Affiliation:
1. ETH Zurich, Switzerland
2. University of British Columbia, Canada
Abstract
Smart contracts are programs that execute in blockchains such as Ethereum to manipulate digital assets. Since bugs in smart contracts may lead to substantial financial losses, there is considerable interest in formally proving their correctness. However, the specification and verification of smart contracts faces challenges that rarely arise in other application domains. Smart contracts frequently interact with unverified, potentially adversarial outside code, which substantially weakens the assumptions that formal analyses can (soundly) make. Moreover, the core functionality of smart contracts is to manipulate and transfer resources; describing this functionality concisely requires dedicated specification support. Current reasoning techniques do not fully address these challenges, being restricted in their scope or expressiveness (in particular, in the presence of re-entrant calls), and offering limited means of expressing the resource transfers a contract performs.
In this paper, we present a novel specification methodology tailored to the domain of smart contracts. Our specifications and associated reasoning technique are the first to enable: (1) sound and precise reasoning in the presence of unverified code and arbitrary re-entrancy, (2) modular reasoning about collaborating smart contracts, and (3) domain-specific specifications for resources and resource transfers, expressing a contract's behaviour in intuitive and concise ways and excluding typical errors by default. We have implemented our approach in 2vyper, an SMT-based automated verification tool for Ethereum smart contracts written in Vyper, and demonstrated its effectiveness for verifying strong correctness guarantees for real-world contracts.
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,Software
Reference54 articles.
1. Sound Modular Verification of C Code Executing in an Unverified Context
2. Taming callbacks for smart contract modularity
3. SMT-Based Verification of Solidity Smart Contracts
4. Sivakumar Arumugam. 2019. Serenuscoin contract. https://github.com/serenuscoin/contracts Accessed on 2021-04-16. Sivakumar Arumugam. 2019. Serenuscoin contract. https://github.com/serenuscoin/contracts Accessed on 2021-04-16.
5. A Survey of Attacks on Ethereum Smart Contracts (SoK)
Cited by
6 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Framework for Effective Smart Contracting;Bratislava Law Review;2023-12-29
2. A unified proof technique for verifying program correctness with big-step semantics;Journal of Systems Architecture;2023-03
3. Formalising Decentralised Exchanges in Coq;Proceedings of the 12th ACM SIGPLAN International Conference on Certified Programs and Proofs;2023-01-11
4. Bayesian network-based quality assessment of blockchain smart contracts;Advances in Computers;2023
5. Necessity
specifications for robustness;Proceedings of the ACM on Programming Languages;2022-10-31