New Highlights

Passive liquidity providers (LPs) in automated market makers (AMMs) face losses due to adverse 

selection (LVR), which static trading fees often fail to offset in practice. We study the key determinants 

of LP profitability in a dynamic reduced-form model where an AMM operates in parallel with a 

centralized exchange (CEX), traders route their orders optimally to the venue offering the better price, 

and arbitrageurs exploit price discrepancies. Using large-scale simulations and real market data, we 

analyze how LP profits vary with market conditions such as volatility and trading volume, and 

characterize the optimal AMM fee as a function of these conditions. We highlight the mechanisms 

driving these relationships through extensive comparative statics, and confirm the model's relevance 

through market data calibration. A key trade-off emerges: fees must be low enough to attract volume, 

yet high enough to earn sufficient revenues and mitigate arbitrage losses. We find that under normal 

market conditions, the optimal AMM fee is competitive with the trading cost on the CEX and 

remarkably stable, whereas in periods of very high volatility, a high fee protects passive LPs from 

severe losses. These findings suggest that a threshold-type dynamic fee schedule is both robust 

enough to market conditions and improves LP outcomes. See Optimal Fees for Liquidity Provision in 

Automated Market Makers.

This paper investigates how settlement speed affects financial stability in payment

networks, taking into account netting benefits, liquidity costs, and counterparty risks. Our analysis reveals

that faster settlements have ambiguous effects on systemic risk and social welfare. The optimal

settlement speed is determined by the network structure and the trade-off between netting efficiency and

liquidity costs on one hand, and the probability of counterparty defaults on the other. Notably, we identify

conditions, particularly under liquidity stress, where faster settlement can paradoxically increase systemic

risk by amplifying crisis severity, even while reducing crisis probability. Our results have important policy

implications, arguing against a one-size-fits-all approach to settlement speed design. See Settlement

 Speed and Financial Stability.

We study the risks of validator reuse across multiple services in a restaking protocol. We

characterize the robust security of a restaking network as a function of the buffer between the

costs and profits from attacks. For example, our results imply that if attack costs always exceed

attack profits by 10%, then a sudden loss of .1% of the overall stake (e.g., due to a software

error) cannot result in the ultimate loss of more than 1.1% of the overall stake. We also provide

local analogs of these overcollateralization conditions and robust security guarantees that apply

specifically for a target service or coalition of services. All of our bounds on worst-case stake loss

are the best possible. Finally, we bound the maximum-possible length of a cascade of attacks.

Our results suggest measures of robustness that could be exposed to the participants in a

restaking protocol. We also suggest polynomial-time computable sufficient conditions that can

proxy for these measures. See Robust Restaking Networks.

Users bid in a transaction fee mechanism (TFM) to get their transactions included and

confirmed by a blockchain protocol. Roughgarden (EC’21) initiated the formal treatment of

TFMs and proposed three requirements: user incentive compatibility (UIC), miner incentive

compatibility (MIC), and a form of collusion-resilience called OCA-proofness. Ethereum’s EIP-

1559 mechanism satisfies all three properties simultaneously when there is no contention between

transactions, but loses the UIC property when there are too many eligible transactions to fit in a

single block. Chung and Shi (SODA’23) considered an alternative notion of collusion-resilience,

called c-side-contract-proofness (c-SCP), and showed that, when there is contention between

transactions, no TFM can satisfy UIC, MIC, and c-SCP for any c ≥ 1. OCA-proofness asserts

that the users and a miner should not be able to “steal from the protocol.” On the other hand,

the c-SCP condition requires that a coalition of a miner and a subset of users should not be able

to profit through strategic deviations (whether at the expense of the protocol or of the users

outside the coalition). Our main result is the first proof that, when there is contention between transactions, no

(possibly randomized) TFM in which users are expected to bid truthfully satisfies UIC, MIC,

and OCA-proofness. This result resolves the main open question in Roughgarden (EC’21). We

also suggest several relaxations of the basic model that allow our impossibility result to be

circumvented. See Collusion-Resilience in Transaction Fee Mechanism Design.

Smart contracts are software programs that enable diverse business activities on the blockchain. 

Recent research has identified new classes of ”machine un-auditable” bugs that arise from both 

transactional contexts and source code. Existing detection methods require human understanding of 

underlying transaction logic and manual reasoning across different sources of context (i.e., modalities), 

such as code, dynamic transaction executions, and natural language specifying the expected 

transaction behavior. To automate the detection of “machine un-auditable” bugs, we present 

SMARTINV, an accurate and fast smart contract invariant inference framework. Our key insight is that 

the expected behavior of smart contracts, as specified by invariants, relies on understanding and 

reasoning across multimodal information, such as source code and natural language. We propose a 

new prompting strategy to foundation models, Tier of Thought (ToT), to reason across multiple 

modalities of smart contracts and ultimately to generate invariants. By checking the violation of these 

generated invariants, SMARTINV can identify potential vulnerabilities. We evaluate SMARTINV on real-

world contracts and rediscover bugs that resulted in multi-million dollar losses over the past 2.5 years 

(from January 1, 2021 to May 31, 2023). Our extensive evaluation shows that SMARTINV generates (

3.5×) more bug-critical invariants and detects (4×) more critical bugs compared to the state-of-the-art 

tools in significantly (150×) less time. SMARTINV uncovers 119 zero-day vulnerabilities from the 89,621 

real-world contracts. Among them, five are critical zero-day bugs confirmed by developers as “high 

severity.” See SmartInv: Multimodal Learning for Smart Contract Invariant Inference.

Zero-knowledge (ZK) circuits enable privacy-preserving computations and are central to many cryptographic protocols. Systems like Circom simplify ZK development by combining witness computation and circuit constraints in one program. However, even small errors can compromise security of ZK programs -- under-constrained circuits may accept invalid witnesses, while over-constrained ones may reject valid ones. Static analyzers are often imprecise with high false positives, and formal tools struggle with real-world circuit scale. Additionally, existing tools overlook several critical behaviors, such as intermediate computations and program aborts, and thus miss many vulnerabilities. Our theoretical contribution is the Trace-Constraint Consistency Test (TCCT), a foundational, language-independent formulation of ZK circuit bugs. TCCT provides a unified semantics that subsumes prior definitions and captures both under- and over-constrained vulnerabilities, exposing the full space of ZK bugs that elude prior tools. Our systems contribution is zkFuzz, a novel program mutation-based fuzzing framework for detecting TCCT violations. zkFuzz systematically mutates the computational logic of Zk programs guided by a novel fitness function, and injects carefully crafted inputs using tailored heuristics to expose bugs. We evaluated zkFuzz on 452 real-world ZK circuits written in Circom, a leading programming system for ZK development. zkFuzz successfully identified 85 bugs, including 59 zero-days-39 of which were confirmed by developers and fixed, including bugs undetectable by prior works due to their fundamentally limited formulations, earning thousands of bug bounties. Our preliminary research on Noir, another emerging DSL for ZK circuit, also demonstrates the feasibility of zkFuzz to support multiple DSLs.

You can read the paper here access the open-sourced zkFuzz at https://zkfuzz.xyz/.