Navigation auf uzh.ch

Suche

Department of Informatics - Communication Systems Group

Challenge Task 2023

This semester's Challenge Task (CT) is to implement a Decentralized Application (DApp) deployed on the blockchain and the security assessment of code developed by another group. Thus, in the first stage, groups must design and develop a lottery application. In the second stage, the lottery application must be secured against possible threat vectors (investigated by students). Considering the limited time frame and wide range of threat vectors, students must select a suitable design to secure their app against selected threats. In the third stage, the source code will be exchanged, and groups will perform a security analysis in the dApp and smart contract delivered by another group.

Portability is a key characteristic that must be ensured in all stages of the CT, meaning that the lottery application should be easily deployed and operated on different machines. As such, groups should note that compromises within their design choices might be made to ensure the portability of their lottery application. For example, any additional security service that impairs its straightforward deployment and operation should be avoided. For example, adding a two-factor authentication that requires the use of external tokens or sending SMS.

One can check past CTs (e.g., Challenge Task 2017Challenge Task 2018, and Challenge Task 2019) to understand examples of applications. Even though the groups are free to choose the design of their application to be implemented as a DApp, all groups must ensure that all requirements are met and follow the defined deadlines. The necessary information to fully accomplish the CT, assumptions, libraries, tools and impact on the grade are detailed in the next sections.

Requirements

Each CT group is free to decide on the design of the DApp, for example, how the communication with the on the use-case and how to interact with the system. As mentioned, portability should be maintained at all stages to ensure that all groups can exchange source codes and run the security analysis. However, for each CT group, the following key requirements need to be met:

  1. The core functionality must be implemented and executed entirely within Smart Contracts (SC).
  2. The prototype must validate the proposed use case.
  3. The user must interact with the DApp via a Graphical User Interface (GUI), for example, a Web-based one.
  4. The group must deliver a self-contained report documenting the SC, its operation, and the source code.
  5. Groups will exchange their source-code and must conduct a security analysis covering both the smart contract and the use-case.
    1. First stage concerns the application design and planning
    2. Second stage concerns the implementation and addition of security mechanisms
    3. Exchange of source-code and analysis

Further suggestions include:

  • The solution may use existing libraries and code, but those must be allowed to be published under APL or another comparable open software license.
  • The final report shall document the application, and its operation, mainly with all the details needed to understand the solution to be shown at the presentation and demo time slot. The report should contain approximately 5-10 pages and be written in a technical manner.
  • The source code must be well documented and contain installation guidelines.

Assumptions

The following facts may be assumed:

  • The Smart Contract can be deployed in a private testnet or in one of the Ethereum testnets.
  • You can use just one node (Ganache, Parity or Geth client) with multiple addresses.

Note: Further assumptions, which are not restricting these assumptions above, can be made according to each group's approach.

Libraries and Tools

The items below represent supporting libraries, tools, or references that are recommended to be taken into consideration.

Organization

  • The groups shall be balanced in expertise and work-wise. Every group shall have at least one development expert. During the CT, the group may meet every week during exercise hours to work on the task and discuss the next steps.
  • The groups shall utilize their homework times to work on the CT, besides the exercise time slots assigned on Thursdays.
  • The groups shall determine and set-up an internal project plan with the overall milestones, responsibilities, and timings provided therein.
  • Distribute the workload so that each group member gets a fair load of work.
  • Do not miss the opportunity of discussing details with the Teaching Assistants; he/she might give you useful hints.
  • A midterm report to the supervisors is expected from the group in order to update them with the development of the application.

 

Deadlines

The list below depicts the planning for the FS 2023 Challenge Task. Deadlines are categorized as recommended (groups may adhere or not) and strict (all groups must adhere).  

  • Previous deadlines omitted (done by all groups).
  • Analysis of source code until 24.05 (at 23:59)
  • Hand in final report by 24.05 (at 23:59). Check detailed instructions below.

A lottery application is well-known, and there are various repositories where students can begin their work. Using current apps for adjusting which security mechanisms should be applied is therefore advised. Note that applications with already-implemented security features should not be used (the TA should check them). The objective isto apply the obtained knowledge regarding the design of safe on-chain apps and analyze the code of other groups at the final stage.

Groups and Support

During the challenge task each group will be able to ask questions and get support from their supervisors:

The groups that not discussed or sent their topics to the teaching assistants  are encouraged to contact them as soon as possible.

# Group Name Participants Presentation day Midterm Report Source Code Exchanged Final Report
1 Apollo

Wesley Müri
Aaron Arauz
Oliver Aschwanden

 25.05
2 Zeus

Alain Küng
Tobias Frauenfelder
Ramon Solo De Zaldivar

 25.05
3 Hera

Tiantian Luo
Robin Meister
Hilal Comak

 25.05
4 Nike

Yixuan Zhou
Akshaykumar Sirsikar
Lucas Steffen Krauter
Wanke Tong

 25.05
5 Hades

Junyong Cao
Yunlong Li
Yunxiang Guo

 25.05

Presentation and Evaluation

Challenge Task (CT) presentations and demonstrations will take place on Thursday 25.05.2023 from 14:00 to 15:45 hours. On these dates, the groups will present and demonstrate their results. Presentations and demos will take place in room BIN-2.A.10.

Please make sure that you are available to attend the presentation date (i.e., that you do not have exams, presentations, courses from other modules on that date).

  • Each group will have ~15 minutes for presenting their design and to demonstrate the working application (including presentation and demo). The presentation shall include slides. For the demonstration, the group must run one (or more) use-cases of your application, showing that it meets the defined requirements and successfully implements the proposal. Note that it is expected that everybody contribute towards the presentation and demo in a organized fashion.
  • Remember that the audience will not only be interested in seeing whether or not your Smart Contract works, but more specifically, how the designed mechanisms (e.g., SC communication, random number generation, betting, and so on) for your DApp work behind the scenes.
  • After the presentations, each group will be evaluated.  The following criteria will be taken into consideration to rank the groups: software design and implementation (overall design, and usability), teamwork, presentation, and demonstration of the solution. The winning group (i.e., the one who sums more points) will receive a prize and the "BCOLN Challenge Champion 2023" award.
  • Each group shall hand-in by e-mail (vonderassen@ifi.uzh.ch, rodrigues@ifi.uzh.ch,) the report and source-code of the Smart Contracts until 24.05.2023 - 23:59

CT Grading Impact

The CT grade will impact in the final written exam grade in the following manner:

  • All the four CT requirements met (0 missing requirements):
    • No overall grade reduction
  • Three CT requirements met (1 missing requirements):
    • 0.5 point grade reduction in the final written exam
  • Two requirements met (2 missing requirements):
    • 1.0 point grade reduction in the final written exam
  • Only one requirement met (3 missing requirements):
    • 1.5 point grade reduction in the final written exam
  • No requirement met (4 missing requirements):
    • 2.0 point grade reduction in the final written exam
  • If grade equals or below 4.0:
    • No grade reduction
Grading Table Example

Result

Fulfilment of the Requirements

Requirement / Group

 Apollo Zeus Hera Nike Iris Hades Nemesis Athena Poseidon Demeter Tyche Artmeis

RQ 1

                        
RQ 2                        
RQ 3                        
RQ 4                        

= Fulfilled = Not Fulfilled

🏆 Winner CSG-award: TBA 🏆

Reports and Source Code

Please find the report and source code of each group for download at https://gitlab.ifi.uzh.ch/scheid/bcoln/tree/master/FS20. Source code is licensed under open source license. In case of questions, please contact the respective supervisor.