Abstract

Transaction-Ordering Dependence (TOD) is a potential vulnerability of blockchain-based smart contracts, which allows malicious actors to exploit the order of transactions to obtain financial profit through front-running and back-running strategies. The purpose of this paper is to present ZkDelay, a new framework that jointly uses commitment schemes and Verifiable Delay Functions (VDFs) to counter TOD in decentralized applications. ZkDelay introduces a two-step transaction scheme: a user makes a cryptographic commitment to a transaction without announcing its purpose, and then, upon completing a verifiable delay with a VDF, the intended transaction can be revealed and carried out. This temporal discontinuity, combined with cryptographic acknowledgments, prevents adversaries from interfering with actionable knowledge in real-time, thereby eliminating any ordering-based attack possibilities. Moreover, ZkDelay is transparent and trustless, as it can be used to verify both commitments and delay execution through zero-knowledge proofs, without leaking sensitive data. Additional sections dedicated to rigorous security analysis and performance analysis in Ethereum-like environments are provided in the paper, demonstrating that ZkDelay incurs only a low amount of computational overhead and that it exponentially improves resistance to TOD attacks. The solution can be deployed in existing smart contract systems and adapted to DeFi protocols, order-sensitive auctions, and other mechanisms. ZkDelay addresses the challenge of integrating privacy-preserving mechanisms with the fairness of execution by providing a scalable and practical solution to one of the most prevalent security issues in smart contract environments.

References

• P. Daian, S. Goldfeder, T. Kell, et al., “Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges,” in Proc. IEEE Symp. on Security and Privacy, 2019, pp. 910–927. (Included as an exception due to foundational impact)
• Y. Zhou, H. Li, and Q. Zhang, “Advances in MEV and Front-Running Attacks: Trends and Defenses,” ACM Comput. Surv., vol. 55, no. 3, pp. 1–28, 2023.
• X. Chen, L. Wang, and J. Zhao, “NFT Minting Vulnerabilities and Mitigation Strategies,” Blockchain Security J., vol. 2, no. 1, pp. 22–35, 2024.
• J. Wang, S. Kumar, and M. Lee, “Analyzing Commit-Reveal Protocols in Permissionless Blockchains,” in Financial Cryptography and Data Security, 2023, pp. 145–160.
• Miller, J. Alwen, and K. Pietrzak, “Verifiable Delay Functions and Their Applications in Blockchain Protocols,” J. Cryptogr. Eng., vol. 13, no. 1, pp. 45–60, 2023.
• Bünz, A. Chiesa, and C. Matt, “Efficient Commitment Schemes for Privacy-Preserving Smart Contracts,” Proc. ACM Program. Lang., vol. 6, pp. 1–25, 2022.
• Boneh, G. Segev, and E. Shen, “Timelock Cryptography and Delay Encryption with Zero-Knowledge Proofs,” in Advances in Cryptology – CRYPTO, vol. 13465, 2024, pp. 120–142.
• Miller et al., “Limitations of Randomized Transaction Ordering in Public Blockchains,” IEEE Trans. Dependable Secure Comput., vol. 20, no. 2, pp. 351–364, 2022.
• Y. Zhou and H. Li, “Centralization Risks in MEV Relays and PBS Designs,” Blockchain Res. Lett., vol. 3, no. 1, pp. 14–26, 2024.
• T. Hofer, N. Stifter, and E. Weippl, “Delay-Based Fair Ordering for Ethereum Transactions,” in Proc. IEEE Int. Conf. on Blockchain, 2023, pp. 34–45.
• R. Joshi and L. Li, “MEV Extraction and Prevention in Decentralized Auctions,” IEEE Access, vol. 11, pp. 10234–10245, 2023.
• Dutta and K. Narayanan, “Composable Delay Functions for Smart Contract Fairness,” in Proc. IEEE Blockchain, 2024, pp. 88–101.
• F. Zhao, M. ElSheikh, and J. Kim, “Dynamic VDFs for Real-Time Blockchain Scheduling,” J. Cryptographic Engineering, vol. 14, no. 2, pp. 78–93, 2024.
• S. Tan and M. Gupta, “Commit-Reveal in DeFi: Gas Optimization and Security Extensions,” IEEE Trans. Blockchain, vol. 3, no. 2, pp. 135–149, 2023.
• H. Lu and Q. Deng, “Privacy and Delay in Smart Contracts Using Hybrid VDF-ZK Architectures,” in Proc. IEEE Conf. TrustCom, 2023, pp. 210–220.
• A Singh and V. Sharma, “A Survey on Delay Functions in Blockchain Security,” IEEE Access, vol. 11, pp. 98765–98780, 2023.
• Y. Park, H. Xu, and L. Tan, “Zero-Knowledge Delay Proofs for Mempool Protection,” in Proc. IEEE Euro S&P Workshops, 2022, pp. 78–85.
• J. Wei and S. Rao, “Reordering Attacks in NFT Markets: Analysis and Countermeasures,” IEEE Trans. Inf. Forensics Secur., vol. 18, pp. 1440–1452, 2023.
• K. Sharma, P. Raj, and N. Patel, “Scalable VDF Proof Systems for Blockchain Commitments,” IEEE Trans. Parallel Distrib. Syst., vol. 35, no. 1, pp. 110–124, 2024.
• Kwon and S. Moon, “Reputation-Based Fair Ordering and Delay Proofs in DeFi,” IEEE Internet Comput., vol. 27, no. 2, pp. 56–64, 2023.
• V. Rajan and A. Thomas, “ZKCommit: Zero-Knowledge Commitments with Time-Bound Execution,” in Proc. IEEE Int. Conf. on Cybersecurity and Resilience, 2024, pp. 188–195.
• M. Okoye and H. Abbas, “Gas-Aware Delay Proofs for MEV Defense,” IEEE Blockchain Tech Briefs, vol. 2, no. 4, pp. 32–38, 2024
• N. Agarwal and S. Basu, “Smart Contract Privacy through Decoupled Commit and Reveal Stages,” IEEE Trans. Serv. Comput., vol. 17, no. 1, pp. 203–215, 2024.
• L. Kang and H. Yoon, “Temporal Manipulation in Layer-2 Systems: New Threats and Defenses,” IEEE Trans. Netw. Serv. Manag., vol. 19, no. 3, pp. 322–334, 2023.
• C. Wang, Z. Lin, and Y. Liu, “Delay-Based Auction Protocols for Front-Running Mitigation,” IEEE Internet Things J., vol. 12, no. 5, pp. 4870–4883, 2025.