Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach

The adoption of blockchain-based distributed computation platforms is growing fast. Some of these platforms, such as Ethereum, provide support for implementing smart contracts, which are envisioned to have novel applications in a broad range of areas, including finance and Internet-of-Things. However, a significant number of smart contracts deployed in practice suffer from security vulnerabilities, which enable malicious users to steal assets from a contract or to cause damage. Vulnerabilities present a serious issue since contracts may handle financial assets of considerable value, and contract bugs are non-fixable by design. To help developers create more secure smart contracts, we introduce FSolidM, a framework rooted in rigorous semantics for designing con- tracts as Finite State Machines (FSM). We present a tool for creating FSM on an easy-to-use graphical interface and for automatically generating Ethereum contracts. Further, we introduce a set of design patterns, which we implement as plugins that developers can easily add to their contracts to enhance security and functionality.

[1]  Joseph Sifakis,et al.  D-Finder: A Tool for Compositional Deadlock Detection and Verification , 2009, CAV.

[2]  Miklós Maróti,et al.  Next Generation (Meta)Modeling: Web- and Cloud-based Collaborative Tool Infrastructure , 2014, MPM@MoDELS.

[3]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[4]  Marco Roveri,et al.  The nuXmv Symbolic Model Checker , 2014, CAV.

[5]  Christopher D. Clack,et al.  Smart Contract Templates: foundations, design landscape and research directions , 2016, ArXiv.

[6]  Nikhil Swamy,et al.  Formal Verification of Smart Contracts: Short Paper , 2016, PLAS@CCS.

[7]  Joseph Sifakis,et al.  Architecture-Based Design: A Satellite On-Board Software Case Study , 2016, FACS.

[8]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[9]  Michael Devetsikiotis,et al.  Blockchains and Smart Contracts for the Internet of Things , 2016, IEEE Access.

[10]  Sarah Underwood,et al.  Blockchain beyond bitcoin , 2016, Commun. ACM.

[11]  Marko Vukolić,et al.  Rethinking Permissioned Blockchains , 2017 .

[12]  Massimo Bartoletti,et al.  Financial Cryptography and Data Security , 2017, Lecture Notes in Computer Science.

[13]  Rainer Böhme,et al.  In Code We Trust? - Measuring the Control Flow Immutability of All Smart Contracts Deployed on Ethereum , 2017, DPM/CBT@ESORICS.

[14]  Massimo Bartoletti,et al.  A Survey of Attacks on Ethereum Smart Contracts (SoK) , 2017, POST.

[15]  Yoichi Hirai,et al.  Defining the Ethereum Virtual Machine for Interactive Theorem Provers , 2017, Financial Cryptography Workshops.