PolyU Computing Researchers and PhD Students Garner Best Practical Paper at Cybersecurity Award 2025 After Securing Distinguished Paper Award at ACM Conference on Computer and Communications Security in 2024
A team of academic staff and PhD students led by Prof. LUO Xiapu Daniel from the Department of Computing (COMP) at PolyU won a Best Practical Paper accolade at the Cybersecurity Award 2025, following a Distinguished Paper Award received at the 31st ACM Conference on Computer and Communications Security (CCS) in 2024.
Their winning paper is titled "DoubleUp Roll: Double-spending in Arbitrum by Rolling It Back". The authors of the paper comprise academic staff, PhD students and a PhD graduate from COMP, as well as an academic from the Southern University of Science and Technology in Mainland China.
Specifically, the PolyU team includes Mr SUN Zhiyuan (PhD Student from COMP), Dr LI Zihao (Postdoctoral Fellow from COMP), Mr PENG Xinghao (PhD Student from COMP), Dr JIANG Muhui (PhD Graduate from COMP), Dr ZHOU Hao (Research Assistant Professor of COMP), and Prof. LUO Xiapu Daniel (Associate Dean (Research) of the Faculty of Computer and Mathematical Sciences and Professor of COMP). Dr JIANG and Dr ZHOU are Prof. LUO’s former PhD students.
The paper identifies critical vulnerabilities in widely used optimistic rollup protocols, specifically Arbitrum and Optimism. It reveals three previously unknown double-spending attacks, including the overtime attack, the queuecut attack and the zip-bomb attack, which could allow attackers to steal funds from cross-chain applications at no cost. These severe vulnerabilities were promptly reported to the Arbitrum and Optimism teams, which recognised the contributions with significant bug bounties and resolved the issues. This research prevented potential damages that could have escalated to billions of dollars.
The paper was presented at ACM CCS 2024, where it received a Distinguished Paper Award—the first time this prestigious honour has been granted to researchers in Hong Kong.
It also received a Best Practical Paper award at the Cybersecurity Award 2025. The Cybersecurity Award is presented by the journal Cybersecurity under the SpringerOpen portfolio. The award recognises research papers that demonstrate outstanding and groundbreaking contributions to the field of cybersecurity.
| References |
|---|
Sun, Z., Li, Z., Peng, X., Luo, X., Jiang, M., Zhou, H., & Zhang, Y. 2024. DoubleUp Roll: Double-spending in Arbitrum by Rolling It Back. Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security (CCS '24). Association for Computing Machinery, New York, NY, USA, 2577–2590. https://doi.org/10.1145/3658644.3690256.
