Abstract
Several features of the Blockchain technology are well aligned with critical issues in the Business Process Management (BPM) field, and yet adopting Blockchain for BPM should not be taken lightly. In fact, the security of smart contracts, which are one of the main elements of the Blockchain that make the integration with BPM possible, has proved to be vulnerable. It is therefore crucial for the protection of the designed business processes to prove the correctness of the smart contracts to be deployed on a blockchain. In this paper we propose a formal approach based on the transformation of Solidity smart contracts, with consideration of the BPM context in which they are used, into a Hierarchical Coloured Petri net. We express a set of smart contract vulnerabilities as temporal logic formulae and use the Helena model checker to, not only detect such vulnerabilities while discerning their exploitability, but also check other temporal-based contract-specific properties.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
We note that if a place does not exist (\(p=\emptyset \)) any arc creation involving it does not take effect.
References
Overflow incident. en.bitcoin.it/wiki/Value/overflow/incident
Solidity documentation. docs.soliditylang.org/en/latest/
Amani, S., Bégel, M., Bortin, M., Staples, M.: Towards verifying ethereum smart contract bytecode in isabelle/hol. In: Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs, pp. 66–77. NY, USA (2018)
Anand, S., Pasareanu, C.S., Visser, W.: Symbolic execution with abstraction. Int. J. Softw. Tools Technol. Transf. 11(1), 53–67 (2009)
Bhargavan, K., et al.: Formal verification of smart contracts: short paper. In: Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, PLAS@CCS 2016, Austria (2016)
Chen, T., Li, X., Luo, X., Zhang, X.: Under-optimized smart contracts devour your money. In: IEEE 24th International Conference on Software Analysis, Evolution and Reengineering, SANER 2017, Austria, pp. 442–446 (2017)
Dingman, W., et al.: Defects and vulnerabilities in smart contracts, a classification using the NIST bugs framework. IJNDC 7(3), 121–132 (2019)
Duo, W., Huang, X., Ma, X.: Formal analysis of smart contract based on colored petri nets. IEEE Intell. Syst. 35(3), 19–30 (2020)
Evangelista, S.: High level petri nets analysis with helena. In: Applications and Theory of Petri Nets 2005, pp. 455–464. Berlin, Heidelberg (2005)
Garfatta, I., Klai, K., Gaaloul, W., Graiet, M.: A survey on formal verification for solidity smart contracts. In: ACSW ’21: 2021 Australasian Computer Science Week Multiconference, New Zealand, 2021, pp. 1–10. ACM (2021)
Jensen, K., Kristensen, L.M.: Coloured petri nets: modelling and validation of concurrent systems, 1st (edn.) Springer Publishing Company, Incorporated (2009)
Kalra, S., Goel, S., Dhawan, M., Sharma, S.: ZEUS: analyzing safety of smart contracts. In: 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, 2018 (2018)
Khurshid, S., Pasareanu, C.S., Visser, W.: Generalized symbolic execution for model checking and testing. In: Tools and Algorithms for the Construction and Analysis of Systems, 9th International Conference, TACAS 2003, Poland, Proceedings (2003)
Klai, K., Poitrenaud, D.: MC-SOG: an LTL model checker based on symbolic observation graphs. In: Applications and Theory of Petri Nets, 29th International Conference, PETRI NETS 2008, Xi’an, China, 2008. Proceedings, pp. 288–306 (2008)
Liu, Z., Liu, J.: Formal verification of blockchain smart contract based on colored petri net models. In: 43rd IEEE Annual Computer Software and Applications Conference, COMPSAC 2019, USA, vol. 2, pp. 555–560. IEEE (2019)
López-Pintado, O., García-Bañuelos, L., Dumas, M., Weber, I., Ponomarev, A.: Caterpillar: A business process execution engine on the ethereum blockchain. Softw. Pract. Exp. 49(7), 1162–1193 (2019)
Luu, L., Chu, D., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Austria, 2016, pp. 254–269 (2016)
Mavridou, A., Laszka, A., Stachtiari, E., Dubey, A.: Verisolid: correct-by-design smart contracts for ethereum. In: Financial Cryptography and Data Security - 23rd International Conference, FC 2019, St. Kitts and Nevis, 2019, pp. 446–465 (2019)
Meghzili, S., Chaoui, A., Strecker, M., Kerkouche, E.: An approach for the transformation and verification of BPMN models to colored petri nets models. Int. J. Softw. Innov. 8(1), 17–49 (2020)
Mendling, J., et al.: Blockchains for business process management - challenges and opportunities. ACM Trans. Manag. Inf. Syst. 9(1), 1–16 (2018)
Mukkamala, R.R.: A formal model for declarative workflows dynamic condition response graphs. (2012)
Murata, T.: Petri nets: properties, analysis and applications. Proc. IEEE 77(4), 541–580 (1989)
OMG: Business process model and notation (bpmn) 2.0. (2011). www.omg.org/spec/BPMN/2.0/
Pichler, P., Weber, B., Zugal, S., Pinggera, J., Mendling, J., Reijers, H.A.: Imperative versus declarative process modeling languages: an empirical investigation. In: Business Process Management Workshops - BPM 2011 International Workshopsvol, pp. 383–394. Clermont-Ferrand, France, 2011 (2011)
Siegel, D., et al.: The dao attack: understanding what happened (2020). www.coindesk.com/understanding-dao-hack-journalists
Team, S.: Parity multi-sig wallets funds frozen (explained) (2021). www.springworks.in/blog/parity-multi-sig-wallets-funds-frozen-explained/
Torres, C.F., Schütte, J., State, R.: Osiris: hunting for integer bugs in ethereum smart contracts. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 664–676. ACSAC 2018, PR, USA (2018)
Tran, A.B., Lu, Q., Weber, I.: Lorikeet: A model-driven engineering tool for blockchain-based business process execution and asset management. In: Proceedings of the Dissertation Award, Demonstration, and Industrial Track at BPM 2018, vol. 2196, pp. 56–60. Sydney, Australia (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Garfatta, I., Klai, K., Graïet, M., Gaaloul, W. (2021). Model Checking of Solidity Smart Contracts Adopted for Business Processes. In: Hacid, H., Kao, O., Mecella, M., Moha, N., Paik, Hy. (eds) Service-Oriented Computing. ICSOC 2021. Lecture Notes in Computer Science(), vol 13121. Springer, Cham. https://doi.org/10.1007/978-3-030-91431-8_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-91431-8_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-91430-1
Online ISBN: 978-3-030-91431-8
eBook Packages: Computer ScienceComputer Science (R0)