论文信息 - Call Me Back, I Have a Type Invariant

Call Me Back, I Have a Type Invariant

Callbacks in Smart Contracts on blockchain-based distributed ledgers are a potential source of security vulnerabilities: callbacks may lead to reentrancy, which has been previously exploited to steal large sums of money. Unfortunately, analysis tools for Smart Contracts either fail to support callbacks or simply detect and disallow patterns of callbacks that may lead to reentrancy. As a result, many authors of Smart Contracts avoid callbacks altogether, and some Smart Contract programming languages, including Solidity, recommend using primitives that avoid callbacks. Nevertheless, reentrancy remains a threat, due to the utility of and frequent reliance on callbacks in Smart Contracts.

[1] François Bobot,et al. Deductive Proof of Ethereum Smart Contracts Using Why3 , 2019, ArXiv.

[2] Nick Szabo,et al. Formalizing and Securing Relationships on Public Networks , 1997, First Monday.

[3] Nikhil Swamy,et al. Formal Verification of Smart Contracts: Short Paper , 2016, PLAS@CCS.

[4] Ralph Johnson,et al. design patterns elements of reusable object oriented software , 2019 .

[5] K. Rustan M. Leino,et al. Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[6] Jean-Christophe Filliâtre,et al. Why3 - Where Programs Meet Provers , 2013, ESOP.

[7] K. Rustan M. Leino,et al. Modular Verification of Static Class Invariants , 2005, FM.

[8] K. Rustan M. Leino,et al. Verification of Object-Oriented Programs with Invariants , 2003, J. Object Technol..

[9] Sukrit Kalra,et al. ZEUS: Analyzing Safety of Smart Contracts , 2018, NDSS.

[10] Ittai Abraham,et al. Online detection of effectively callback free objects with applications to smart contracts , 2017, Proc. ACM Program. Lang..