A Survey of Smart Contract Formal Specification and Verification
Shang-wei Lin2022, ACM Computing Surveys
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
A smart contract is a computer program that allows users to automate their actions on the blockchain platform. Given the significance of smart contracts in supporting important activities across industry sectors including supply chain, finance, legal, and medical services, there is a strong demand for verification and validation techniques. Yet, the vast majority of smart contracts lack any kind of formal specification, which is essential for establishing their correctness. In this survey, we investigate formal models and specifications of smart contracts presented in the literature and present a systematic overview to understand the common trends. We also discuss the current approaches used in verifying such property specifications and identify gaps with the hope to recognize promising directions for future work.
Figures (5)
![Fig. 5. A state-transition model of Simple Auction smart contract (Fig. 3) adapted from [143]. Palina Tolmach, Yi Li, Shang-Wei Lin, Yang Liu, and Zengxiang Li](https://figures.academia-assets.com/87756307/figure_002.jpg)
![Fig. 8. An automaton for identification of reentrancy dur- ing execution. Reproduced from [130] with permission. A Survey of Smart Contract Formal Specification and Verification of contract functions. The authors of [36], however, note the inability of their approach to handle complex properties, including temporal, even if they are expressible in JML. JML specification is also supported by Raziel [172]—a framework for the implementation of proof-carrying smart contracts. Raziel supports JML for functional correctness annotations and Obliv-Java—for privacy variable annotations. A proof-carrying code proposal for safe smart contract upgrade by Dickerson et al. [71] also relies on a Hoare-triple specification. Eg aii er a og aii a ea Me 7 7 ow](https://figures.academia-assets.com/87756307/figure_003.jpg)
Related papers
Formal Verification of Smart Contracts
Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, 2016
Ethereum is a framework for cryptocurrencies which uses blockchain technology to provide an open global computing platform, called the Ethereum Virtual Machine (EVM). EVM executes bytecode on a simple stack machine. Programmers do not usually write EVM code; instead, they can program in a JavaScript-like language, called Solidity, that compiles to bytecode. Since the main purpose of EVM is to execute smart contracts that manage and transfer digital assets (called Ether), security is of paramount importance. However, writing secure smart contracts can be extremely difficult: due to the openness of Ethereum, both programs and pseudonymous users can call into the public methods of other programs, leading to potentially dangerous compositions of trusted and untrusted code. This risk was recently illustrated by an attack on TheDAO contract that exploited subtle details of the EVM semantics to transfer roughly $50M worth of Ether into the control of an attacker. In this paper, we outline a framework to analyze and verify both the runtime safety and the functional correctness of Ethereum contracts by translation to F , a functional programming language aimed at program verification.
Smart Contract modeling and verification techniques: A survey
2020
The capabilities of smart contracts for supporting and enhancing business processes in distributed-decentralized environments have affected the technological transformation of numerous industries. Designing and developing blockchain-based solutions requires model checking and verification of the components of the system such as smart contracts, for well-behave, correct execution and fulfilling of the business process requirements. Certainly, there are concerns about the execution of smart contracts in such distributed environments. This study shows the research results about model checking of smart contracts, performing a deep analysis of current approaches on modeling and verifying smart contracts and reviewing available tools for such practices. Modeling and verifying smart contracts are addressed at the levels of programming and run time execution.
A Generalized Formal Semantic Framework for Smart Contracts
Fundamental Approaches to Software Engineering, 2020
Smart contracts can be regarded as one of the most popular blockchain-based applications. The decentralized nature of the blockchain introduces vulnerabilities absent in other programs. Furthermore, it is very difficult, if not impossible, to patch a smart contract after it has been deployed. Therefore, smart contracts must be formally verified before they are deployed on the blockchain to avoid attacks exploiting these vulnerabilities. There is a recent surge of interest in analyzing and verifying smart contracts. While most of the existing works either focus on EVM bytecode or translate Solidity contracts into programs in intermediate languages for analysis and verification, we believe that a direct executable formal semantics of the high-level programming language of smart contracts is necessary to guarantee the validity of the verification. In this work, we propose a generalized formal semantic framework based on a general semantic model of smart contracts. Furthermore, this framework can directly handle smart contracts written in different high-level programming languages through semantic extensions and facilitates the formal verification of security properties with the generated semantics.
A S olicitous Approach to Smart Contract Verification
ACM Transactions on Privacy and Security
Smart contracts are tempting targets of attacks, since they often hold and manipulate significant financial assets, are immutable after deployment, and have publicly available source code, with assets estimated in the order of millions of US Dollars being lost in the past due to vulnerabilities. Formal verification is thus a necessity, but smart contracts challenge the existing highly efficient techniques routinely applied in the symbolic verification of software, due to specificities not present in general programming languages. A common feature of existing works in this area is the attempt to reuse off-the-shelf verification tools designed for general programming languages. This reuse can lead to inefficiency and potentially unsound results, since domain translation is required. In this paper we describe a carefully crafted approach that directly models the central aspects of smart contracts natively, going from the contract to its logical representation without intermediary steps...
Mi-Cho-Coq, a Framework for Certifying Tezos Smart Contracts
Lecture Notes in Computer Science
Tezos is a blockchain launched in June 2018. It is written in OCaml and supports smart contracts. Its smart contract language is called Michelson and it has been designed with formal verification in mind. In this article, we present Mi-Cho-Coq, a Coq framework for verifying the functional correctness of Michelson smart contracts. As a case study, we detail the certification of a Multisig contract with the Mi-Cho-Coq framework.
A lightweight approach to smart contracts supporting safety, security, and privacy
Journal of Logical and Algebraic Methods in Programming, 2022
The concept of smart contract represents one of the most attractive uses of blockchain technology and has the advantage of being transparent, immutable, and corruption-free. However, blockchain is a highly resource demanding technology. The ambition of this paper is to propose a new approach for defining lightweight smart contracts, offering a high level of trust even without blockchain, when the underlying operating system can be trusted. Blockchain can be used for a higher degree of trust, for instance when the runtime system cannot be trusted. The approach gives transparency and immutability, and gives protection against corrupted or incorrect smart contract implementations. This is achieved by letting smart contract requirement specifications be separated from the smart contract implementations, provided by special objects, so-called history objects, recording all transactions of the associated contract. The history objects are generated by the runtime system as specially protected objects. Contract partners may interact with the history objects through predefined interfaces. We present a framework which includes an executable, imperative language for writing smart contracts, a functional language for contract specifications by means of invariants over the transaction history of a contract, as well as a verification system. The framework allows compositional and classwise verification. A history object can provide runtime checking of specified behavioral properties of the contract, and can provide safety, security, and privacy control, as well as trusted transfer of assets. We demonstrate the approach on an auction system.
Specification is Law: Safe Creation and Upgrade of Ethereum Smart Contracts
Lecture Notes in Computer Science, 2022
Smart contracts are the building blocks of the "code is law" paradigm: the smart contract's code indisputably describes how its assets are to be managed-once it is created, its code is typically immutable. Faulty smart contracts present the most significant evidence against the practicality of this paradigm; they are well-documented and resulted in assets worth vast sums of money being compromised. To address this issue, the Ethereum community proposed (i) tools and processes to audit/analyse smart contracts, and (ii) design patterns implementing a mechanism to make contract code mutable. Individually, (i) and (ii) only partially address the challenges raised by the "code is law" paradigm. In this paper, we combine elements from (i) and (ii) to create a systematic framework that moves away from "code is law" and gives rise to a new "specification is law" paradigm. It allows contracts to be created and upgraded but only if they meet a corresponding formal specification. The framework is centered around a trusted deployer : an off-chain service that formally verifies and enforces this notion of conformance. We have prototyped this framework, and investigated its applicability to contracts implementing two widely used Ethereum standards: the ERC20 Token Standard and ERC1155 Multi Token Standard, with promising results.
Temporal Properties of Smart Contracts
Lecture Notes in Computer Science
Smart contracts-shared stateful reactive objects stored on a blockchain-are widely employed nowadays for mediating exchanges of crypto-currency between multiple untrusted parties. Despite a lot of attention given by the formal methods community to the notion of smart contract correctness, only a few efforts targeted their lifetime properties. In this paper, we focus on reasoning about execution traces of smart contracts. We report on our preliminary results of mechanically verifying some of such properties by embedding a smart contract language into the Coq proof assistant. We also discuss several common scenarios, all of which require multi-step blockchain-based arbitration and thus must be implemented via stateful contracts, and discuss possible temporal specifications of the corresponding smart contract implementations.
A security framework for Ethereum smart contracts
Computer Communications , 2021
The use of blockchain and smart contracts have not stopped growing in recent years. Like all software that begins to expand its use, it is also beginning to be targeted by hackers who will try to exploit vulnerabilities in both the underlying technology and the smart contract code itself. While many tools already exist for analyzing vulnerabilities in smart contracts, the heterogeneity and variety of approaches and differences in providing the analysis data makes the learning curve for the smart contract developer steep. In this article the authors present ESAF (Ethereum Security Analysis Framework), a framework for analysis of smart contracts that aims to unify and facilitate the task of analyzing smart contract vulnerabilities which can be used as a persistent security monitoring tool for a set of target contracts as well as a classic vulnerability analysis tool among other uses.
Semantic Approach to Smart Contract Verification
Facta Universitatis, Series: Automatic Control and Robotics
Vulnerabilities of smart contract are certainly one of the limiting factors for wider adoption of blockchain technology. Smart contracts written in Solidity language are considered due to common adoption of the Ethereum blockchain platform. Despite its popularity, the semantics of the language is not completely documented and relies on implicit mechanisms not publicly available and as such vulnerable to possible attacks. In addition, creating formal semantics for the higher-level language provides support to verification mechanisms. In this paper, a novel approach to smart contact verification is presented that uses ontologies in order to leverage semantic annotations of the smart contract source code combined with semantic representation of domain-specific aspects. The following aspects of smart contracts, apart from source code are taken into consideration for verification: business logic, domain knowledge, run-time state changes and expert knowledge about vulnerabilities. Main adv...
Related topics
Related papers
Specification and verification of security properties of e-contracts
2010 8th International Conference on Communications, 2010
Converting a conventional contract to an electronic one that can be enforced, queried and verified by computers is a challenging task. The difficulties are mainly caused by the ambiguities that the original human oriented text is likely to contain. In this paper, we present new templates to specify the requirements of e-contracts, to securely check the well-execution of their clauses and to verify some security properties. To achieve this goal, we first analyze the contract of an illustrative e-commerce example. Then, through this example, we derive the most relevant security requirements of e-contracts. In particular, we characterize econtract security rules / clauses by defining obligations, prohibitions, permissions, temporal constraints, responsibilities and disputes. We demonstrate how this kind of security requirements can be described using a timed automata formalism. Moreover, we show how verifying methods, such as model-checking, can be applied to this kind of models to check some security properties.
Smart contract life-cycle management: an engineering framework for the generation of robust and verifiable smart contracts
2024
The concept of smart contracts (SCs) is becoming more prevalent, and their application is gaining traction across many diverse scenarios. However, producing poorly constructed contracts carries significant risks, including the potential for substantial financial loss, a lack of trust in the technology, and the risk of exposure to cyber-attacks. Several tools exist to assist in developing SCs, but their limited functionality increases development complexity. Expert knowledge is required to ensure contract reliability, resilience, and scalability. To overcome these risks and challenges, tools and services based on modeling and formal techniques are required that offer a robust methodology for SC verification and life-cycle management. This study proposes an engineering framework for the generation of a robust and verifiable smart contract (GRV-SC) framework that covers the entire SC life-cycle from design to deployment stages. It adopts SC modeling and automated formal verification methodologies to detect security vulnerabilities and improve resilience, extensibility, and code optimization to mitigate risks associated with SC development. Initially, the framework includes the implementation of a formal approach, using colored Petri nets (CPNs), to model cross-platform Digital Asset Modeling Language (DAML) SCs. It also incorporates a specialized type safety dynamic verifier, which is designed to detect and address new vulnerabilities that can arise in DAML contracts, such as access control and insecure direct object reference (Idor) vulnerabilities. The proposed GRV-SC framework provides a holistic approach to SC life-cycle management and aims to enhance the security, reliability, and adoption of SCs.
Fast and Reliable Formal Verification of Smart Contracts with the Move Prover
ArXiv, 2022
The Move Prover (MVP) is a formal verifier for smart contracts written in the Move programming language. MVP has an expressive specification language, and is fast and reliable enough that it can be run routinely by developers and in integration testing. Besides the simplicity of smart contracts and the Move language, three implementation approaches are responsible for the practicality of MVP: (1) an alias-free memory model, (2) fine-grained invariant checking, and (3) monomorphization. The entirety of the Move code for the Diem blockchain has been extensively specified and can be completely verified by MVP in a few minutes. Changes in the Diem framework must be successfully verified before being integrated into the open source repository on GitHub.
Formalising and verifying smart contracts with Solidifier: a bounded model checker for Solidity
ArXiv, 2020
The exploitation of smart-contract vulnerabilities can have catastrophic consequences such as the loss of millions of pounds worth of crypto assets. Formal verification can be a useful tool in identifying vulnerabilities and proving that they have been fixed. In this paper, we present a formalisation of Solidity and the Ethereum blockchain using the Solid language and its blockchain; a Solid program is obtained by explicating/desugaring a Solidity program. We make some abstractions that over-approximate the way in which Solidity/Ethereum behave. Based on this formalisation, we create Solidifier: a bounded model checker for Solidity. It translates Solid into Boogie, an intermediate verification language, that is later verified using Corral, a bounded model checker for Boogie. Unlike much of the work in this area, we do not try to find specific behavioural/code patterns that might lead to vulnerabilities. Instead, we provide a tool to find errors/bad states, i.e. program states that d...
A Formal Specification Smart-Contract Language for Legally Binding Decentralized Autonomous Organizations
IEEE Access
Blockchain-and smart-contract technology enhance the effectiveness and automation of business processes. The rising interest in the development of decentralized autonomous organizations (DAO) shows that blockchain technology has the potential to reform business and society. A DAO is an organization wherein business rules are encoded in smart-contract programs that are executed when specified rules are met. The contractual-and business semantics are sine qua non for drafting a legally-binding smart contract in DAO collaborations. Several smart-contract languages (SCLs) exist, such as SPESC, or Symboleo to specify a legally-binding contract. However, their primary focus is on designing and developing smart contracts with the cooperation of IT-and non-IT users. Therefore, this paper fills a gap in the state of the art by specifying a smart-legal-contract markup language (SLCML) for legal-and business constructs to draft a legally-binding DAO. To achieve the paper objective, we first present a formal SCL ontology to describe the legal-and business semantics of a DAO. Secondly, we translate the SCL ontology into SLCML, for which we present the XML schema definition. We demonstrate and evaluate our SLCML language through the specification of a real life-inspired Sale-of-Goods contract. Finally, the SLCML use-case code is translated into Solidity to demonstrate its feasibility for blockchain platform implementations.
Compositional Verification of Smart Contracts Through Communication Abstraction
Static Analysis, 2021
Solidity smart contracts are programs that manage up to 2 160 users on a blockchain. Verifying a smart contract relative to all users is intractable due to state explosion. Existing solutions either restrict the number of users to under-approximate behaviour, or rely on manual proofs. In this paper, we present local bundles that reduce contracts with arbitrarily many users to sequential programs with a few representative users. Each representative user abstracts concrete users that are locally symmetric to each other relative to the contract and the property. Our abstraction is semi-automated. The representatives depend on communication patterns, and are computed via static analysis. A summary for the behaviour of each representative is provided manually, but a default summary is often sufficient. Once obtained, a local bundle is amenable to sequential static analysis. We show that local bundles are relatively complete for parameterized safety verification, under moderate assumptions. We implement local bundle abstraction in SmartACE, and show order-of-magnitude speedups compared to a state-of-the-art verifier.
Verifying Solidity Smart Contracts via Communication Abstraction in SmartACE
Lecture Notes in Computer Science, 2022
Solidity smart contract allow developers to formalize financial agreements between users. Due to their monetary nature, smart contracts have been the target of many high-profile attacks. Brute-force verification of smart contracts that maintain data for up to 2 160 users is intractable. In this paper, we present SmartACE, an automated framework for smart contract verification. To ameliorate the state explosion induced by large numbers of users, SmartACE implements local bundle abstractions that reduce verification from arbitrarily many users to a few representative users. To uncover deep bugs spanning multiple transactions, SmartACE employs a variety of techniques such as model checking, fuzzing, and symbolic execution. To illustrate the effectiveness of SmartACE, we verify several contracts from the popular OpenZeppelin library: an access-control policy and an escrow service. For each contract, we provide specifications in the Scribble language and apply fault injection to validate each specification. We report on our experience integrating Scribble with SmartACE, and describe the performance of SmartACE on each specification.
Mandala: A Smart Contract Programming Language
2019
Smart contracts on a blockchain behave precisely as specified by their code. A vulnerability in this code can lead to unexpected behaviour, which is hard to fix because a blockchain does not allow to change smart contract code after its deployment. Such vulnerabilities have led to several incidents. In the aftermath of such an event, a hard-fork between Ethereum and Ethereum classic was the result. This thesis proposes to develop a new smart contract programming language with the primary focus on safety, auditability, and the intention to prevent as many of the known categories of vulnerabilities by design as possible. The programming language's code is validated during deployment and afterwards isolated from other smart contracts running on the same blockchain to enforce compile-time guarantees during runtime. The designed programming language does evaluate new concepts and paradigms rarely used in non-smart contract environments for their potential benefit in a smart contract ...
Validation of Decentralised Smart Contracts Through Game Theory and Formal Methods
Lecture Notes in Computer Science, 2015
Decentralised smart contracts represent the next step in the development of protocols that support the interaction of independent players without the presence of a coercing authority. Based on protocols a la BitCoin for digital currencies, smart contracts are believed to be a potentially enabling technology for a wealth of future applications. The validation of such an early developing technology is as necessary as it is complex. In this paper we combine game theory and formal models to tackle the new challenges posed by the validation of such systems. Authors would like to thank David Zimbeck for useful discussions and for sharing information about BitHalo.
Formal Verification for Blockchain-based Insurance Claims Processing
arXiv (Cornell University), 2024
Insurance claims processing involves multi-domain entities and multi-source data, along with a number of humanagent interactions. Use of Blockchain technology-based platform can significantly improve scalability and response time for processing of claims which are otherwise manually-intensive and time-consuming. However, the chaincodes involved within the processes that issue claims, approve or deny them as required, need to be formally verified to ensure secure and reliable processing of transactions in Blockchain. In this paper, we use a formal modeling approach to verify various processes and their underlying chaincodes relating to different stages in insurance claims processing viz., issuance, approval, denial, and flagging for fraud investigation by using linear temporal logic (LTL). We simulate the formalism on the chaincodes and analyze the breach of chaincodes via model checking.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.