Skip to main content
SpringerLink
Log in

sVerify: Verifying Smart Contracts Through Lazy Annotation and Learning

  • Conference paper
  • First Online:
Leveraging Applications of Formal Methods, Verification and Validation (ISoLA 2021)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 13036))

Included in the following conference series:

Abstract

Smart contracts have recently attracted much attention from industry as they aim to assure anonymous distributed secure transactions. It also becomes clear that they are not immune to code vulnerabilities. As smart contracts cannot be patched once deployed, it is crucial to verify their correctness before deployment. Existing approaches mainly focus on testing and bounded verification which do not guarantee the correctness of smart contracts. In this work, we develop a formal verifier called sVerify for Solidity smart contracts based on a combination of lazy annotation and automatic loop invariant learning techniques. The latter is essential as explicit or implicit loops (due to fallback function calls) are common in smart contracts. Patterns and features which are specific to smart contracts are used to facilitate invariant learning. sVerify has been evaluated with 4670 Solidity smart contracts, and the evaluation result shows that sVerify is effective and reasonably efficient for verifying smart contracts .

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We omit the details on the content of the stack for brevity.

  2. 2.

    Due to the page limit, only a core set of rules are presented here.

  3. 3.

    Necessary assertions regarding overflow and reentrancy are inserted manually.

  4. 4.

    Details and benchmarks can be found at https://doi.org/10.5281/zenodo.5168441.

References

  1. Dao (2016). https://www.coindesk.com/understanding-dao-hack-journalists

  2. Akca, S., Rajan, A., Peng, C.: SolAnalyser: a framework for analysing and testing smart contracts, pp. 482–489 (2019). https://doi.org/10.1109/APSEC48747.2019.00071

  3. Albert, E., Correas, J., Gordillo, P., Román-Díez, G., Rubio, A.: Analyzing smart contracts: from EVM to a sound control-flow graph. arXiv preprint arXiv:2004.14437 (2020)

  4. Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Gollamudi, A., Gonthier, G., Kobeissi, N.: Formal verification of smart contracts: short paper. In: PLAS, pp. 91–96. ACM (2016)

    Google Scholar 

  5. Chang, C.C., Lin, C.J.: LIBSVM: a library for support vector machines. ACM TIST 2, 27:1–27:27 (2011). http://www.csie.ntu.edu.tw/~cjlin/libsvm

  6. Chang, J., Gao, B., Xiao, H., Sun, J., Cai, Y., Yang, Z.: sCompile: critical path identification and analysis for smart contracts. In: Ait-Ameur, Y., Qin, S. (eds.) ICFEM 2019. LNCS, vol. 11852, pp. 286–304. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32409-4_18

    Chapter  Google Scholar 

  7. Clarke, E., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement for symbolic model checking. J. ACM 50(5), 752–794 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  8. ConsenSys: Mythril: Security analysis of ethereum smart contracts (2018). https://github.com/ConsenSys/mythril. Accessed 30 May 2019. online

  9. CVE: CVE list. https://cve.mitre.org/data/downloads/index.html. Accessed 4 June 2021

  10. Dillig, I., Dillig, T., Li, B., McMillan, K.: Inductive invariant generation via abductive inference. In: OOPSLA, pp. 443–456 (2013)

    Google Scholar 

  11. Flanagan, C., Qadeer, S.: Predicate abstraction for software verification. In: POPL, pp. 191–202. ACM (2002)

    Google Scholar 

  12. Haber, S., Stornetta, W.S.: How to time-stamp a digital document. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 437–455. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-38424-3_32

    Chapter  Google Scholar 

  13. Hajdu, Á., Jovanović, D.: solc-verify: a modular verifier for solidity smart contracts. In: Chakraborty, S., Navas, J.A. (eds.) VSTTE 2019. LNCS, vol. 12031, pp. 161–179. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-41600-3_11

    Chapter  Google Scholar 

  14. Jiang, B., Liu, Y., Chan, W.: ContractFuzzer: fuzzing smart contracts for vulnerability detection, pp. 259–269 (2018). https://doi.org/10.1145/3238147.3238177

  15. Kalra, S., Goel, S., Dhawan, M., Sharma, S.: ZEUS: analyzing safety of smart contracts. In: NDSS. The Internet Society (2018)

    Google Scholar 

  16. Lamport, L.: Time, clocks, and the ordering of events in a distributed system. Commun. ACM 21(7), 558–565 (1978)

    Article  MATH  Google Scholar 

  17. Li, J., Sun, J., Li, L., Le, Q.L., Lin, S.: Automatic loop-invariant generation and refinement through selective sampling. In: ASE, pp. 782–792 (2017)

    Google Scholar 

  18. Lin, S., Sun, J., Nguyen, T.K., Liu, Y., Dong, J.S.: Interpolation guided compositional verification (t). In: ASE, pp. 65–74 (2015)

    Google Scholar 

  19. Lin, S.: K-framework Solidity (2018). https://github.com/kframework/solidity-semantics

  20. Luu, L., Chu, D.H., Olickel, H., Saxena, P.: Making smart contracts smarter. In: CCS, pp. 254–269. ACM (2016)

    Google Scholar 

  21. McMillan, K.L.: Lazy annotation for program testing and verification. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 104–118. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14295-6_10

    Chapter  Google Scholar 

  22. Mossberg, M., Manzano, F., Hennenfent, E., Groce, A.: Manticore: a user-friendly symbolic execution framework for binaries and smart contracts. In: ASE, pp. 1186–1189. IEEE (2019)

    Google Scholar 

  23. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Technical report, Manubot (2019)

    Google Scholar 

  24. Nikolic, I., Kolluri, A., Sergey, I., Saxena, P., Hobor, A.: Finding the greedy, prodigal, and suicidal contracts at scale. In: ACSAC, pp. 653–663. ACM (2018)

    Google Scholar 

  25. Permenev, A., Dimitrov, D., Tsankov, P., Drachsler-Cohen, D., Vechev, M.: VerX: safety verification of smart contract. In: IEEE Symposium on Security and Privacy (2020)

    Google Scholar 

  26. Quinlan, J.: C5.0: an informal tutorial (2017). http://www.rulequest.com/see5-unix.html

  27. Tsankov, P., Dan, A., Drachsler-Cohen, D., Gervais, A., Buenzli, F., Vechev, M.: Securify: practical security analysis of smart contracts. In: CCS, pp. 67–82. ACM (2018)

    Google Scholar 

  28. Wang, Y., et al.: Formal verification of workflow policies for smart contracts in azure blockchain. In: Chakraborty, S., Navas, J.A. (eds.) VSTTE 2019. LNCS, vol. 12031, pp. 87–106. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-41600-3_7

    Chapter  Google Scholar 

  29. Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper 151, 1–32 (2014)

    Google Scholar 

  30. Wüstholz, V., Christakis, M.: Harvey: a greybox fuzzer for smart contracts. In: ESEC/FSE, pp. 1398–1409 (2020)

    Google Scholar 

  31. Zhu, H., Magill, S., Jagannathan, S.: A data-driven CHC solver. In: PLDI, pp. 707–721. ACM (2018)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Bo Gao

  2. Singapore Management University, Singapore, Singapore

    Ling Shi, Jiaying Li & Jun Sun

  3. Western Michigan University, Kalamazoo, USA

    Jialiang Chang & Zijiang Yang

Authors
  1. Bo Gao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ling Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jiaying Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jialiang Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jun Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Zijiang Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Limerick, Limerick, Ireland

    Tiziana Margaria

  2. TU Dortmund, Dortmund, Germany

    Bernhard Steffen

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gao, B., Shi, L., Li, J., Chang, J., Sun, J., Yang, Z. (2021). sVerify: Verifying Smart Contracts Through Lazy Annotation and Learning. In: Margaria, T., Steffen, B. (eds) Leveraging Applications of Formal Methods, Verification and Validation. ISoLA 2021. Lecture Notes in Computer Science(), vol 13036. Springer, Cham. https://doi.org/10.1007/978-3-030-89159-6_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-89159-6_28

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-89158-9

  • Online ISBN: 978-3-030-89159-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation