, we are allocating the majority of our proposed budget towards this goal. By investing in sophisticated security tooling specifically tailored for the Arbitrum ecosystem, we aim to reduce the dependency on manual audits over time. This strategic focus not only promises to elevate the overall security standards but also ensures a more efficient allocation of resources, thereby fostering a more resilient and secure blockchain environment for the Arbitrum DAO.

Skills and Experience

At Dedaub, we specialize in Web3 security, leveraging over 20 years of research in static analysis and formal methods by the team and founders. Our proficiency includes formal methods & static analysis, realtime security monitoring, advanced cryptography, DeFi and security incident response management. We’ve significantly contributed to major blockchain projects, including Ethereum and Arbitrum, through audits and the development of advanced security tools. Our notable work includes identifying high-impact vulnerabilities in protocols like Uniswap and developing a popular EVM decompiler.

Proposal Review & Assistance

Dedaub approaches proposal review with a combination of objective research and technical analysis. We focus on identifying potential security risks and offering constructive feedback to enhance proposals. Our team will employ a meticulous process of peer-review, in addition to performing in-depth code security analysis. Furthermore we aim to provide proposers with comprehensive insights and actionable recommendations to improve the security and functionality of their proposals.

Purpose/Mandate of the ARDC

The purpose and mandate of the Arbitrum Research & Development Collective (ARDC) are to enhance the Arbitrum ecosystem’s security, efficiency, and innovation. Our proposal for developing custom security tooling directly aligns with this mandate by bolstering the ecosystem’s security infrastructure and optimizing governance processes. By focusing on advanced security solutions and reducing reliance on manual audits, we aim to streamline proposal vetting and ensure the integrity of governance actions. This approach not only mitigates risks but also enriches the ARDC’s strategic vision by providing robust security checks and fostering a culture of continuous improvement. Our commitment to integrating educational materials and modular tools further supports the ARDC’s goals, empowering the community and enhancing operational efficiency across the Arbitrum ecosystem.

Review on-Chain Proposal Code Updates

To enhance the security and transparency of proposal submissions, we propose integrating advanced analysis techniques such as static analysis, formal methods, and simulations on such proposals. These methods aim to improve the understanding and verification of executable code within proposals, mitigating the risk of costly errors. The techniques will be instantiated in a useful application based on app.dedaub.com, specifically tailored for the Arbitrum community.

The development will focus on creating a modular api-based tool, allowing for seamless integration into existing grant management ecosystems. Broadly-speaking the tooling and methodology will be following the steps below:

1. Initial Monitoring. As soon as a proposal is submitted on-chain, a monitoring wakeup agent is triggered, initiating the actions in the next (numbered) steps. The agent is specified declaratively in a SQL language extension (DQL). In contrast to regular SQL, DQL will work on streaming blockchain data and natively supports Ethereum contracts such as EVM stack frames, EVM events, Ethereum calls reducing the burden on the programmer. This obviates the need for phases like “calldata decoding”. Another advantage of this approach is that it is easily updatable and can be layered in complex ways.

2. Simulation. Transaction simulation is performed on the code update, using Dedaub simulation. The simulation not only decodes the calldata, but triggers all inner calls to form a hierarchical trace (trace example). Using this simulation trace, we will find new smart contracts that are created or replaced, funds transferred, and other important state changes. Dedaub already maintains the entire pipeline of a transaction simulation toolchain so we don’t have to rely on third party integrations. This process allows for a clearer understanding of the executed actions, enhancing transparency for voters who may not have deep technical expertise. For our simulation we also plan to integrate with tools like Safe Multisig. This integration will offer tangible feedback mechanisms which can facilitate the controlled release of funds based on consensus about task completion.

3. Code Verification. We will develop custom static analysis tools based on our existing tools to find whether the new smart contracts are susceptible to vulnerabilities, whether they are malicious, or whether they can be updated/subverted later. Although Dedaub has already developed static analysis tools that check whether the smart contracts are vulnerable, these do not yet check whether they can be malicious in the context of a DAO. The method by which we intend to verify the smart contracts is through a novel technique called static-symbolic value-flow (“Symvalic”) analysis. This technique models program behavior with high precision, e.g., full path sensitivity. To achieve deep modeling of program semantics, the analysis relies on a symbiotic relationship between a traditional static analysis fixpoint computation and a custom symbolic solver: the solver does not merely receive a complex “path condition” to solve, but is instead invoked repeatedly (often tens or hundreds of thousands of times), in close cooperation with the flow computation of the analysis. The result of the Symvalic analysis architecture is a static modeling of program behavior that is much more complete than symbolic execution, much more precise than conventional static analysis, and domain-agnostic: no special-purpose definition of anti-patterns is necessary in order to compute violations of safety conditions. Furthermore we combine this technique with “learned” invariants from past corpuses of smart contracts (using statistical techniques) to determine unusual lack of invariants in new smart contracts. The latter corpus will include past Arbitrum smart contracts.

Note that compared to more traditional formal verification techniques such as model checking, what we’re proposing can be more easily reified in a push-button security tool meaning that no additional cost is needed to check multiple smart contracts as it is completely automated.

4. Additional Monitoring. In some cases, not all properties can be determined statically or the smart contracts in question are upgradeable. Specific monitoring agents (specified declaratively in DQL) will trigger and monitor the smart contracts identified in step 2, for some properties that are identified in step 3.

5. Manual Auditing. Note that steps 1 - 4 can be conducted automatically by our proposed system integration. In cases where there is a budget for manual auditing and the proposal is significant (this will be decided together with the ARDC partners), our team can manually audit these changes on short notice and classify issues from Critical Severity to Low Severity. Our team will also provide remediation options to the proposers and a simple description of the overall issues for less technical delegates. In cases where a manual audit budget is not available for Dedaub, we will propose a small scope for third party teams to inspect.

An MVP implementing steps 1 - 4 will be deployed on the 91-day mark of the project, and will be refined over the subsequent 91 days.

Project Management

Our project management experience is characterized by a structured and efficient approach, delivering projects on time and on budget. We emphasize clear communication, effective resource allocation, and rigorous timeline adherence. Our team is adept at managing complex security projects, coordinating with multiple stakeholders, and delivering results within designated timeframes and budgets. Each individual project will be allocated an internal contact to ensure continuous progress.

Additional Contributions

Dedaub is committed to contributing to the ARDC’s objectives in additional ways:

  • As a founding member of the 911 SEAL team, a white-hat hacking collective, Dedaub will continue protecting the wider crypto community’s security interests.
  • Creating educational materials on smart contract security analysis.
  • Researching new mechanisms to improve the ecosystem’s security.
  • Engaging with delegates to foster a more informed and active governance community.
  • Community outreach.

Scope of Services & Applicable Fees

For the 6-month term, Dedaub proposes the following scope of services and fees.

Our standard rate for manual auditing engagements is $3.5k per engineer per day. When conducting audits a minimum of two engineers are required. If additional specialists are requested, such as cryptographers (e.g., for novel privacy-preserving protocols), quantitative analysts (for economic risk assessments), this is an extra. We don’t however anticipate the need for this.

We note that the majority of our fees will go towards developing custom security tooling for the Arbitrum DAO, since over time this will provide much higher ROI than committing additional man hours on manual audits.

Tooling: $250k per quarter, covering R&D, deployment, hosting & educational materials that explain how to make use of the tooling or how it works.

Auditing: As per standard rate. We recommend allocating 10 engineer days ($35k) per simple on-chain proposal that performs code updates.

We conservatively estimate the need for 4 manual audits over 4 months: $140k

Total: $640k

This budget is roughly equivalent to 50% of the total Security member allocation of 665,000 ARB. Depending on the ARDC’s needs and funding situation, Dedaub can expand the complement of audit services since we have the capacity to do so.

Summary

Dedaub brings extensive experience in smart contract security, with a strong background in static analysis, formal methods, and security monitoring. We propose to enhance the security of the Arbitrum ecosystem by developing tools, conducting thorough code reviews, and providing educational materials. Our team is committed to supporting the ARDC’s mandate to foster a safer and more robust decentralized environment.

For more information about ourselves and our work, head to:

1 Like