Proceedings of International Conference on Applied Innovation in IT  ·  2023/11/30  ·  Vol. 11  ·  Issue 2  ·  pp. 39–45
Mitigating the Ronin Protocol Vulnerability in the Context of RBAC Policy
Halyna Huzenko and Leonid Galchynsky
The article discusses the structure of the Ronin protocol and its components, focusing on consensus mechanisms and validators. The purpose of the study was to identify the vulnerability of the protocol and to develop methods for its resolution. It was determined that the bridge component of the protocol has a certain vulnerability. Analyzing and investigating the structure and mechanics of Ronin smart contracts, it was found that all validators are Bridge Validators. This prompted a more detailed study of the protocol structure. Audits for 2022 and 2023 were analyzed, which indicated the presence of privileged functionality in some roles in the system. The conclusion was that the protocol has an unformalized role-based access distribution model. By comparing with the NIST standard, it was found that the role-based access control system in the Ronin protocol (Ronin RBAC) is a Flat Model. By increasing the level of the model to the level of the Restricted Model, it was possible to increase the security level of the protocol. Using the MySQL environment, a simulation model was developed that confirmed the vulnerability of the considered access control system. Based on the analysis of the standard requirements, steps were formulated to make changes to the simulation model. To solve this problem, it was proposed to change the role model of access distribution to Level 3 of the NIST RBAC standard.
Vulnarability Ronin Protocol RBAC Standard ERD Simulation Modelling.
References
  1. M.S. Mavis, "Official Ronin Whitepaper: Consensus," Apr. 28, 2023.
  2. M.S. Mavis, "Official Axie Infinity Whitepaper," Jan. 1, 2023.
  3. M. Bartoletti, S. Carta, T. Cimoli, and R. Saia, "Dissecting Ponzi schemes on Ethereum: Identification, analysis, and impact," Future Generation Computer Systems, vol. 102, pp. 905-913, Aug. 2019.
  4. E. Castronova et al., "As real as real? Macroeconomic behavior in a large-scale virtual world," New Media & Society, vol. 11, no. 5, pp. 685-707, 2009.
  5. R. Behnke, "Explained: The Ronin Hack," Mar. 30, 2022.
  6. V. B. Vishal and A. B. Aniruddha, "Preferential Delegated Proof of Stake (PDPoS) – Modified DPoS with Two Layers towards Scalability and Higher TPS," 2023.
  7. S. Wan et al., "Recent advances in consensus protocols for blockchain: A survey," Springer Science+Business Media, LLC.
  8. M. Alharby et al., "Blockchain-based smart contracts: A systematic mapping study of academic research," in 2018 ICCBB, IEEE, pp. 1–6, 2018.
  9. S. N. Khan et al., "Blockchain smart contracts: Applications, challenges, and future trends," Peer-to-Peer Netw. Appl., vol. 14, pp. 2901–2925, 2021.
  10. Verichains Lab, "Report for Sky Mavis: Security Audit – Ronin Bridge Smart Contracts. 1.1 - Public Report," Jun. 28, 2022.
  11. X. Li et al., "A survey on the security of blockchain systems," Future Generation Computer Systems, pp. 841–853, 2020.
  12. J. Lyanchev, "The Biggest Ever Crypto Hack: What Happened in the Ronin Bridge Attack on 'cryptopotato'," Mar. 30, 2022.
  13. D. Ferraiolo and R. Kuhn, "Role-Based Access Controls: Conference 15th National Computer Security Conference (NCSC)," Oct. 13-16, 1992.

Proceedings of the International Conference on Applied Innovations in IT by Anhalt University of Applied Sciences is licensed under CC BY-SA 4.0  ·  This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License

ICAIIT 2026
International Conference on Applied Innovation in IT
Navigation
Publisher
ISSN2199-8876
Location Anhalt University of Applied Sciences
Phone +49 (0) 3496 67 5611
Address Building 01, Room 425
Bernburger Str. 55
D-06366 Köthen, Germany
Open Access License

All works are licensed under the Creative Commons Attribution-ShareAlike 4.0 International License (CC BY-SA 4.0), unless otherwise noted.

Published by ICAIIT in cooperation with Anhalt University of Applied Sciences.

© 2026 ICAIIT — International Conference on Applied Innovations in IT. Anhalt University of Applied Sciences, Köthen, Germany.
Visitors: site traffic counter