A Semantic Framework for the Security Analysis of Ethereum smart contracts

Smart contracts are programs running on cryptocurrency (e.g., Ethereum) blockchains, whose popularity stem from the possibility to perform financial transactions, such as payments and auctions, in a distributed environment without need for any trusted third party. Given their financial nature, bugs or vulnerabilities in these programs may lead to catastrophic consequences, as witnessed by recent attacks. Unfortunately, programming smart contracts is a delicate task that requires strong expertise: Ethereum smart contracts are written in Solidity, a dedicated language resembling JavaScript, and shipped over the blockchain in the EVM bytecode format. In order to rigorously verify the security of smart contracts, it is of paramount importance to formalize their semantics as well as the security properties of interest, in particular at the level of the bytecode being executed. In this paper, we present the first complete small-step semantics of EVM bytecode, which we formalize in the F* proof assistant, obtaining executable code that we successfully validate against the official Ethereum test suite. Furthermore, we formally define for the first time a number of central security properties for smart contracts, such as call integrity, atomicity, and independence from miner controlled parameters. This formalization relies on a combination of hyper- and safety properties. Along this work, we identified various mistakes and imprecisions in existing semantics and verification tools for Ethereum smart contracts, thereby demonstrating once more the importance of rigorous semantic foundations for the design of security verification techniques.

[1]  S. van der Hof,et al.  Code As Law , 2006 .

[2]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[3]  Gregor Snelting,et al.  Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs , 2009, International Journal of Information Security.

[4]  Gregor Snelting,et al.  Checking probabilistic noninterference using JOANA , 2014, it Inf. Technol..

[5]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[6]  Robert Edström,et al.  Safer smart contracts through type-driven development , 2016 .

[7]  Nikhil Swamy,et al.  Formal Verification of Smart Contracts: Short Paper , 2016, PLAS@CCS.

[8]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[9]  Grigore Rosu,et al.  Semantics-based program verifiers for all languages , 2016, OOPSLA.

[10]  Andrew Lippman,et al.  MedRec: Using Blockchain for Medical Data Access and Permission Management , 2016, 2016 2nd International Conference on Open and Big Data (OBD).

[11]  Christof Weinhardt,et al.  Trading Stocks on Blocks - Engineering Decentralized Markets , 2017, DESRIST.

[12]  Changyu Dong,et al.  Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing , 2017, CCS.

[13]  Feng Hao,et al.  A Smart Contract for Boardroom Voting with Maximum Voter Privacy , 2017, IACR Cryptol. ePrint Arch..

[14]  Michael J. Coblenz Obsidian: A Safer Blockchain Programming Language , 2017, 2017 IEEE/ACM 39th International Conference on Software Engineering Companion (ICSE-C).

[15]  Russell O'Connor,et al.  Simplicity: A New Language for Blockchains , 2017, PLAS@CCS.

[16]  Sijie Chen,et al.  Smart contract-based campus demonstration of decentralized transactive energy auctions , 2017, 2017 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT).

[17]  Ilya Sergey,et al.  A Concurrent Perspective on Smart Contracts , 2017, Financial Cryptography Workshops.

[18]  Massimo Bartoletti,et al.  A Survey of Attacks on Ethereum Smart Contracts (SoK) , 2017, POST.

[19]  Nishant Rodrigues,et al.  KEVM: A Complete Semantics of the Ethereum Virtual Machine , 2017 .

[20]  Yoichi Hirai,et al.  Defining the Ethereum Virtual Machine for Interactive Theorem Provers , 2017, Financial Cryptography Workshops.

[21]  Alex Biryukov,et al.  Findel: Secure Derivative Contracts for Ethereum , 2017, Financial Cryptography Workshops.

[22]  Chandra Adhikari,et al.  Secure Framework for Healthcare Data Management Using Ethereum-based Blockchain Technology , 2017 .

[23]  Petar Tsankov,et al.  Securify: Practical Security Analysis of Smart Contracts , 2018, CCS.

[24]  Radu State,et al.  Visual emulation for Ethereum's virtual machine , 2018, NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium.

[25]  Matteo Maffei,et al.  Foundations and Tools for the Static Analysis of Ethereum Smart Contracts , 2018, CAV.

[26]  Aron Laszka,et al.  Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach , 2017, Financial Cryptography.

[27]  Yannis Smaragdakis,et al.  Gigahorse: Thorough, Declarative Decompilation of Smart Contracts , 2019, 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE).