Smart contracts are a special type of programs running inside a blockchain. Immutable and transparent, they provide means to implement fault-tolerant and censorship-resistant services. Unfortunately, its immutability causes a serious challenge of ensuring that a business logic and implementation is correct upfront, before publishing in a blockchain. Several big accidents have indeed shown that users of this technology need special tools to verify smart contract correctness. Existing automated checkers are able to detect only well known implementation bugs, leaving the question of business logic correctness far aside. In this work, we present a symbolic model-checking technique along with a formal specification method for a subset of Solidity programming language that is able to express both state properties and trace properties; the latter constitutes a weak analogy of temporal properties. We evaluate the proposed technique on the MiniDAO smart contract, a young brother of notorious TheDAO. Our Proof-of-Concept was able to detect a non-trivial error in the business logic of this smart contract in a few seconds.
This is a preview of subscription content, log in to check access.
Buy single article
Instant unlimited access to the full article PDF.
Price includes VAT for USA
This is a pseudoname. Real name of this crypto enthusiast is still unknown.
https://etherscan.io/contractsVerified, July, 2018
The multi-sig hack: a postmortem. https://paritytech:io/the-multi-sig-hack-a-postmortem/. Accessed November 14, 2018.
The parity hack. https://www:crowdfundinsider:com/2017/11/124200-ethereum-parity-hack-may-impact-eth-500000-146-million/. Accessed November 14, 2018.
Smart contracts and the dao implosion. https://www:multichain:com/blog/2016/06/smart-contracts-the-dao-implosion/. Accessed November 11, 2018.
Solidity programming language documentation, 2018. https://solidity.readthedocs.io/en/v0.4.24/.
Atzei, N., Bartoletti, M., and Cimoli, T., A survey of attacks on ethereum smart contracts (SOK), Proc. Int. Conf. on Principles of Security and Trust, New York: Springer-Verlag, 2017, pp. 164–186.
Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Gollamudi, A., Gonthier, G., N. Kobeissi, Kulatova, N., Rastogi, A., Sibut-Pinote, T., Swamy, N., et al., Formal verification of smart contracts: short paper, Proc. ACM Workshop on Programming Languages and Analysis for Security, Vienna, 2016, pp. 91–96.
Buterin, V., et al., Ethereum white paper, 2014. https://github:com/ethereum/wiki/wiki/White-Paper.
Delmolino, K., Arnett, M., Kosba, A., Miller, A., and Shi, E., Step by step towards creating a safe smart contract: lessons and insights from a cryptocurrency lab, Proc. Int. Conf. on Financial Cryptography and Data Security, New York: Springer-Verlag, 2016, pp. 79–94.
Hirai, Y., Defining the ethereum virtual machine for interactive theorem provers, Proc. Int. Conf. on Financial Cryptography and Data Security, New York: Springer-Verlag, 2017, pp. 520–535.
Jentzsch, C., Decentralized autonomous organization to automate governance, White paper, 2016.
Kalra, S., Goel, S., Dhawan, M., and Sharma, S., “Zeus: analyzing safety of smart contracts, Proc. 25th Annual Network and Distributed System Security Symp. NDSS’18, San Diego, 2018.
Luu, L., Chu, D.H., Olickel, H., Saxena, P., and Hobor, A., “Making smart contracts smarter, Proc. 2016 ACM SIGSAC Conf. on Computer and Communications Security, Vienna, 2016, pp. 254–269.
Mueller, B., Smashing ethereum smart contracts for fun and real profit, Proc. HITBSecConf 2018, Amsterdam, 2018.
Nakamoto, S., Bitcoin: a peer-to-peer electronic cash system, 2008.
Pettersson, J. and Edström, R., Safer smart contracts through type-driven development, MSc Thesis, Gothenburg: Chalmers Univ. Technol. Univ. of Gothenburg, 2015.
Sheeran, M., Singh, S., and Stålmarck, G., Checking safety properties using induction and a SAT-solver, Proc. Int. Conf. on Formal Methods in Computer-Aided Design, New York: Springer-Verlag, 2000, pp. 127–144.
Zakrzewski, J., Towards verification of ethereum smart contracts: a formalization of core of solidity, in A Tree-Based Approach to Data Flow Proofs, Lecture Notes in Computer Science vol. 11294, New York: Springer-Verlag, 2018. https://www.mimuw.edu.pl/~jz321207/papers/vstte18-solidity.pdf.
About this article
Cite this article
Shishkin, E. Debugging Smart Contract’s Business Logic Using Symbolic Model Checking. Program Comput Soft 45, 590–599 (2019). https://doi.org/10.1134/S0361768819080164