Proceedings of International Conference on Applied Innovation in IT
2023/11/30, Volume 11, Issue 2, pp.39-45

Mitigating the Ronin Protocol Vulnerability in the Context of RBAC Policy


Halyna Huzenko and Leonid Galchynsky


Abstract: The article discusses the structure of the Ronin protocol and its components, focusing on consensus mechanisms and validators. The purpose of the study was to identify the vulnerability of the protocol and to develop methods for its resolution. It was determined that the bridge component of the protocol has a certain vulnerability. Analyzing and investigating the structure and mechanics of Ronin smart contracts, it was found that all validators are Bridge Validators. This prompted a more detailed study of the protocol structure. Audits for 2022 and 2023 were analyzed, which indicated the presence of privileged functionality in some roles in the system. The conclusion was that the protocol has an unformalized role-based access distribution model. By comparing with the NIST standard, it was found that the role-based access control system in the Ronin protocol (Ronin RBAC) is a Flat Model. By increasing the level of the model to the level of the Restricted Model, it was possible to increase the security level of the protocol. Using the MySQL environment, a simulation model was developed that confirmed the vulnerability of the considered access control system. Based on the analysis of the standard requirements, steps were formulated to make changes to the simulation model. To solve this problem, it was proposed to change the role model of access distribution to Level 3 of the NIST RBAC standard.

Keywords: Vulnarability, Ronin Protocol, RBAC Standard, ERD, Simulation Modelling.

DOI: 10.25673/112992

Download: PDF

References:

  1. M.S. Mavis, "Official Ronin Whitepaper: Consensus," Apr. 28, 2023.
  2. M.S. Mavis, "Official Axie Infinity Whitepaper," Jan. 1, 2023.
  3. M. Bartoletti, S. Carta, T. Cimoli, and R. Saia, "Dissecting Ponzi schemes on Ethereum: Identification, analysis, and impact," Future Generation Computer Systems, vol. 102, pp. 905-913, Aug. 2019.
  4. E. Castronova et al., "As real as real? Macroeconomic behavior in a large-scale virtual world," New Media & Society, vol. 11, no. 5, pp. 685-707, 2009.
  5. R. Behnke, "Explained: The Ronin Hack," Mar. 30, 2022.
  6. V. B. Vishal and A. B. Aniruddha, "Preferential Delegated Proof of Stake (PDPoS) – Modified DPoS with Two Layers towards Scalability and Higher TPS," 2023.
  7. S. Wan et al., "Recent advances in consensus protocols for blockchain: A survey," Springer Science+Business Media, LLC.
  8. M. Alharby et al., "Blockchain-based smart contracts: A systematic mapping study of academic research," in 2018 ICCBB, IEEE, pp. 1–6, 2018.
  9. S. N. Khan et al., "Blockchain smart contracts: Applications, challenges, and future trends," Peer-to-Peer Netw. Appl., vol. 14, pp. 2901–2925, 2021.
  10. Verichains Lab, "Report for Sky Mavis: Security Audit – Ronin Bridge Smart Contracts. 1.1 - Public Report," Jun. 28, 2022.
  11. X. Li et al., "A survey on the security of blockchain systems," Future Generation Computer Systems, pp. 841–853, 2020.
  12. J. Lyanchev, "The Biggest Ever Crypto Hack: What Happened in the Ronin Bridge Attack on 'cryptopotato'," Mar. 30, 2022.
  13. D. Ferraiolo and R. Kuhn, "Role-Based Access Controls: Conference 15th National Computer Security Conference (NCSC)," Oct. 13-16, 1992.

    HOME

       - Call for Papers
       - For authors
       - Important Dates
       - Conference Committee
       - Editorial Board
       - Reviewers
       - Last Proceedings


    PROCEEDINGS

       - Volume 12, Issue 1 (ICAIIT 2024)        - Volume 11, Issue 2 (ICAIIT 2023)
       - Volume 11, Issue 1 (ICAIIT 2023)
       - Volume 10, Issue 1 (ICAIIT 2022)
       - Volume 9, Issue 1 (ICAIIT 2021)
       - Volume 8, Issue 1 (ICAIIT 2020)
       - Volume 7, Issue 1 (ICAIIT 2019)
       - Volume 7, Issue 2 (ICAIIT 2019)
       - Volume 6, Issue 1 (ICAIIT 2018)
       - Volume 5, Issue 1 (ICAIIT 2017)
       - Volume 4, Issue 1 (ICAIIT 2016)
       - Volume 3, Issue 1 (ICAIIT 2015)
       - Volume 2, Issue 1 (ICAIIT 2014)
       - Volume 1, Issue 1 (ICAIIT 2013)


    PAST CONFERENCES

       ICAIIT 2024
         - Photos
         - Reports

       ICAIIT 2023
         - Photos
         - Reports

       ICAIIT 2021
         - Photos
         - Reports

       ICAIIT 2020
         - Photos
         - Reports

       ICAIIT 2019
         - Photos
         - Reports

       ICAIIT 2018
         - Photos
         - Reports

    ETHICS IN PUBLICATIONS

    ACCOMODATION

    CONTACT US

 

DOI: http://dx.doi.org/10.25673/115729


        

         Proceedings of the International Conference on Applied Innovations in IT by Anhalt University of Applied Sciences is licensed under CC BY-SA 4.0


                                                   This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License


           ISSN 2199-8876
           Publisher: Anhalt University of Applied Sciences

        site traffic counter

Creative Commons License
Except where otherwise noted, all works and proceedings on this site is licensed under Creative Commons Attribution-ShareAlike 4.0 International License.