KEVM: A Complete Semantics of the Ethereum Virtual Machine

A developing field of interest for the distributed systems and applied cryptography community is that of smart contracts: self-executing financial instruments that synchronize their state, often through a blockchain. One such smart contract system that has seen widespread practical adoption is Ethereum, which has grown to secure approximately 30 billion USD of currency value and in excess of 300,000 daily transactions. Unfortunately, the rise of these technologies has been marred by a repeated series of security vulnerabilities and high profile contract failures. To address these failures, the Ethereum community has turned to formal verification and program analysis which show great promise due to the computational simplicity and boundedtime execution inherent to smart contracts. Despite this, no fully formal, rigorous, comprehensive, and executable semantics of the EVM (Ethereum Virtual Machine) currently exists, leaving a lack of rigor on which to base such tools. In this work, we present KEVM, the first fully executable formal semantics of the EVM, the bytecode language in which smart contracts are executed. We create this semantics in a framework for executable semantics, the K framework. We show that our semantics not only passes the official 40,683-test stress test suite for EVM implementations, but also reveals ambiguities and potential sources of error in the existing on-paper formalization of EVM semantics [45] on which our work is based. These properties make KEVM an ideal formal reference implementation against which other implementations can be evaluated. We proceed to argue for a semantics-first formal verification approach for EVM contracts, and demonstrate its practicality by using KEVM to verify practically important properties over the arithmetic operation of an example smart contract and the correct operation of a token transfer function in a second contract. We show that our approach is feasible and not computationally restrictive. We hope that our work serves as the base for the development of a wide range of useful formally derived tools for Ethereum, including model checkers, certified compilers, and program equivalence checkers.

[1]  Grigore Rosu,et al.  K-Maude: A Rewriting Based Tool for Semantics of Programming Languages , 2010, WRLA.

[2]  Grigore Rosu,et al.  An overview of the K semantic framework , 2010, J. Log. Algebraic Methods Program..

[3]  José Meseguer Twenty years of rewriting logic , 2012, J. Log. Algebraic Methods Program..

[4]  Grigore Rosu,et al.  From Hoare Logic to Matching Logic Reachability , 2012, FM.

[5]  Chucky Ellison,et al.  An executable formal semantics of C with applications , 2011, POPL '12.

[6]  Malte Möser,et al.  An inquiry into money laundering tools in the Bitcoin ecosystem , 2013, 2013 APWG eCrime Researchers Summit.

[7]  Jean-Christophe Filliâtre,et al.  Why3 - Where Programs Meet Provers , 2013, ESOP.

[8]  Dwight Guth,et al.  A formal semantics of Python 3.3 , 2013 .

[9]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[10]  Tom Ridge,et al.  Lem: reusable engineering of real-world semantics , 2014, ICFP.

[11]  Shawn Wilkinson,et al.  Storj A Peer-to-Peer Cloud Storage Network , 2014 .

[12]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[13]  Grigore Rosu,et al.  All-Path Reachability Logic , 2014, RTA-TLCA.

[14]  Gareth W. Peters,et al.  Understanding Modern Banking Ledgers Through Blockchain Technologies: Future of Transaction Processing and Smart Contracts on the Internet of Money , 2015, ArXiv.

[15]  Grigore Rosu,et al.  K-Java , 2015, POPL.

[16]  Chucky Ellison,et al.  Defining the undefinedness of C , 2015, PLDI.

[17]  Guo Li,et al.  Evaluating the Potential of Alternative Cryptocurrencies , 2015 .

[18]  Daejun Park,et al.  KJS: a complete formal semantics of JavaScript , 2015, PLDI.

[19]  Elaine Shi,et al.  Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab , 2016, Financial Cryptography Workshops.

[20]  Grigore Rosu,et al.  RV-Match: Practical Semantics-Based Program Analysis , 2016, CAV.

[21]  Nikhil Swamy,et al.  Formal Verification of Smart Contracts: Short Paper , 2016, PLAS@CCS.

[22]  Grigore Rosu,et al.  Runtime Verification at Work: A Tutorial , 2016, RV.

[23]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[24]  Grigore Rosu,et al.  Semantics-based program verifiers for all languages , 2016, OOPSLA.

[25]  Bryan Ford,et al.  Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing , 2016, USENIX Security Symposium.

[26]  Grigore Rosu,et al.  Matching μ-Logic , 2017, 2019 34th Annual ACM/IEEE Symposium on Logic in Computer Science (LICS).

[27]  Massimo Bartoletti,et al.  A Survey of Attacks on Ethereum Smart Contracts (SoK) , 2017, POST.

[28]  Yoichi Hirai,et al.  Defining the Ethereum Virtual Machine for Interactive Theorem Provers , 2017, Financial Cryptography Workshops.

[29]  W. Bolt Bitcoin and Cryptocurrency Technologies : A Comprehensive Introduction , 2017 .