Advertisement

Towards Verifying Ethereum Smart Contracts at Intermediate Language Level

  • Ximeng LiEmail author
  • Zhiping ShiEmail author
  • Qianying Zhang
  • Guohui Wang
  • Yong Guan
  • Ning Han
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11852)

Abstract

Smart contracts have exhibited great potential in a spectrum of applications, ranging from digital currency to online gaming. Yet smart contracts are known to be prone to errors and vulnerable to attacks. The validation of smart contracts before their deployment is an indispensable step for their correctness and security, and the highest level of guarantee can be provided using formal verification. The level of difficulty, reliability, etc., of the formal verification of a smart contract is deeply affected by the programming language in which the contract is implemented. In this paper, we discuss the benefits of verifying smart contracts at the level of intermediate languages, in comparison with machine-level languages and user-level languages. We augment the existing formalization of Yul – the intermediate language of Ethereum, realize an ERC20 token contract in this language, and verify the guarantees of all the functions provided by this contract. All this development has been performed in the proof assistant Isabelle/HOL. It demonstrates the feasibility and some of the most important advantages of mechanized verification for smart contracts at the intermediate-language level, such as a balance between the intuitiveness of the verification target and the ability to validate lower-level mechanisms like the function dispatcher.

Notes

Acknowledgments

This work was supported by the National Key R&D Plan (2017YFB1301100), National Natural Science Foundation of China (61876111, 61572331, 61602325), Capacity Building for Sci-Tech Innovation – Fundamental Scientific Research Funds (025185305000), and the Youth Innovative Research Team of Capital Normal University. We thank the anonymous reviewers for their valuable comments that helped with the improvement of this paper.

References

  1. 1.
  2. 2.
  3. 3.
  4. 4.
  5. 5.
  6. 6.
  7. 7.
  8. 8.
  9. 9.
    Amani, S., Bégel, M., Bortin, M., Staples, M.: Towards verifying Ethereum smart contract bytecode in Isabelle/HOL. In: 7th ACM SIGPLAN International Conference on Certified Programs and Proofs (CPP), pp. 66–77 (2018)Google Scholar
  10. 10.
    Apt, K.R.: Ten years of Hoare’s logic: a survey - part 1. ACM Trans. Program. Lang. Syst. 3(4), 431–483 (1981)CrossRefGoogle Scholar
  11. 11.
    Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on Ethereum smart contracts (SoK). In: 6th International Conference on Principles of Security and Trust (POST), pp. 164–186 (2017)Google Scholar
  12. 12.
    Bai, X., Cheng, Z., Duan, Z., Hu, K.: Formal modeling and verification of smart contracts. In: 7th International Conference on Software and Computer Applications (ICSCA), pp. 322–326 (2018)Google Scholar
  13. 13.
    Banach, R.: Verification-led smart contracts. In: Proceedings of 3rd Workshop on Trusted Smart Contracts (2019)Google Scholar
  14. 14.
    Beckert, B., Herda, M., Kirsten, M., Schiffl, J.: Formal specification and verification of Hyperledger Fabric chaincode. In: Third Symposium on Distributed Ledger Technology (SDLT) (2018)Google Scholar
  15. 15.
    Clarkson, M.R., Schneider, F.B.: Hyperproperties. J. Comput. Secur. 18(6), 1157–1210 (2010)CrossRefGoogle Scholar
  16. 16.
    Grishchenko, I., Maffei, M., Schneidewind, C.: Foundations and tools for the static analysis of Ethereum smart contracts. In: Chockler, H., Weissenbacher, G. (eds.) CAV 2018. LNCS, vol. 10981, pp. 51–78. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-96145-3_4CrossRefGoogle Scholar
  17. 17.
    Grishchenko, I., Maffei, M., Schneidewind, C.: A semantic framework for the security analysis of Ethereum smart contracts. In: Bauer, L., Küsters, R. (eds.) POST 2018. LNCS, vol. 10804, pp. 243–269. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-89722-6_10CrossRefGoogle Scholar
  18. 18.
    Hildenbrandt, E., et al.: KEVM: a complete formal semantics of the Ethereum virtual machine. In: 31st IEEE Computer Security Foundations Symposium (CSF), pp. 204–217 (2018)Google Scholar
  19. 19.
    Hirai, Y.: Defining the Ethereum virtual machine for interactive theorem provers. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 520–535. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70278-0_33CrossRefGoogle Scholar
  20. 20.
    Kalra, S., Goel, S., Dhawan, M., Sharma, S.: ZEUS: analyzing safety of smart contracts. In: 25th Network and Distr. System Security Symposium (NDSS) (2018)Google Scholar
  21. 21.
    Luu, L., Chu, D., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 254–269 (2016)Google Scholar
  22. 22.
    Owens, S., Böhm, P., Nardelli, F. Z., Sewell, P.: Lem: a lightweight tool for heavyweight semantics. In: van Eekelen, M., Geuvers, H., Schmaltz, J., Wiedijk, F. (eds.) ITP 2011. LNCS, vol. 6898, pp. 363–369. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22863-6_27
  23. 23.
    Park, D., Zhang, Y., Saxena, M., Daian, P., Rosu, G.: A formal verification tool for Ethereum VM bytecode. In: ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/SIGSOFT (FSE), pp. 912–915 (2018)Google Scholar
  24. 24.
    Sergey, I., Kumar, A., Hobor, A.: Scilla: a smart contract intermediate-level language. CoRR, abs/1801.00687 (2018)Google Scholar
  25. 25.
  26. 26.
    Tsankov, P., Dan, A.M., Drachsler-Cohen, D., Gervais, A., Bünzli, F., Vechev, M.T.: Securify: practical security analysis of smart contracts. In: ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 67–82 (2018)Google Scholar
  27. 27.
    Wenzel, M., Paulson, L.C., Nipkow, T.: The Isabelle framework. In: Mohamed, O.A., Muñoz, C., Tahar, S. (eds.) TPHOLs 2008. LNCS, vol. 5170, pp. 33–38. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-71067-7_7CrossRefGoogle Scholar
  28. 28.
    Wood, G.: Ethereum: a secure decentralised generlised transaction ledger. https://gavwood.com/paper.pdf
  29. 29.
    Yaga, D., Mell, P., Roby, N., Scarfone, K.: Blockchain technology overview. Technical report, NISTIR 8202 (2018)Google Scholar
  30. 30.
    Yang, Z., Lei, H.: Lolisa: formal syntax and semantics for a subset of the solidity programming language. CoRR, abs/1803.09885 (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Beijing Key Laboratory of Electronic System Reliability and PrognosticsCapital Normal UniversityBeijingChina
  2. 2.Beijing Engineering Research Center of High Reliable Embedded SystemCapital Normal UniversityBeijingChina
  3. 3.Beijing Advanced Innovation Center for Imaging Theory and TechnologyCapital Normal UniversityBeijingChina
  4. 4.International Science and Technology Cooperation Base of Electronic System Reliability and Mathematical InterdisciplinaryCapital Normal UniversityBeijingChina

Personalised recommendations