Writing safe smart contracts in Flint

Blockchain-based platforms such as Ethereum support the execution of versatile decentralized applications, known as smart contracts. These typically hold and transfer digital currency (e.g., Ether) to other parties on the platform. Contracts have been subject to numerous attacks, losing hundreds of millions of dollars (in Ether). We propose Flint, a new type-safe, capabilities-secure, contract-oriented programming language specifically designed for writing robust smart contracts. To help programmers reason about access control of functions, Flint programmers use caller capabilities. To prevent vulnerabilities relating to the unintentional loss of currency, transfers of assets in Flint are performed through safe atomic operations, inspired by linear type theory.

[1]  A. Turing On Computable Numbers, with an Application to the Entscheidungsproblem. , 1937 .

[2]  Jack B. Dennis,et al.  Programming semantics for multiprogrammed computations , 1966, CACM.

[3]  Robert E. Strom,et al.  Typestate: A programming language concept for enhancing software reliability , 1986, IEEE Transactions on Software Engineering.

[4]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[5]  Jens Palsberg,et al.  The essence of the Visitor pattern , 1998, Proceedings. The Twenty-Second Annual International Computer Software and Applications Conference (Compsac '98) (Cat. No.98CB 36241).

[6]  D. Flannanghan JavaScript: The definitive guide , 1999 .

[7]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[8]  Mark S. Miller,et al.  Capability Myths Demolished , 2003 .

[9]  Peyton Jones,et al.  Haskell 98 language and libraries : the revised report , 2003 .

[10]  Vikram S. Adve,et al.  LLVM: a compilation framework for lifelong program analysis & transformation , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..

[11]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[12]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[13]  Sophia Drossopoulou,et al.  Deny capabilities for safe, fast actors , 2015, AGERE!@SPLASH.

[14]  Morris J. Dworkin,et al.  SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions , 2015 .

[15]  Nikhil Swamy,et al.  Formal Verification of Smart Contracts: Short Paper , 2016, PLAS@CCS.

[16]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[17]  K. Bhargavan,et al.  : Formal Verification of Smart Contracts , 2016 .

[18]  Massimo Bartoletti,et al.  A Survey of Attacks on Ethereum Smart Contracts (SoK) , 2017, POST.

[19]  Ilya Sergey,et al.  Scilla: a Smart Contract Intermediate-Level LAnguage , 2018, ArXiv.