Affiliation:
1. Università della Svizzera italiana, Lugano, Switzerland
2. Meta, London, UK
3. Ethereum Foundation, Zug, Switzerland
4. Università della Svizzera italiana and Purdue University, West Lafayette, IN
Abstract
Smart contracts are tempting targets of attacks, as they often hold and manipulate significant financial assets, are immutable after deployment, and have publicly available source code, with assets estimated in the order of millions of dollars being lost in the past due to vulnerabilities. Formal verification is thus a necessity, but smart contracts challenge the existing highly efficient techniques routinely applied in the symbolic verification of software, due to specificities not present in general programming languages. A common feature of existing works in this area is the attempt to reuse off-the-shelf verification tools designed for general programming languages. This reuse can lead to inefficiency and potentially unsound results, as domain translation is required. In this article, we describe a carefully crafted approach that directly models the central aspects of smart contracts natively, going from the contract to its logical representation without intermediary steps. We use the expressive and highly automatable logic of constrained Horn clauses for modeling and instantiate our approach to the Solidity language. A tool implementing our approach, called
Solicitous
, was developed and integrated into the SMTChecker module of the Solidity compiler solc. We evaluated our approach on an extensive benchmark set containing 22,446 real-world smart contracts deployed on the Ethereum blockchain over a 27-month period. The results show that our approach is able to establish safety of significantly more contracts than comparable, publicly available verification tools, with an order of magnitude increase in the percentage of formally verified contracts.
Funder
Swiss National Science Foundation
European Research Council
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Reference69 articles.
1. SAFEVM: a safety verifier for Ethereum smart contracts
2. Leonardo Alt and Christian Reitwiessner. 2018. SMT-based verification of Solidity smart contracts. In Proceedings of the 8th International Symposium on Leveraging Applications of Formal Methods. 376–388.
3. Blockchain technology in the energy sector: A systematic review of challenges and opportunities
4. Elli Androulaki, Artem Barger, Vita Bortnikov, Christian Cachin, Konstantinos Christidis, Angelo De Caro, David Enyeart, et al. 2018. Hyperledger fabric: A distributed operating system for permissioned blockchains. In Proceedings of the 13th EuroSys Conference. Article 30, 15 pages.
5. Nicola Atzei, Massimo Bartoletti, and Tiziana Cimoli. 2017. A survey of attacks on Ethereum smart contracts SoK. In Proceedings of the 6th International Conference on Principles of Security and Trust. 164–186.
Cited by
7 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Empirical Study of Move Smart Contract Security: Introducing MoveScan for Enhanced Analysis;Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis;2024-09-11
2. Succinct ordering and aggregation constraints in algebraic array theories;Journal of Logical and Algebraic Methods in Programming;2024-08
3. Software verification challenges in the blockchain ecosystem;International Journal on Software Tools for Technology Transfer;2024-07-12
4. iCon: Automated Verification of Inter-Transaction Properties in Tezos Smart Contracts with Unknowns;2024 IEEE International Conference on Blockchain and Cryptocurrency (ICBC);2024-05-27
5. Deductive verification of smart contracts with Dafny;International Journal on Software Tools for Technology Transfer;2024-02-20