Zheng Yang,Hang Lei

DOI: https://doi.org/10.23940/ijpe.18.08.p9.17261734

2018-01-01

Abstract:This paper reports on the development and verification of a novel formal symbolic process virtual machine (FSPVM) for verifying the reliability and security of Ethereum smart contracts, denoted as FSPVM-E, completely in Coq proof assistant. It adopts execution-verification isomorphism (EVI), an extension of Curry-Howard isomorphism (CHI), as its fundamental theoretical framework. The current version of FSPVM-E is constructed on a general, extensible, and reusable formal memory (GERM) framework, an extensible and universal formal intermediate programming language Lolisa, which is a large subset of the Solidity programming language using generalized algebraic datatypes, and the corresponding formally verified interpreter of Lolisa, denoted as FEther. It supports the ERC20 standard and can automatically simultaneously symbolically execute the smart contract programs of Ethereum and verify their reliability and security properties using Hoare logic in Coq. In addition, this work, contributes to solving the problems of automation, inconsistency and reusability in higher-order logic theorem proving.

Christian Bräm,Marco Eilers,Peter Müller,Robin Sierra,Alexander J. Summers

DOI: https://doi.org/10.48550/arXiv.2104.10274

2021-09-09

Abstract:Smart contracts are programs that execute inside blockchains such as Ethereum to manipulate digital assets. Since bugs in smart contracts may lead to substantial financial losses, there is considerable interest in formally proving their correctness. However, the specification and verification of smart contracts faces challenges that do not arise in other application domains. Smart contracts frequently interact with unverified, potentially adversarial outside code, which substantially weakens the assumptions that formal analyses can (soundly) make. Moreover, the core functionality of smart contracts is to manipulate and transfer resources; describing this functionality concisely requires dedicated specification support. Current reasoning techniques do not fully address these challenges, being restricted in their scope or expressiveness (in particular, in the presence of re-entrant calls), and offering limited means of expressing the resource transfers a contract performs. In this paper, we present a novel specification methodology tailored to the domain of smart contracts. Our specification constructs and associated reasoning technique are the first to enable: (1) sound and precise reasoning in the presence of unverified code and arbitrary re-entrancy, (2) modular reasoning about collaborating smart contracts, and (3) domain-specific specifications based on resources and resource transfers, which allow expressing a contract's behavior in intuitive and concise ways and exclude typical errors by default. We have implemented our approach in 2vyper, an SMT-based automated verification tool for Ethereum smart contracts written in the Vyper language, and demonstrated its effectiveness in succinctly capturing and verifying strong correctness guarantees for real-world contracts.

Programming Languages

Zheng Yang,Hang Lei,Weizhong Qian

DOI: https://doi.org/10.1109/access.2020.2969437

IF: 3.9

2020-01-01

IEEE Access

Abstract:This paper reports a formal symbolic process virtual machine (FSPVM) denoted as FSPVM-E for verifying the reliability and security of Ethereum-based services at the source code level of smart contracts. A Coq proof assistant is employed for programming the system and for proving its correctness. The current version of FSPVM-E adopts execution-verification isomorphism, which is an application extension of Curry-Howard isomorphism, as its fundamental theoretical framework to combine symbolic execution and higher-order logic theorem proving. The four primary components of FSPVM-E include a general, extensible, and reusable formal memory framework, an extensible and universal formal intermediate programming language denoted as Lolisa, which is a large subset of the Solidity programming language using generalized algebraic datatypes, the corresponding formally verified interpreter of Lolisa, denoted as FEther, and assistant tools and libraries. The self-correctness of all components is certified in Coq. FSPVM-E supports the ERC20 token standard, and can automatically and symbolically execute Ethereum-based smart contracts, scan their standard vulnerabilities, and verify their reliability and security properties with Hoare-style logic in Coq.

Franck Cassez,Joanne Fuller,Milad K. Ghale,David J. Pearce,Horacio M. A. Quiles

2023-03-01

Abstract:The Ethereum protocol implements a replicated state machine. The network participants keep track of the system state by: 1) agreeing on the sequence of transactions to be processed and 2) computing the state transitions that correspond to the sequence of transactions. Ethereum transactions are programs, called smart contracts, and computing a state transition requires executing some code. The Ethereum Virtual Machine (EVM) provides this capability and can execute programs written in EVM bytecode. We present a formal and executable semantics of the EVM written in the verification-friendly language Dafny: it provides (i) a readable, formal and verified specification of the semantics of the EVM; (ii) a framework to formally reason about bytecode.

Logic in Computer Science

Ilya Grishchenko,Matteo Maffei,Clara Schneidewind

DOI: https://doi.org/10.1007/978-3-319-89722-6_10

2018-01-01

Abstract:Smart contracts are programs running on cryptocurrency (e.g., Ethereum) blockchains, whose popularity stem from the possibility to perform financial transactions, such as payments and auctions, in a distributed environment without need for any trusted third party. Given their financial nature, bugs or vulnerabilities in these programs may lead to catastrophic consequences, as witnessed by recent attacks. Unfortunately, programming smart contracts is a delicate task that requires strong expertise: Ethereum smart contracts are written in Solidity, a dedicated language resembling JavaScript, and shipped over the blockchain in the EVM bytecode format. In order to rigorously verify the security of smart contracts, it is of paramount importance to formalize their semantics as well as the security properties of interest, in particular at the level of the bytecode being executed.In this paper, we present the first complete small-step semantics of EVM bytecode, which we formalize in the F* proof assistant, obtaining executable code that we successfully validate against the official Ethereum test suite. Furthermore, we formally define for the first time a number of central security properties for smart contracts, such as call integrity, atomicity, and independence from miner controlled parameters. This formalization relies on a combination of hyper- and safety properties. Along this work, we identified various mistakes and imprecisions in existing semantics and verification tools for Ethereum smart contracts, thereby demonstrating once more the importance of rigorous semantic foundations for the design of security verification techniques.

Fuchen Ma,Meng Ren,Ying Fu,Mingzhe Wang,Huizhong Li,Houbing Song,Yu Jiang

DOI: https://doi.org/10.1016/j.ipm.2021.102565

IF: 7.466

2021-01-01

Information Processing & Management

Abstract:Smart contracts are more sensitive from a security perspective than other software due to several reasons. First, smart contracts are immutable thus cannot be easily patched once deployed. Second, smart contracts are directly tied to payments and can hold millions of dollars' worth of digital currencies. Third, smart contracts are still a new practice thus do not have best coding practices and development lifecycles tailored for decentralized apps yet. Even though several testing and verification tools have been developed, smart contract vulnerabilities remain a clear and present danger. In this paper, we present an approach that is different from existing ones that attempt to eliminate vulnerabilities from smart contracts. Instead, we fortify Ethereum virtual machines (EVM) to stop dangerous transactions once vulnerabilities are detected in real-time. Since proving programs written in Turing-complete languages is undecidable, our approach complements current approaches by catching vulnerabilities and interrupts their executions during runtime. We have implemented our reinforcement on two widely used EVMs (js-evm and FISCO-BCOS-evm). The reinforced EVMs detects and interrupts all the vulnerabilities, 20% of them missed by testing tools, in 100 real smart contracts. Our approach is practical with less than 34% overhead. In fact, the reinforced FISCO-BCOS-evm has been integrated into the official release of FISCO-BCOS adopted by a large Chinese bank WeBank.

Nikolaj S. Bjørner,Ashley J. Chen,Shuo Chen,Yang Chen,Zhongxin Guo,Tzu-Han Hsu,Peng Liu,Nanqing Luo

2024-08-13

Abstract:Security bugs and trapdoors in smart contracts have been impacting the Ethereum community since its inception. Conceptually, the 1.45-million Ethereum's contracts form a single "gigantic program" whose behaviors are determined by the complex reference-topology between the contracts. Can the Ethereum community be assured that this gigantic program conforms to its design-level safety properties, despite unforeseeable code-level intricacies? Static code verification is inadequate due to the program's gigantic scale and high polymorphism. In this paper, we present a viable technological roadmap for the community toward this ambitious goal. Our technology, called Theorem-Carrying-Transaction (TCT), combines the benefits of concrete execution and symbolic proofs. Under the TCT protocol, every transaction carries a theorem that proves its adherence to the specified properties in the invoked contracts, and the runtime system checks the theorem before executing the transaction. Once a property is specified in a contract, it can be treated confidently as an unconditional guarantee made by the contract. As case studies, we demonstrate that TCT secures token contracts without foreseeing code-level intricacies like integer overflow and reentrancy. TCT is also successfully applied to a Uniswap codebase, showcasing a complex decentralized finance (DeFi) scenario. Our prototype incurs a negligible runtime overhead, two orders of magnitude lower than a state-of-the-art approach.

Cryptography and Security,Programming Languages

Zheng Yang,Hang Lei

DOI: https://doi.org/10.1109/access.2019.2905428

IF: 3.9

2019-01-01

IEEE Access

Abstract:Recently, blockchain technology has been widely applied in the financial field. Therefore, the security of the blockchain smart contracts is among the most popular contemporary research topics. To improve the theorem-proving technology in this field, we are developing an extensible hybrid verification proof engine, denoted as FEther, for Ethereum smart contract verification. Based on Lolisa, which is a large subset of solidity mechanized in Coq, FEther guarantees the consistency between smart contracts and its formal model. Combining symbolic execution with higher order logic theorem-proving, FEther contains a set of automatic strategies that execute and verify the smart contracts in Coq with a high level of automation. Besides, in FEther, the verified code segments also can be reused to assist in the verification of other properties. The functional correctness of FEther was verified in Coq. The execution efficiency of FEther has far exceeded that of the interpreters that are developed in Coq in accordance with the standard tutorial. To the best of our knowledge, FEther is the first definitional interpreter of the solidity language in Coq.

Yang Zheng,Lei Hang

DOI: https://doi.org/10.23940/ijpe.19.11.p19.29983007

2019-01-01

International Journal of Performability Engineering

Abstract:Blockchain technology is one of the newest technologies in computer science and has been employed in many important fields. The correctness verification of smart contracts must be protected by the most reliable technology. One of the most reliable methods for s the security and reliability of smart contracts is a formal symbolic virtual machine based on higher-order logic proof system. Therefore, the present work proposes a formal specification framework of memory architecture as the basis for the symbolic execution and theorem proving combination. The framework is independent and customizable. It formalizes logic addresses, nonintrusive application programming interfaces, physical memory structures, and auxiliary tools in Coq. Simple case studies are employed to demonstrate its effectiveness. Finally, the proposed GERM framework is verified in Coq.

Jiao Jiao,Shuanglong Kan,Shang-Wei Lin,David Sanan,Yang Liu,Jun Sun

DOI: https://doi.org/10.48550/arXiv.1804.01295

2018-04-04

Abstract:Bitcoin has attracted everyone's attention and interest recently. Ethereum (ETH), a second generation cryptocurrency, extends Bitcoin's design by offering a Turing-complete programming language called Solidity to develop smart contracts. Smart contracts allow creditable execution of contracts on EVM (Ethereum Virtual Machine) without third parties. Developing correct smart contracts is challenging due to its decentralized computation nature. Buggy smart contracts may lead to huge financial loss. Furthermore, smart contracts are very hard, if not impossible, to patch once they are deployed. Thus, there is a recent surge of interest on analyzing/verifying smart contracts. While existing work focuses on EVM opcode, we argue that it is equally important to understand and define the semantics of Solidity since programmers program and reason about smart contracts at the level of source code. In this work, we develop the structural operational semantics for Solidity, which allows us to identify multiple design issues which underlines many problematic smart contracts. Furthermore, our semantics is executable in the K framework, which allows us to verify/falsify contracts automatically.

Programming Languages

Konrad Weiss,Julian Schütte

DOI: https://doi.org/10.48550/arXiv.1907.03868

2019-07-08

Cryptography and Security

Abstract:Ethereum smart contracts are executable programs, deployed on a peer-to-peer network and executed in a consensus-based fashion. Their bytecode is public, immutable and once deployed to the blockchain, cannot be patched anymore. As smart contracts may hold Ether worth of several million dollars, they are attractive targets for attackers and indeed some contracts have successfully been exploited in the recent past, resulting in tremendous financial losses. The correctness of smart contracts is thus of utmost importance. While first approaches on formal verification exist, they demand users to be well-versed in formal methods which are alien to many developers and are only able to analyze individual contracts, without considering their execution environment, i.e., calls to external contracts, sequences of transaction, and values from the actual blockchain storage. In this paper, we present Annotary, a concolic execution framework to analyze smart contracts for vulnerabilities, supported by annotations which developers write directly in the Solidity source code. In contrast to existing work, Annotary supports analysis of inter-transactional, inter-contract control flows and combines symbolic execution of EVM bytecode with a resolution of concrete values from the public Ethereum blockchain. While the analysis of Annotary tends to weight precision higher than soundness, we analyze inter-transactional call chains to eliminate false positives from unreachable states that traditional symbolic execution would not be able to handle. We present the annotation and analysis concepts of Annotary, explain its implementation on top of the Laser symbolic virtual machine, and demonstrate its usage as a plugin for the Sublime Text editor.

Franck Cassez,Joanne Fuller,Horacio Mijail Antón Quiles

DOI: https://doi.org/10.1007/s10009-024-00738-1

2024-02-21

International Journal on Software Tools for Technology Transfer

Abstract:We present a methodology to develop verified smart contracts. We write smart contracts, their specifications and implementations in the verification-friendly language Dafny . In our methodology the ability to write specifications, implementations and to reason about correctness is a primary concern. We propose a simple, concise, yet powerful solution for reasoning about contracts that have external calls. This includes arbitrary re-entrancy, which is a major source of bugs and attacks in smart contracts. Although we do not yet have a compiler from Dafny to Ethereum Virtual Machine bytecode, the results we obtain from the Dafny code can reasonably be assumed to translate to contracts written in languages like Solidity. As a result our approach can readily be used to develop and deploy safer contracts.

computer science, software engineering

Vilhelm Sjöberg,Kinnari Dave,Daniel Britten,Maria A Schett,Xinyuan Sun,Qinshi Wang,Sean Noble Anderson,Steve Reeves,Zhong Shao

2024-05-14

Abstract:Programs executed on a blockchain - smart contracts - have high financial stakes; their correctness is crucial. We argue, that this correctness needs to be foundational: correctness needs to be based on the operational semantics of their execution environment. In this work we present a foundational system - the DeepSEA system - targeting the Ethereum blockchain as the largest smart contract platform. The DeepSEA system has a small but sufficiently rich programming language amenable for verification, the DeepSEA language, and a verified DeepSEA compiler. Together they enable true end-to-end verification for smart contracts. We demonstrate usability through two case studies: a realistic contract for Decentralized Finance and contract for crowdfunding.

Programming Languages

Sunbeom So,Myungho Lee,Jisu Park,Heejo Lee,Hakjoo Oh

DOI: https://doi.org/10.48550/arXiv.1908.11227

2019-08-30

Abstract:We present VeriSmart, a highly precise verifier for ensuring arithmetic safety of Ethereum smart contracts. Writing safe smart contracts without unintended behavior is critically important because smart contracts are immutable and even a single flaw can cause huge financial damage. In particular, ensuring that arithmetic operations are safe is one of the most important and common security concerns of Ethereum smart contracts nowadays. In response, several safety analyzers have been proposed over the past few years, but state-of-the-art is still unsatisfactory; no existing tools achieve high precision and recall at the same time, inherently limited to producing annoying false alarms or missing critical bugs. By contrast, VeriSmart aims for an uncompromising analyzer that performs exhaustive verification without compromising precision or scalability, thereby greatly reducing the burden of manually checking undiscovered or incorrectly-reported issues. To achieve this goal, we present a new domain-specific algorithm for verifying smart contracts, which is able to automatically discover and leverage transaction invariants that are essential for precisely analyzing smart contracts. Evaluation with real-world smart contracts shows that VeriSmart can detect all arithmetic bugs with a negligible number of false alarms, far outperforming existing analyzers.

Programming Languages,Cryptography and Security

Andreas Katis,Andrew Gacek,Michael W. Whalen

DOI: https://doi.org/10.48550/arXiv.1502.01292

2015-11-18

Abstract:Virtual integration techniques focus on building architectural models of systems that can be analyzed early in the design cycle to try to lower cost, reduce risk, and improve quality of complex embedded systems. Given appropriate architectural descriptions, assume/guarantee contracts, and compositional reasoning rules, these techniques can be used to prove important safety properties about the architecture prior to system construction. For these proofs to be meaningful, each leaf-level component contract must be realizable; i.e., it is possible to construct a component such that for any input allowed by the contract assumptions, there is some output value that the component can produce that satisfies the contract guarantees. We have recently proposed (in [1]) a contract-based realizability checking algorithm for assume/guarantee contracts over infinite theories supported by SMT solvers such as linear integer/real arithmetic and uninterpreted functions. In that work, we used an SMT solver and an algorithm similar to k-induction to establish the realizability of a contract, and justified our approach via a hand proof. Given the central importance of realizability to our virtual integration approach, we wanted additional confidence that our approach was sound. This paper describes a complete formalization of the approach in the Coq proof and specification language. During formalization, we found several small mistakes and missing assumptions in our reasoning. Although these did not compromise the correctness of the algorithm used in the checking tools, they point to the value of machine-checked formalization. In addition, we believe this is the first machine-checked formalization for a realizability algorithm.

Software Engineering

Fuchen Ma,Ying Fu,Meng Ren,Mingzhe Wang,Yu Jiang,Kaixiang Zhang,Huizhong Li,Xiang Shi

DOI: https://doi.org/10.1109/saner.2019.8668038

2019-01-01

Abstract:Attacks on transactions of Ethereum could be dangerous because they could lead to a big loss of money. There are many tools detecting vulnerabilities in smart contracts trying to avoid potential attacks. However, we found that there are still many missed vulnerabilities in contracts. Motivated by this, we propose a methodology to reinforce EVM to stop dangerous transactions in real time even when the smart contract contains vulnerabilities. Basically, the methodology consists of three steps: monitoring strategy definition, opcode-structure maintenance and EVM instrumentation. Monitoring strategy definition refers to the specific rule to test whether there is a dangerous operation during transaction execution. Opcode-structure maintenance is to maintain a structure to store the rule related opcodes and analyze it before an operation execution. EVM instrumentation inserts the monitoring strategy, interrupting mechanism and the opcode-structure operations in EVM source code. For evaluation, we implement EVM* on js-evm, a widely-used EVM platform written in javascript. We collect 10 contracts online with known bugs and use each contract to execute a dangerous transaction, all of them have been interrupted by our reinforced EVM*, while the original EVM permits all attack transactions. For the time overhead, the reinforced EVM* is slower than the original one by 20-30%, which is tolerable for the financial critical applications.

Mark Utting,Liam Kent

DOI: https://doi.org/10.48550/arXiv.2106.14457

2021-06-28

Abstract:We describe the verification of an existing smart contract for a simple casino application, using the Whiley specification and programming language, with a fully automated verification engine based on Boogie and Z3. After finding and fixing several specification and code issues in the smart contract, we are able to verify all the operations of the smart contract.

Logic in Computer Science

Zheng Yang,Hang Lei

DOI: https://doi.org/10.1109/access.2018.2880692

IF: 3.9

2018-01-01

IEEE Access

Abstract:In recent publications, we presented a novel formal symbolic process virtual machine (FSPVM) framework that combined higher-order logic theorem proving and symbolic execution for verifying the reliability and security of smart contracts developed in the Ethereum blockchain system without suffering from standard issues surrounding reusability, consistency, and automation. A specific FSPVM, denoted as FSPVM-E, was developed in Coq based on a general, extensible, and reusable formal memory framework, an extensible and universal formal intermediate programming language, denoted as Lolisa, and a corresponding formally verified interpreter for Lolisa, denoted as FEther. However, our past work has demonstrated that the execution efficiency of the standard development of FEther is extremely low. As a result, FSPVM-E fails to achieve its expected verification effect. This paper addresses this issue by first identifying three root causes of the low execution efficiency of formal interpreters. We then build abstract models of these causes, and present respective optimization schemes for rectifying the identified conditions. Finally, we apply these optimization schemes to FEther, and demonstrate that its execution efficiency has been improved significantly.

Loi Luu,Duc-Hiep Chu,Hrishi Olickel,Prateek Saxena,Aquinas Hobor

DOI: https://doi.org/10.1145/2976749.2978309

2016-10-24

Abstract:Cryptocurrencies record transactions in a decentralized data structure called a blockchain. Two of the most popular cryptocurrencies, Bitcoin and Ethereum, support the feature to encode rules or scripts for processing transactions. This feature has evolved to give practical shape to the ideas of smart contracts, or full-fledged programs that are run on blockchains. Recently, Ethereum's smart contract system has seen steady adoption, supporting tens of thousands of contracts, holding millions dollars worth of virtual coins. In this paper, we investigate the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies. We introduce several new security problems in which an adversary can manipulate smart contract execution to gain profit. These bugs suggest subtle gaps in the understanding of the distributed semantics of the underlying platform. As a refinement, we propose ways to enhance the operational semantics of Ethereum to make contracts less vulnerable. For developers writing contracts for the existing Ethereum system, we build a symbolic execution tool called Oyente to find potential security bugs. Among 19, 336 existing Ethereum contracts, Oyente flags 8, 833 of them as vulnerable, including the TheDAO bug which led to a 60 million US dollar loss in June 2016. We also discuss the severity of other attacks for several case studies which have source code available and confirm the attacks (which target only our accounts) in the main Ethereum network.

Weifeng Xu,Glenn A. Fink

DOI: https://doi.org/10.48550/arXiv.1912.04051

2019-12-09

Abstract:Smart contracts are appealing because they are self-executing business agreements between parties with the predefined and immutable obligations and rights. However, as with all software, smart contracts may contain vulnerabilities because of design flaws, which may be exploited by one of the parties to defraud the others. In this paper, we demonstrate a systematic approach to building secure design models for smart contracts using formal methods. To build the secure models, we first model the behaviors of participating parties as state machines, and then, we model the predefined obligations and rights of contracts, which specify the interactions among state machines for achieving the business goal. After that, we illustrate executable secure model design patterns in TLA+ (Temporal Logic of Actions) to against well-known smart contract vulnerabilities in terms of state machines and obligations and rights at the design level. These vulnerabilities are found in Ethereum contracts, including Call to the unknown, Gasless send, Reentrancy, Lost in the transfer, and Unpredictable state. The resultant TLA+ specifications are called secure models. We illustrate our approach to detect the vulnerabilities using a real-estate contract example at the design level.

Software Engineering,Symbolic Computation