solc-verify: A Modular Verifier for Solidity Smart Contracts

  • Ákos HajduEmail author
  • Dejan Jovanović
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12031)


We present solc-verify, a source-level verification tool for Ethereum smart contracts. solc-verify takes smart contracts written in Solidity and discharges verification conditions using modular program analysis and SMT solvers. Built on top of the Solidity compiler, solc-verify reasons at the level of the contract source code, as opposed to the more common approaches that operate at the level of Ethereum bytecode. This enables solc-verify to effectively reason about high-level contract properties while modeling low-level language semantics precisely. The properties, such as contract invariants, loop invariants, and function pre- and post-conditions, can be provided as annotations in the code by the developer. This enables automated, yet user-friendly formal verification for smart contracts. We demonstrate solc-verify by examining real-world examples where our tool can effectively find bugs and prove correctness of non-trivial properties with minimal user effort.


  1. 1.
    Abdellatif, T., Brousmiche, K.: Formal verification of smart contracts based on users and blockchain behaviors models. In: 9th IFIP International Conference on New Technologies, Mobility and Security, pp. 1–5. IEEE (2018)Google Scholar
  2. 2.
    Alt, L., Reitwiessner, C.: SMT-based verification of solidity smart contracts. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11247, pp. 376–388. Springer, Cham (2018). Scholar
  3. 3.
    Antonopoulos, A., Wood, G.: Mastering Ethereum: Building Smart Contracts and DApps. O’Reilly Media, Inc., Sebastopol (2018)Google Scholar
  4. 4.
    Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on Ethereum smart contracts (SoK). In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 164–186. Springer, Heidelberg (2017). Scholar
  5. 5.
    Barnett, M., DeLine, R., Fähndrich, M., Leino, K.R.M., Schulte, W.: Verification of object-oriented programs with invariants. J. Object Technol. 3(6), 27–56 (2004)CrossRefGoogle Scholar
  6. 6.
    Barrett, C., et al.: CVC4. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 171–177. Springer, Heidelberg (2011). Scholar
  7. 7.
    Barrett, C., Tinelli, C.: Satisfiability modulo theories. In: Clarke, E., Henzinger, T., Veith, H., Bloem, R. (eds.) Handbook of Model Checking, pp. 305–343. Springer, Cham (2018). Scholar
  8. 8.
    Bhargavan, K., et al.: Formal verification of smart contracts: short paper. In: ACM Workshop on Programming Languages and Analysis for Security, pp. 91–96. ACM (2016)Google Scholar
  9. 9.
    Bornat, R.: Proving pointer programs in hoare logic. In: Backhouse, R., Oliveira, J.N. (eds.) MPC 2000. LNCS, vol. 1837, pp. 102–126. Springer, Heidelberg (2000). Scholar
  10. 10.
    Chatterjee, S., Lahiri, S.K., Qadeer, S., Rakamarić, Z.: A reachability predicate for analyzing low-level software. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 19–33. Springer, Heidelberg (2007). Scholar
  11. 11.
    Cohen, E., et al.: VCC: a practical system for verifying concurrent C. In: Berghofer, S., Nipkow, T., Urban, C., Wenzel, M. (eds.) TPHOLs 2009. LNCS, vol. 5674, pp. 23–42. Springer, Heidelberg (2009). Scholar
  12. 12.
    ConsenSys: Ethereum smart contract security best practices (2018).
  13. 13.
    ConsenSys: Mythril classic: security analysis tool for Ethereum smart contracts (2019).
  14. 14.
    De Moura, L., Bjørner, N.: Generalized, efficient array decision procedures. In: Formal Methods in Computer-Aided Design, pp. 45–52. IEEE (2009)Google Scholar
  15. 15.
    DeLine, R., Leino, K.R.M.: BoogiePL: a typed procedural language for checking object-oriented programs. Technical report MSR-TR-2005-70, Microsoft Research (2005)Google Scholar
  16. 16.
    Dhillon, V., Metcalf, D., Hooper, M.: The DAO hacked. In: Dhillon, V., Metcalf, D., Hooper, M. (eds.) Blockchain Enabled Applications, pp. 67–78. Apress, Berkeley (2017). Scholar
  17. 17.
    Dourlens, J.: Safemath to protect from overflows (2017).
  18. 18.
    Dutertre, B.: Yices 2.2. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 737–744. Springer, Cham (2014). Scholar
  19. 19.
    Ethereum Constantinople/St. Petersburg upgrade announcement (2019).
  20. 20.
    Feist, J., Greico, G., Groce, A.: Slither: a static analysis framework for smart contracts. In: Proceedings of the 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain, pp. 8–15. IEEE (2019)Google Scholar
  21. 21.
    Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. In: ACM SIGPLAN 2002 conference on Programming Language Design and Implementation, pp. 234–245. ACM (2002)Google Scholar
  22. 22.
    Grishchenko, I., Maffei, M., Schneidewind, C.: A semantic framework for the security analysis of Ethereum smart contracts. In: Bauer, L., Küsters, R. (eds.) POST 2018. LNCS, vol. 10804, pp. 243–269. Springer, Cham (2018). Scholar
  23. 23.
    Harz, D., Knottenbelt, W.: Towards safer smart contracts: a survey of languages and verification methods (2018).
  24. 24.
    Hildenbrandt, E., Saxena, M., Zhu, X., Rodrigues, N., Daian, P., Guth, D., Rosu, G.: KEVM: a complete semantics of the Ethereum virtual machine. Technical report, IDEALS (2017)Google Scholar
  25. 25.
    Hirai, Y.: Defining the Ethereum virtual machine for interactive theorem provers. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 520–535. Springer, Cham (2017). Scholar
  26. 26.
    Kalra, S., Goel, S., Dhawan, M., Sharma, S.: ZEUS: analyzing safety of smart contracts. In: Network and Distributed Systems Security Symposium (2018)Google Scholar
  27. 27.
    Lahiri, S.K., Chen, S., Wang, Y., Dillig, I.: Formal specification and verification of smart contracts for Azure blockchain (2018).
  28. 28.
    Leino, K.R.M.: This is Boogie 2 (2008)Google Scholar
  29. 29.
    Luu, L., Chu, D.H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269. ACM (2016)Google Scholar
  30. 30.
    Mavridou, A., Laszka, A.: Tool demonstration: FSolidM for designing secure Ethereum smart contracts. In: Bauer, L., Küsters, R. (eds.) POST 2018. LNCS, vol. 10804, pp. 270–277. Springer, Cham (2018). Scholar
  31. 31.
    McCarthy, J.: Towards a mathematical science of computation. In: IFIP Congress, pp. 21–28 (1962)Google Scholar
  32. 32.
    Miller, A., Cai, Z., Jha, S.: Smart contracts and opportunities for formal methods. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11247, pp. 280–299. Springer, Cham (2018). Scholar
  33. 33.
    de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). Scholar
  34. 34.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008).
  35. 35.
    Nikolić, I., Kolluri, A., Sergey, I., Saxena, P., Hobor, A.: Finding the greedy, prodigal, and suicidal contracts at scale. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 653–663. ACM (2018)Google Scholar
  36. 36.
    NIST National Vulnerability Database: CVE-2018-10299: Beauty Ecosystem Coin (BEC) issue (2018).
  37. 37.
    Sergey, I., Kumar, A., Hobor, A.: Scilla: a smart contract intermediate-level language (2018).
  38. 38.
    Solidity documentation (2018).
  39. 39.
    Szabo, N.: Smart contracts (1994)Google Scholar
  40. 40.
    Tsankov, P., Dan, A., Drachsler-Cohen, D., Gervais, A., Bünzli, F., Vechev, M.: Securify: practical security analysis of smart contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 67–82. ACM (2018)Google Scholar
  41. 41.
    Wood, G.: Ethereum: a secure decentralised generalised transaction ledger (2017).

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Budapest University of Technology and EconomicsBudapestHungary
  2. 2.SRI InternationalNew York CityUSA

Personalised recommendations