VeriSolid: Correct-by-Design Smart Contracts for Ethereum

The adoption of blockchain based distributed ledgers is growing fast due to their ability to provide reliability, integrity, and auditability without trusted entities. One of the key capabilities of these emerging platforms is the ability to create self-enforcing smart contracts. However, the development of smart contracts has proven to be error-prone in practice, and as a result, contracts deployed on public platforms are often riddled with security vulnerabilities. This issue is exacerbated by the design of these platforms, which forbids updating contract code and rolling back malicious transactions. In light of this, it is crucial to ensure that a smart contract is secure before deploying it and trusting it with significant amounts of cryptocurrency. To this end, we introduce the VeriSolid framework for the formal verification of contracts that are specified using a transition-system based model with rigorous operational semantics. Our model-based approach allows developers to reason about and verify contract behavior at a high level of abstraction. VeriSolid allows the generation of Solidity code from the verified models, which enables the correct-by-design development of smart contracts.

[1]  Prateek Saxena,et al.  Finding The Greedy, Prodigal, and Suicidal Contracts at Scale , 2018, ACSAC.

[2]  Massimo Bartoletti,et al.  Financial Cryptography and Data Security , 2017, Lecture Notes in Computer Science.

[3]  Joseph Sifakis,et al.  Incremental Component-Based Construction and Verification of a Robotic System , 2008, ECAI.

[4]  Christel Baier,et al.  Principles of Model Checking (Representation and Mind Series) , 2008 .

[5]  Marius Bozga,et al.  Model-Driven Information Flow Security for Component-Based Systems , 2014, FPS@ETAPS.

[6]  Russell O'Connor,et al.  Simplicity: A New Language for Blockchains , 2017, PLAS@CCS.

[7]  Yi Zhang,et al.  KEVM: A Complete Formal Semantics of the Ethereum Virtual Machine , 2018, 2018 IEEE 31st Computer Security Foundations Symposium (CSF).

[8]  Uwe Zdun,et al.  Design Patterns for Smart Contracts in the Ethereum Ecosystem , 2018, 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[9]  Albert Rubio,et al.  EthIR: A Framework for High-Level Analysis of Ethereum Bytecode , 2018, ATVA.

[10]  Jun Sun,et al.  Executable Operational Semantics of Solidity , 2018, ArXiv.

[11]  Gordon D. Plotkin,et al.  A structural approach to operational semantics , 2004, J. Log. Algebraic Methods Program..

[12]  Aron Laszka,et al.  Tool Demonstration: FSolidM for Designing Secure Ethereum Smart Contracts , 2018, POST.

[13]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[14]  Petar Tsankov,et al.  Securify: Practical Security Analysis of Smart Contracts , 2018, CCS.

[15]  Gordon J. Pace,et al.  Contracts over Smart Contracts: Recovering from Violations Dynamically , 2018, ISoLA.

[16]  Joseph Sifakis,et al.  Rigorous Component-Based System Design Using the BIP Framework , 2011, IEEE Software.

[17]  Simon Bliudze,et al.  Reduction and Abstraction Techniques for BIP , 2014, FACS.

[18]  Edmund M. Clarke,et al.  Model checking and abstraction , 1994, TOPL.

[19]  Massimo Bartoletti,et al.  A Survey of Attacks on Ethereum Smart Contracts (SoK) , 2017, POST.

[20]  Yoichi Hirai,et al.  Defining the Ethereum Virtual Machine for Interactive Theorem Provers , 2017, Financial Cryptography Workshops.

[21]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[22]  Jeffrey D. Ullman,et al.  Principles Of Database And Knowledge-Base Systems , 1979 .

[23]  Michael Devetsikiotis,et al.  Blockchains and Smart Contracts for the Internet of Things , 2016, IEEE Access.

[24]  Nikhil Swamy,et al.  Formal Verification of Smart Contracts: Short Paper , 2016, PLAS@CCS.

[25]  Vincent Gramoli,et al.  Vandal: A Scalable Security Analysis Framework for Smart Contracts , 2018, ArXiv.

[26]  Gabor Karsai,et al.  TRANSAX: A Blockchain-Based Decentralized Forward-Trading Energy Exchanged for Transactive Microgrids , 2018, 2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS).

[27]  Sarah Underwood,et al.  Blockchain beyond bitcoin , 2016, Commun. ACM.

[28]  Aron Laszka,et al.  Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach , 2017, Financial Cryptography.

[29]  Christopher D. Clack,et al.  Smart Contract Templates: foundations, design landscape and research directions , 2016, ArXiv.

[30]  Joseph Sifakis,et al.  Architecture-Based Design: A Satellite On-Board Software Case Study , 2016, FACS.

[31]  Ilya Sergey,et al.  A Concurrent Perspective on Smart Contracts , 2017, Financial Cryptography Workshops.

[32]  Nishant Rodrigues,et al.  KEVM: A Complete Semantics of the Ethereum Virtual Machine , 2017 .

[33]  Jingwen Hu,et al.  A Method of Logic-Based Smart Contracts for Blockchain System , 2018, ICDPA 2018.

[34]  Miklós Maróti,et al.  Next Generation (Meta)Modeling: Web- and Cloud-based Collaborative Tool Infrastructure , 2014, MPM@MoDELS.

[35]  Gordon J. Pace,et al.  Runtime Verification of Ethereum Smart Contracts , 2018, 2018 14th European Dependable Computing Conference (EDCC).

[36]  Massimo Bartoletti,et al.  A formal model of Bitcoin transactions , 2018, IACR Cryptol. ePrint Arch..

[37]  Matteo Maffei,et al.  A Semantic Framework for the Security Analysis of Ethereum smart contracts , 2018, POST.

[38]  Ali Dehghantanha,et al.  Empirical Vulnerability Analysis of Automated Smart Contracts Security Testing on Blockchains , 2018, CASCON.

[39]  Hang Lei,et al.  Lolisa: Formal Syntax and Semantics for a Subset of the Solidity Programming Language , 2018, Mathematical Problems in Engineering.

[40]  Christopher K. Frantz,et al.  From Institutions to Code: Towards Automated Generation of Smart Contracts , 2016, 2016 IEEE 1st International Workshops on Foundations and Applications of Self* Systems (FAS*W).

[41]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[42]  Jeffrey D. Uuman Principles of database and knowledge- base systems , 1989 .

[43]  Qiang Wang,et al.  Formal Verification of Infinite-State BIP Models , 2015, ATVA.

[44]  Rainer Böhme,et al.  In Code We Trust? - Measuring the Control Flow Immutability of All Smart Contracts Deployed on Ethereum , 2017, DPM/CBT@ESORICS.