Solidifier: bounded model checking solidity using lazy contract deployment and precise memory modelling

The exploitation of smart-contract vulnerabilities can lead to catastrophic losses. Formal verification can be a useful tool in identifying these vulnerabilities before deployment. We present an encoding of Solidity and the Ethereum blockchain using Boogie, an intermediate verification language. Based on this formalisation, we create Solidifier: a bounded model checker for Solidity. Distinctive features of our encoding are precisely capturing Solidity's unorthodox memory model, a notion of lazy blockchain exploration, and memory-precise verification harnesses. Unlike much of the work in this area, our modus operandi is not matching contracts against specific known behavioural patterns that might lead to vulnerabilities. Rather, we provide a tool to find errors/bad states - be they vulnerabilities or not - that might be reached through behaviours that might not follow such a pattern.

[1]  Dejan Jovanovic,et al.  SMT-Friendly Formalization of the Solidity Memory Model , 2020, ESOP.

[2]  Christel Baier,et al.  Principles of Model Checking (Representation and Mind Series) , 2008 .

[3]  Massimo Bartoletti,et al.  A Survey of Attacks on Ethereum Smart Contracts (SoK) , 2017, POST.

[4]  Leonardo Alt,et al.  SMT-Based Verification of Solidity Smart Contracts , 2018, ISoLA.

[5]  Yi Zhang,et al.  A formal verification tool for Ethereum VM bytecode , 2018, ESEC/SIGSOFT FSE.

[6]  Sukrit Kalra,et al.  ZEUS: Analyzing Safety of Smart Contracts , 2018, NDSS.

[7]  Melanie Swan,et al.  Blockchain: Blueprint for a New Economy , 2015 .

[8]  Yi Zhang,et al.  KEVM: A Complete Formal Semantics of the Ethereum Virtual Machine , 2018, 2018 IEEE 31st Computer Security Foundations Symposium (CSF).

[9]  Sidney Amani,et al.  Towards verifying ethereum smart contract bytecode in Isabelle/HOL , 2018, CPP.

[10]  Gordon J. Pace,et al.  Smart Contracts: A Killer Application for Deductive Source Code Verification , 2018, Principled Software Development.

[11]  Matteo Maffei,et al.  A Semantic Framework for the Security Analysis of Ethereum smart contracts , 2018, POST.

[12]  Dimitar Dimitrov,et al.  VerX: Safety Verification of Smart Contracts , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[13]  Fan Zhang,et al.  Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts , 2018, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[14]  Ilya Sergey,et al.  Temporal Properties of Smart Contracts , 2018, ISoLA.

[15]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[16]  A. W. Roscoe,et al.  Efficient Verification of Concurrent Systems Using Synchronisation Analysis and SAT/SMT Solving , 2019, ACM Trans. Softw. Eng. Methodol..

[17]  Grigore Rosu,et al.  An overview of the K semantic framework , 2010, J. Log. Algebraic Methods Program..

[18]  Pierre-Yves Strub,et al.  Dependent types and multi-monadic effects in F* , 2016, POPL.

[19]  Isil Dillig,et al.  Formal Verification of Workflow Policies for Smart Contracts in Azure Blockchain , 2019, VSTTE.

[20]  Ákos Hajdu,et al.  solc-verify: A Modular Verifier for Solidity Smart Contracts , 2019, VSTTE.

[21]  Nick Szabo,et al.  Formalizing and Securing Relationships on Public Networks , 1997, First Monday.

[22]  Marko Vukolic,et al.  Hyperledger fabric: a distributed operating system for permissioned blockchains , 2018, EuroSys.

[23]  K. Rustan M. Leino,et al.  This is Boogie 2 , 2016 .

[24]  Sergei Tikhomirov,et al.  SmartCheck: Static Analysis of Ethereum Smart Contracts , 2018, 2018 IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB).

[25]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[26]  Zhong Chen,et al.  ReGuard: Finding Reentrancy Bugs in Smart Contracts , 2018, 2018 IEEE/ACM 40th International Conference on Software Engineering: Companion (ICSE-Companion).

[27]  Shuvendu K. Lahiri,et al.  A Solver for Reachability Modulo Theories , 2012, CAV.

[28]  Ilya Grishchenko,et al.  EtherTrust: Sound Static Analysis of Ethereum bytecode , 2018 .

[29]  Zohar Manna,et al.  Temporal verification of reactive systems - safety , 1995 .

[30]  Edmund M. Clarke,et al.  Formal Methods: State of the Art and Future Directions Working Group Members , 1996 .

[31]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[32]  M. Iansiti,et al.  The Truth about Blockchain , 2017 .

[33]  Yoichi Hirai,et al.  Defining the Ethereum Virtual Machine for Interactive Theorem Provers , 2017, Financial Cryptography Workshops.

[34]  Petar Tsankov,et al.  Securify: Practical Security Analysis of Smart Contracts , 2018, CCS.

[35]  S. Matthew Weinberg,et al.  Arbitrum: Scalable, private smart contracts , 2018, USENIX Security Symposium.

[36]  Nikhil Swamy,et al.  Formal Verification of Smart Contracts: Short Paper , 2016, PLAS@CCS.

[37]  Srdjan Capkun,et al.  ACE: Asynchronous and Concurrent Execution of Complex Smart Contracts , 2020, IACR Cryptol. ePrint Arch..