Formal Verification of Smart Contracts from the Perspective of Concurrency

  • Meixun Qu
  • Xin HuangEmail author
  • Xu Chen
  • Yi Wang
  • Xiaofeng Ma
  • Dawei Liu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11373)


Blockchain is an emerging technology with broad applications. As an important application of the blockchain, smart contracts can formulate trading rules to manage thousands of virtual currencies. Nowadays, the IoT (Internet of Things) combined with blockchain has become a new trend and smart contract can implement different transaction demands for IoT-blockchain systems. Once there exits vulnerability in the smart contract program, the security of the virtual currency will not be guaranteed. However, ensuring the security of smart contracts is never an easy task. On the one hand, existing smart contracts cannot identify fake users or malicious programs, which is difficult to be regulated at present; on the other hand, smart contracts involving in multiple trading users are very similar to shared-memory concurrent programs. To deal with these problems, this study uses formal verification methods, adopting the Communicating Sequence Processes (CSP) theory to formally model concurrent programs. Then the FDR (Failure Divergence Refinement), a refinement checker or model checker for CSP, is utilized to successfully detect the vulnerability regarding concurrency in one smart contract public in Ethereum. The results show the potential advantage of using CSP and FDR tool to check the vulnerability in smart contracts especially from the perspective of concurrency.


Blockchain Smart contracts Concurrency CSP theory FDR 



This work was supported by the XJTLU research development fund projects under Grant RDF140243 and Grant RDF150246, in part by the National Natural Science Foundation of China under Grant No. 61701418, in part by Innovation Projects of The Next Generation Internet Technology under Grant NGII20170301, in part by the Suzhou Science and Technology Development Plan under Grant SYG201516, and in part by the Jiangsu Province National Science Foundation under Grant BK20150376.


  1. 1.
    Sergey, I., Hobor, A.: A concurrent perspective on smart contracts. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 478–493. Springer, Cham (2017). Scholar
  2. 2.
    Filliâtre, J.-C., Paskevich, A.: Why3—where programs meet provers. In: Felleisen, M., Gardner, P. (eds.) ESOP 2013. LNCS, vol. 7792, pp. 125–128. Springer, Heidelberg (2013). Scholar
  3. 3.
    Swamy, N., Hriţcu, C., Keller, C., et al.: Dependent types and multi-monadic effects in F. ACM SIGPLAN Notices 51(1), 256–270 (2016)CrossRefGoogle Scholar
  4. 4.
    Luu, L., Chu, D.H., Olickel, H., et al.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269. ACM (2016)Google Scholar
  5. 5.
    Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on ethereum smart contracts (SoK). In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 164–186. Springer, Heidelberg (2017). Scholar
  6. 6.
    Hoare, C.A.R.: Communicating sequential processes. Commun. ACM 21(8), 666–677 (1978)CrossRefGoogle Scholar
  7. 7.
    Roscoe, A.W.: Understanding Concurrent Systems. Springer, London (2010). Scholar
  8. 8.
    Faber, J., Jacobs, S., Sofronie-Stokkermans, V.: Verifying CSP-OZ-DC specifications with complex data types and timing parameters. In: Davies, J., Gibbons, J. (eds.) IFM 2007. LNCS, vol. 4591, pp. 233–252. Springer, Heidelberg (2007). Scholar
  9. 9.
    Lowe, G.: Breaking and fixing the needham-schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996). Scholar
  10. 10.

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Meixun Qu
    • 1
  • Xin Huang
    • 1
    Email author
  • Xu Chen
    • 2
  • Yi Wang
    • 3
  • Xiaofeng Ma
    • 3
  • Dawei Liu
    • 1
  1. 1.Xi’an Jiaotong-Liverpool UniversitySuzhouChina
  2. 2.Tongji Blockchain Research InstituteSuzhouChina
  3. 3.Tongji UniversityShanghaiChina

Personalised recommendations