Online detection of effectively callback free objects with applications to smart contracts

Callbacks are essential in many programming environments, but drastically complicate program understanding and reasoning because they allow to mutate object's local states by external objects in unexpected fashions, thus breaking modularity. The famous DAO bug in the cryptocurrency framework Ethereum, employed callbacks to steal $150M. We define the notion of Effectively Callback Free (ECF) objects in order to allow callbacks without preventing modular reasoning. An object is ECF in a given execution trace if there exists an equivalent execution trace without callbacks to this object. An object is ECF if it is ECF in every possible execution trace. We study the decidability of dynamically checking ECF in a given execution trace and statically checking if an object is ECF. We also show that dynamically checking ECF in Ethereum is feasible and can be done online. By running the history of all execution traces in Ethereum, we were able to verify that virtually all existing contract executions, excluding these of the DAO or of contracts with similar known vulnerabilities, are ECF. Finally, we show that ECF, whether it is verified dynamically or statically, enables modular reasoning about objects with encapsulated state.

[1]  Nikhil Swamy,et al.  Formal Verification of Smart Contracts: Short Paper , 2016, PLAS@CCS.

[2]  K. Rustan M. Leino,et al.  Modular Verification of Static Class Invariants , 2005, FM.

[3]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[4]  Gary T. Leavens,et al.  Proceedings of the 3rd annual conference on Systems, programming, and applications: software for humanity , 2012, SPLASH 2012.

[5]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[6]  Elaine Shi,et al.  Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab , 2016, Financial Cryptography Workshops.

[7]  Francesco Logozzo Class invariants as abstract interpretation of trace semantics , 2009, Comput. Lang. Syst. Struct..

[8]  K. Rustan M. Leino,et al.  Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[9]  C. A. R. Hoare,et al.  Proof of correctness of data representations , 1972, Acta Informatica.

[10]  Ondrej Lhoták,et al.  Averroes: Whole-Program Analysis without the Whole Program , 2013, ECOOP.

[11]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[12]  Nick Szabo,et al.  Formalizing and Securing Relationships on Public Networks , 1997, First Monday.

[13]  Ilya Sergey,et al.  A Concurrent Perspective on Smart Contracts , 2017, Financial Cryptography Workshops.

[14]  Jean-Christophe Filliâtre,et al.  Why3 - Where Programs Meet Provers , 2013, ESOP.

[15]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[16]  K. Rustan M. Leino,et al.  Data abstraction and information hiding , 2002, TOPL.

[17]  Javier Esparza,et al.  Reachability Analysis of Pushdown Automata: Application to Model-Checking , 1997, CONCUR.

[18]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[19]  Anindya Banerjee,et al.  Ownership confinement ensures representation independence for object-oriented programs , 2002, JACM.

[20]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[21]  Hongseok Yang,et al.  Liveness-Preserving Atomicity Abstraction , 2011, ICALP.

[22]  Rob Pike Go at Google , 2012, SPLASH '12.