Skip to main content
SpringerLink
Log in

Model Checking of Solidity Smart Contracts Adopted for Business Processes

  • Conference paper
  • First Online:
Service-Oriented Computing (ICSOC 2021)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 13121))

Included in the following conference series:

  • 3154 Accesses

Abstract

Several features of the Blockchain technology are well aligned with critical issues in the Business Process Management (BPM) field, and yet adopting Blockchain for BPM should not be taken lightly. In fact, the security of smart contracts, which are one of the main elements of the Blockchain that make the integration with BPM possible, has proved to be vulnerable. It is therefore crucial for the protection of the designed business processes to prove the correctness of the smart contracts to be deployed on a blockchain. In this paper we propose a formal approach based on the transformation of Solidity smart contracts, with consideration of the BPM context in which they are used, into a Hierarchical Coloured Petri net. We express a set of smart contract vulnerabilities as temporal logic formulae and use the Helena model checker to, not only detect such vulnerabilities while discerning their exploitability, but also check other temporal-based contract-specific properties.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://depot.lipn.univ-paris13.fr/garfatta/sol2cpn.

  2. 2.

    We note that if a place does not exist (\(p=\emptyset \)) any arc creation involving it does not take effect.

References

  1. Overflow incident. en.bitcoin.it/wiki/Value/overflow/incident

  2. Solidity documentation. docs.soliditylang.org/en/latest/

  3. Amani, S., Bégel, M., Bortin, M., Staples, M.: Towards verifying ethereum smart contract bytecode in isabelle/hol. In: Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs, pp. 66–77. NY, USA (2018)

    Google Scholar 

  4. Anand, S., Pasareanu, C.S., Visser, W.: Symbolic execution with abstraction. Int. J. Softw. Tools Technol. Transf. 11(1), 53–67 (2009)

    Article  Google Scholar 

  5. Bhargavan, K., et al.: Formal verification of smart contracts: short paper. In: Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, PLAS@CCS 2016, Austria (2016)

    Google Scholar 

  6. Chen, T., Li, X., Luo, X., Zhang, X.: Under-optimized smart contracts devour your money. In: IEEE 24th International Conference on Software Analysis, Evolution and Reengineering, SANER 2017, Austria, pp. 442–446 (2017)

    Google Scholar 

  7. Dingman, W., et al.: Defects and vulnerabilities in smart contracts, a classification using the NIST bugs framework. IJNDC 7(3), 121–132 (2019)

    Article  Google Scholar 

  8. Duo, W., Huang, X., Ma, X.: Formal analysis of smart contract based on colored petri nets. IEEE Intell. Syst. 35(3), 19–30 (2020)

    Article  Google Scholar 

  9. Evangelista, S.: High level petri nets analysis with helena. In: Applications and Theory of Petri Nets 2005, pp. 455–464. Berlin, Heidelberg (2005)

    Google Scholar 

  10. Garfatta, I., Klai, K., Gaaloul, W., Graiet, M.: A survey on formal verification for solidity smart contracts. In: ACSW ’21: 2021 Australasian Computer Science Week Multiconference, New Zealand, 2021, pp. 1–10. ACM (2021)

    Google Scholar 

  11. Jensen, K., Kristensen, L.M.: Coloured petri nets: modelling and validation of concurrent systems, 1st (edn.) Springer Publishing Company, Incorporated (2009)

    Google Scholar 

  12. Kalra, S., Goel, S., Dhawan, M., Sharma, S.: ZEUS: analyzing safety of smart contracts. In: 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, 2018 (2018)

    Google Scholar 

  13. Khurshid, S., Pasareanu, C.S., Visser, W.: Generalized symbolic execution for model checking and testing. In: Tools and Algorithms for the Construction and Analysis of Systems, 9th International Conference, TACAS 2003, Poland, Proceedings (2003)

    Google Scholar 

  14. Klai, K., Poitrenaud, D.: MC-SOG: an LTL model checker based on symbolic observation graphs. In: Applications and Theory of Petri Nets, 29th International Conference, PETRI NETS 2008, Xi’an, China, 2008. Proceedings, pp. 288–306 (2008)

    Google Scholar 

  15. Liu, Z., Liu, J.: Formal verification of blockchain smart contract based on colored petri net models. In: 43rd IEEE Annual Computer Software and Applications Conference, COMPSAC 2019, USA, vol. 2, pp. 555–560. IEEE (2019)

    Google Scholar 

  16. López-Pintado, O., García-Bañuelos, L., Dumas, M., Weber, I., Ponomarev, A.: Caterpillar: A business process execution engine on the ethereum blockchain. Softw. Pract. Exp. 49(7), 1162–1193 (2019)

    Google Scholar 

  17. Luu, L., Chu, D., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Austria, 2016, pp. 254–269 (2016)

    Google Scholar 

  18. Mavridou, A., Laszka, A., Stachtiari, E., Dubey, A.: Verisolid: correct-by-design smart contracts for ethereum. In: Financial Cryptography and Data Security - 23rd International Conference, FC 2019, St. Kitts and Nevis, 2019, pp. 446–465 (2019)

    Google Scholar 

  19. Meghzili, S., Chaoui, A., Strecker, M., Kerkouche, E.: An approach for the transformation and verification of BPMN models to colored petri nets models. Int. J. Softw. Innov. 8(1), 17–49 (2020)

    Article  Google Scholar 

  20. Mendling, J., et al.: Blockchains for business process management - challenges and opportunities. ACM Trans. Manag. Inf. Syst. 9(1), 1–16 (2018)

    Google Scholar 

  21. Mukkamala, R.R.: A formal model for declarative workflows dynamic condition response graphs. (2012)

    Google Scholar 

  22. Murata, T.: Petri nets: properties, analysis and applications. Proc. IEEE 77(4), 541–580 (1989)

    Google Scholar 

  23. OMG: Business process model and notation (bpmn) 2.0. (2011). www.omg.org/spec/BPMN/2.0/

  24. Pichler, P., Weber, B., Zugal, S., Pinggera, J., Mendling, J., Reijers, H.A.: Imperative versus declarative process modeling languages: an empirical investigation. In: Business Process Management Workshops - BPM 2011 International Workshopsvol, pp. 383–394. Clermont-Ferrand, France, 2011 (2011)

    Google Scholar 

  25. Siegel, D., et al.: The dao attack: understanding what happened (2020). www.coindesk.com/understanding-dao-hack-journalists

  26. Team, S.: Parity multi-sig wallets funds frozen (explained) (2021). www.springworks.in/blog/parity-multi-sig-wallets-funds-frozen-explained/

  27. Torres, C.F., Schütte, J., State, R.: Osiris: hunting for integer bugs in ethereum smart contracts. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 664–676. ACSAC 2018, PR, USA (2018)

    Google Scholar 

  28. Tran, A.B., Lu, Q., Weber, I.: Lorikeet: A model-driven engineering tool for blockchain-based business process execution and asset management. In: Proceedings of the Dissertation Award, Demonstration, and Industrial Track at BPM 2018, vol. 2196, pp. 56–60. Sydney, Australia (2018)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Tunis El Manar, National Engineering School of Tunis, OASIS, Tunis, Tunisia

    Ikram Garfatta

  2. University Sorbonne Paris North, LIPN UMR CNRS 7030, Villetaneuse, France

    Ikram Garfatta & Kaïs Klai

  3. University of Monastir, Higher Institute for Computer Science and Mathematics, Monastir, Tunisia

    Mohamed Graïet

  4. Institut Mines-Télécom, Télécom SudParis, SAMOVAR UMR 5157, Évry, France

    Walid Gaaloul

Authors
  1. Ikram Garfatta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kaïs Klai
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohamed Graïet
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Walid Gaaloul
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ikram Garfatta .

Editor information

Editors and Affiliations

  1. Zayed University, Dubai, United Arab Emirates

    Hakim Hacid

  2. Technical University of Berlin, Berlin, Germany

    Odej Kao

  3. Informatica Automatica Gestio, Sapienza University of Rome, Rome, Italy

    Massimo Mecella

  4. Departement d'Informatique, University of Quebec, Montreal, QC, Canada

    Naouel Moha

  5. UNSW Sydney, Sydney, NSW, Australia

    Hye-young Paik

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Garfatta, I., Klai, K., Graïet, M., Gaaloul, W. (2021). Model Checking of Solidity Smart Contracts Adopted for Business Processes. In: Hacid, H., Kao, O., Mecella, M., Moha, N., Paik, Hy. (eds) Service-Oriented Computing. ICSOC 2021. Lecture Notes in Computer Science(), vol 13121. Springer, Cham. https://doi.org/10.1007/978-3-030-91431-8_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-91431-8_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-91430-1

  • Online ISBN: 978-3-030-91431-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation