跨链数字资产风险管理策略及分析

doi:10.3778/j.issn.1673-9418.2204052

摘要/Abstract

摘要： 由于智能合约的复杂性和各种数字资产所依赖的区块链安全等级不同，出现了系列的针对跨链数字资产的安全事件，凸显了跨链数字资产的高风险。针对跨链数字资产风险较高的问题，分析了近期bEarn Fi和Poly Network的两个典型跨链数字资产安全事件，得出了跨链服务节点的数字资产亟需保护的基本结论；进而结合区块链的特点，以跨链资产兑换为中心，提出了跨链数字资产风险管理的七个策略；并结合传统的异常检测技术，从单交易、多交易、K-means、外部数据源几个方面提供算法，对跨链资产兑换的用户请求进行异常检测，识别并终止异常的兑换请求，以降低跨链服务节点的数字资产风险；最后采用仿真验证的方法，基于哈希时间锁技术搭建了一个简单的跨链系统，在该系统中给出了系列的测试事件，以确认风险管理及异常检测方法的有效性。测试结果表明，提出的风险管理策略和相应的异常检测方法能够有效降低跨链服务节点的数字资产损失，降低跨链服务节点数字资产面临的安全风险。

关键词: 跨链数字资产, 风险, 策略, 异常检测

Abstract: Due to the complexity of smart contracts and the different security levels of blockchains on which various digital assets are issued, a series of security incidents about cross-chain digital assets emerge, highlighting the serious security threats faced by cross-chain digital assets. For the high risk of cross-chain digital assets, this paper analyzes two typical cross-chain digital asset security incidents of bEarn Fi and Poly Network, obtaining a conclusion that the digital assets of cross-chain service nodes need to be protected. Then considering the characteristics of blockchain, focusing on cross-chain asset exchange, this paper proposes seven strategies of cross-chain digital asset risk management. With the traditional anomaly detection techniques, algorithms are provided to detect the abnor-mality of cross-chain asset exchange requests of users from the aspects of single transaction, multiple transactions, K-means and external data sources, so as to identify and terminate the abnormal requests, reducing the security risks of service-node cross-chain digital assets. Finally, by the simulation method, this paper presents a simple cross-chain system based on the hashed time-lock technique, which shows a serial of test events, to confirm the effectiveness of the risk management policies and anomaly detection methods. The test results show that the strategies of risk management and the corresponding anomaly detection algorithms can lower the loss of service-node cross-chain digital assets and reduce the risks of digital assets belonging to cross-chain service nodes.

Key words: cross-chain digital assets, risks, strategies, anomaly detection

田海博, 叶婉. 跨链数字资产风险管理策略及分析[J]. 计算机科学与探索, 2023, 17(9): 2219-2228.

TIAN Haibo, YE Wan. Risk Management Policies and Analysis of Cross-Chain Digital Assets[J]. Journal of Frontiers of Computer Science and Technology, 2023, 17(9): 2219-2228.

参考文献

[1] NAKAMOTO S. Bitcoin: a peer-to-peer electronic cash system[J]. Decentralized Business Review, 2008: 21260.
[2] Litecoin[EB/OL]. [2022-03-30]. https://litecoin.org/.
[3] BUTERIN V. A next-generation smart contract and decentra-lized application platform[EB/OL]. [2022-03-30]. https://ethereum.org/en/whitepaper/.
[4] VOGELSTELLER F, BUTERIN V. Ethereum improvement proposals: EIP-20 token standard[EB/OL]. [2022-03-30]. https://eips.ethereum.org/EIPS/eip-20.
[5] ENTRIKEN W, SHIRLEY D, EVANS J, et al. Ethereum im-provement proposals: EIP-721 non-fungible token standard[EB/OL]. [2022-03-30]. https://eips.ethereum.org/EIPS/eip-721.
[6] 章志容, 李实, 彭添才. 一种跨链操作的风险评估方法：CN110519261B[P]. 2021-11-19.
ZHANG Z R, LI S, PENG T C. Risk assessment method for cross-chain operation: CN110519261B[P]. 2021-11-19.
[7] ZAMYATIN A, HARZ D, LIND J, et al. XCLAIM: trustless, interoperable, cryptocurrency-backed assets[C]//Proceedings of the 2019 IEEE Symposium on Security and Privacy, San Francisco, May 19-23, 2019. Piscataway: IEEE, 2019: 193-210.
[8] HERLIHY M. Atomic cross-chain swaps[C]//Proceedings of the 2018 ACM Symposium on Principles of Distributed Computing, Egham, Jul 23-27, 2018. New York: ACM, 2018: 245-254.
[9] BACK A, CORALLO M, DASHJR L, et al. Enabling block-chain innovations with pegged sidechains[EB/OL]. (2014-10-22) [2022-03-30]. https://blockstream.com/sidechains.pdf.
[10] THOMAS S, SCHWARTZ E. A protocol for interledger payments[EB/OL]. [2022-03-30]. https://interledger.org/interledger.pdf.
[11] Decred-compatible cross-chain atomic swapping[EB/OL]. [2022-03-30]. https://github.com/decred/atomicswap.
[12] HOSP D, HOENISCH T, KITTIWONGSUNTHORN P. Comit-cryptographically-secure off-chain multi-asset instant tran-saction network[EB/OL]. [2022-03-30]. https://arxiv.org/ftp/arxiv/papers/1810/1810.02174.pdf.
[13] Interledger protocol V4[EB/OL]. [2022-03-30]. https://in-terledger.org/rfcs/0027-interledger-protocol-4.
[14] CULWICK A, METCALF D. The blocknet design specifi-cation[EB/OL]. [2022-03-30]. https://www.blocknet.co/wpcon-tent/uploads/2018/04/whitepaper.pdf.
[15] BUTERIN V. Chain interoperability[EB/OL]. [2022-03-30]. https://allquantor.at/blockchainbib/pdf/buterin2016chain.pdf.
[16] DILLEY J, POELSTRA A, WILKINS J, et al. Strong federa-tions: an interoperable blockchain solution to centralized third-party risks[J]. arXiv:1612.05491, 2016.
[17] KWON J, BUCHMAN E. Cosmos whitepaper[EB/OL]. [2022-03-30]. https://v1.cosmos.network/resources/whitepaper.
[18] WOOD G. Polkadot: vision for a heterogeneous multi-chain framework[EB/OL]. [2022-03-30]. https://assets.polkadot.network/Polkadot-whitepaper.pdf.
[19] SPOKE M, NE Team. Aion: enabling the decentralized Internet[EB/OL]. [2022-03-30]. https://aion.network/media/en-aion-networktechnical-introduction.pdf.
[20] TokenBridge??s documentation[EB/OL]. [2022-03-30]. https://docs.tokenbridge.net/.
[21] CHANDOLA V, BANERJEE A, KUMAR V. Anomaly de-tection: a survey[J]. ACM Computing Surveys, 2009, 41(3): 1-58.
[22] EDGEWORTH F Y. Xli. on discordant observations[J]. The London, Edinburgh, and Dublin Philosophical Magazine and Journal of Science, 1887, 23(143): 364-375.
[23] HART P E, STORK D G, DUDA R O. Pattern classification[M]. Hoboken: Wiley, 2000.
[24] CHEN J, SATHE S, AGGARWAL C, et al. Outlier detection with autoencoder ensembles[C]//Proceedings of the 2017 SIAM International Conference on Data Mining, Houston, Apr 27-29, 2017. Philadelphia: SIAM, 2017: 90-98.
[25] RAMASWAMY S, RASTOGI R, SHIM K. Efficient algorithms for mining outliers from large data sets[C]//Proceedings of the 2000 ACM SIGMOD International Conference on Ma-nagement of Data, Dallas, May 15-18, 2000. New York: ACM, 2000: 427-438.
[26] ANGIULLI F, PIZZUTI C. Fast outlier detection in high dimensional spaces[C]//LNCS 2431: Proceedings of the Euro-pean Conference on Principles of Data Mining and Know-ledge Discovery, Helsinki, Aug 19-23, 2002. Berlin, Heidel-berg: Springer, 2002: 15-26.
[27] BREUNIG M M, KRIEGEL H P, NG R T, et al. LOF: identifying density-based local outliers[C]//Proceedings of the 2000 ACM SIGMOD International Conference on Ma-nagement of Data, Dallas, May 15-18, 2000. New York: ACM, 2000: 93-104.
[28] TAN P N, STEINBACH M, KUMAR V. Data mining intro-duction[M]. Beijing: People??s Posts and Telecommunications Publishing House, 2006.
[29] HARTIGAN J A, WONG M A. Algorithm AS 136: a k-means clustering algorithm[J]. Journal of the Royal Statisti-cal Society, Series C (Applied Statistics), 1979, 28(1): 100-108.
[30] GOLDSTEIN M, DENGEL A. Histogram-based outlier score (HBOS): a fast unsupervised anomaly detection algorithm[C]//Proceedings of the 35th Annual German Conference on AI, Saarbrücken, Sep 24-27, 2012. Berlin, Heidelberg:Springer, 2012: 59-63.
[31] KEOGH E, LIN J, FU A. HOT SAX: efficiently finding the most unusual time series subsequence[C]//Proceedings of the 5th IEEE International Conference on Data Mining, Houston, Nov 27-30, 2005. Washington: IEEE Computer Society, 2005: 226-233.
[32] HOCHREITER S, SCHMIDHUBER J. Long short-term me-mory[J]. Neural Computation, 1997, 9(8): 1735-1780.
[33] Transaction data of bEarn Fi (BscScan)[EB/OL]. [2022-03-30]. https://www.bscscan.com/tx/0x603b2bbe2a7d0877b225317-1735ff686a7caad866f6c0435c37b7b49e4bfd9a36c.
[34] Transaction data of bEarn Fi (Google docs)[EB/OL]. [2022-03-30]. https://docs.google.com/spreadsheets/d/1iZ7JjofR6z-RcJpMJ6NSpnUk5u26IIYTW8ZiTMxPvShI/edit#gid=0.
[35] Transaction data of ethereum[EB/OL]. [2022-03-30]. https://cn.etherscan.com/address/0xC8a65Fadf0e0dDAf421F28FEAb69-Bf6E2E589963.
[36] Transaction data of BSC[EB/OL]. [2022-03-30]. https://www.bscscan.com/address/0x0D6e286A7cfD25E0c01fEe9756765-D8033B32C71.
[37] Transaction data of polygon[EB/OL]. [2022-03-30]. https://polygonscan.com/address/0x5dc3603C9D42Ff184153a8a-9094a73d461663214.