Table of contents
No headings in the article.
Abstract. Policia is a proposed system that exploits Ethereum's public transaction ledger and smart contracts to detect potential illicit transaction patterns, warn network participants of dubious activities, and establish risk mitigation strategies via on-chain transaction suspension and off-chain coordination. The goal is to minimize the effects of fraudulent behavior and theft on the Ethereum ecosystem using a blend of on-chain and off-chain strategies.
As the use of public blockchain technologies broadens and matures, the threats of fraud, theft, and illegal activities concurrently escalate. Current solutions cannot entirely identify, monitor, or lessen the effects of unauthorized malicious activities involving stolen assets or compromised addresses on these blockchains. Policia, through a decentralized architecture, employs the transparency and programmability of blockchains to devise a comprehensive framework for surveying, identifying, and reacting to potentially fraudulent transactions at a large scale.
The growing prominence of Ethereum and its decentralized applications (dApps) has led to a proportional increase in fraudulent activities and theft on these networks. Current options for effectively lessening the impact of these threats are limited:
Blacklisting addresses or funds on-chain is challenging due to the immutable and censorship-resistant nature of blockchains. Once a transaction is verified, it is irreversible and cannot be removed from the network's history.
Even though some centralized exchanges can freeze accounts associated with fraud, this only affects the funds on their platforms and does not extend to the wider blockchain network.
Existing fraud detection solutions concentrate on off-chain analytics and forensics to track the flow of stolen funds. However, these tools cannot enforce mitigation actions on-chain directly.
Decentralized autonomous organizations (DAOs) and community governance mechanisms for managing blacklist rules have been proposed. Still, these are susceptible to manipulation or exploitation of the governance process.
As a result, stolen funds and fraudulent activities on blockchains often persist indefinitely. This undermines confidence in the ecosystem and poses risks for dApp businesses and users.
These factors allow fraudulent activities and stolen funds on blockchains to continue indefinitely, which erodes trust in the ecosystem and poses risks to dApp businesses and users.
Jcka Labs' current research has explored using a mix of on-chain and off-chain solutions to address these threats more comprehensively. A Security Layer One on a decentralized wallet could programmatically enforce blacklisting rules and suspend transactions. Off-chain tools could supply the necessary analytics, storage, and forensics to inform these on-chain mitigation actions.
However, existing solutions tend to concentrate solely on one aspect of the problem - either on-chain enforcement or off-chain analytics. An integrated framework that utilizes both approaches could potentially be more effective in identifying and mitigating fraud on an ecosystem-wide scale. This is the gap that the Policia system aims to fill.
3. Proposed Solution
Policia will utilize a combination of on-chain and off-chain components to create a decentralized fraud detection system:
Smart contracts will monitor all transactions on the Ethereum blockchain and identify suspicious patterns based on rules and a reputation model.
When fraudulent activity is detected, the smart contracts will issue alerts on-chain. They will also have the ability to suspend suspicious transactions pending review.
The smart contracts will be upgradeable to add new rules and blacklisting capabilities over time.
Off-chain analytics tools will provide data and insights to build and refine the rules and reputation model used by smart contracts.
An interface will allow users to report suspicious activities and view alerts/blacklists.
Off-chain coordination will allow network participants to communicate and take additional mitigation actions against fraudulent addresses/funds.
This combined on-chain/off-chain approach will enable Policia to:
Identify suspicious transaction patterns at scale
Quickly issue alerts to network participants
Temporarily suspend fraudulent transactions
Gradually build blacklists of fraudulent addresses through community coordination
Evolve the fraud detection rules and model over time
4. User Cases
Detecting and alerting others of stolen funds being laundered through DeFi protocols
Identifying compromised accounts sending funds to exchange addresses
Freezing flash loan transactions that appear to be performing arbitrage on fraudulent markets
Blacklisting addresses associated with phishing/scam websites
Warning users if they are about to transact with a fraudulent address
Policia's design has been outlined as a proposed system for detecting and sending alerts regarding potential fraudulent transaction activities on Ethereum. By processing all transactions, constructing an address reputation model, and issuing alerts, Policia aims to aid in reducing the effects of fraud and theft on the Ethereum ecosystem. We plan to further refine the system design, implement a prototype, and conduct simulations to evaluate performance. Feedback and contributions to the open-source project are highly encouraged.