Skip to main content

An Idealist’s Approach for Smart Contract Correctness

  • Conference paper
  • First Online:
Formal Methods and Software Engineering (ICFEM 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14308))

Included in the following conference series:

  • 370 Accesses

Abstract

In this work, we experiment an idealistic approach for smart contract correctness verification and enforcement, based on the assumption that developers are either desired or required to provide a correctness specification due to the importance of smart contracts and the fact that they are immutable after deployment. We design a static verification system with a specification language which supports fully compositional verification (with the help of function specifications, contract invariants, loop invariants and call invariants). Our approach has been implemented in a tool named iContract which automatically proves the correctness of a smart contract statically or checks the unverified part of the specification during runtime. Using iContract, we have verified 10 high-profile smart contracts against manually developed detailed specifications, many of which are beyond the capacity of existing verifiers. Specially, we have uncovered two ERC20 violations in the BNB and QNT contracts.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    deployed at BNB chain address 0x32b166e082993af6598a89397e82e123ca44e74e.

  2. 2.

    Note that runtime checking for arithmetic overflow has been introduced since Solidity 0.8 and thus no longer an issue.

References

  1. Bamboo: a language for morphing smart contracts. https://github.com/pirapira/bamboo

  2. Dataset. https://anonymous.4open.science/r/zero1-0DEE/

  3. Etherscan. https://etherscan.io/

  4. Natspec format. https://docs.soliditylang.org/en/v0.8.17/natspec-format.html

  5. Solidity - Solidity documentation. https://docs.soliditylang.org/en/stable/

  6. swcregistry. https://swcregistry.io/

  7. Vyper - Vyper documentation. https://docs.vyperlang.org/en/stable/

  8. Daian, P.: DAO exploit. https://hackingdistributed.com/2016/06/18/analysis-of-the-dao-exploit/

  9. Dill, D., Grieskamp, W., Park, J., Qadeer, S., Xu, M., Zhong, E.: Fast and reliable formal verification of smart contracts with the move prover. In: TACAS 2022. LNCS, vol. 13243, pp. 183–200. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-99524-9_10

    Chapter  Google Scholar 

  10. Ernst, M.D., et al.: The Daikon system for dynamic detection of likely invariants. Sci. Comput. Program. 69(1–3), 35–45 (2007)

    Article  MathSciNet  Google Scholar 

  11. Fabian Vogelsteller, V.B.: EIP-20: token standard, November 2015. https://eips.ethereum.org/EIPS/eip-20

  12. Ferreira Torres, C., Jonker, H., State, R.: Elysium: context-aware bytecode-level patching to automatically heal vulnerable smart contracts. In: Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses, pp. 115–128 (2022)

    Google Scholar 

  13. Grieco, G., Song, W., Cygan, A., Feist, J., Groce, A.: Echidna: effective, usable, and fast fuzzing for smart contracts. In: Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 557–560 (2020)

    Google Scholar 

  14. Hajdu, Á., Jovanović, D.: solc-verify: a modular verifier for solidity smart contracts. In: Chakraborty, S., Navas, J.A. (eds.) VSTTE 2019. LNCS, vol. 12031, pp. 161–179. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-41600-3_11

    Chapter  Google Scholar 

  15. Li, A., Choi, J.A., Long, F.: Securing smart contract with runtime validation. In: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 438–453 (2020)

    Google Scholar 

  16. Luu, L., Chu, D.H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269 (2016)

    Google Scholar 

  17. Mariano, B., Chen, Y., Feng, Y., Lahiri, S.K., Dillig, I.: Demystifying loops in smart contracts. In: 2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 262–274 (2020)

    Google Scholar 

  18. Mueller, B.: Smashing ethereum smart contracts for fun and real profit. HITB SECCONF Amsterdam 9, 54 (2018)

    Google Scholar 

  19. Nguyen, T.D., Pham, L.H., Sun, J.: SGUARD: towards fixing vulnerable smart contracts automatically. In: 42nd IEEE Symposium on Security and Privacy, SP 2021, San Francisco, CA, USA, 24–27 May 2021, pp. 1215–1229. IEEE (2021). https://doi.org/10.1109/SP40001.2021.00057

  20. Nguyen, T.D., Pham, L.H., Sun, J., Lin, Y., Minh, Q.T.: sFuzz: an efficient adaptive fuzzer for solidity smart contracts. In: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, pp. 778–788 (2020)

    Google Scholar 

  21. O’Hearn, P.W.: Incorrectness logic. Proc. ACM Program. Lang. 4(POPL) (2019). https://doi.org/10.1145/3371078

  22. Palladino, S.: The parity wallet hack explained, July 2017. https://blog.openzeppelin.com/on-the-parity-wallet-multisig-hack-405a8c12e8f7/

  23. Permenev, A., Dimitrov, D., Tsankov, P., Drachsler-Cohen, D., Vechev, M.: VerX: safety verification of smart contracts. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1661–1677 (2020). https://doi.org/10.1109/SP40000.2020.00024

  24. So, S., Lee, M., Park, J., Lee, H., Oh, H.: VERISMART: a highly precise safety verifier for ethereum smart contracts. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1678–1694 (2020)

    Google Scholar 

  25. Stephens, J., Ferles, K., Mariano, B., Lahiri, S., Dillig, I.: SMARTPULSE: automated checking of temporal properties in smart contracts. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 555–571. IEEE (2021)

    Google Scholar 

  26. Szabo, N.: Formalizing and securing relationships on public networks. First Monday (1997)

    Google Scholar 

  27. Torres, C.F., Iannillo, A.K., Gervais, A., State, R.: ConFuzzius: a data dependency-aware hybrid fuzzer for smart contracts. In: 2021 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 103–119. IEEE (2021)

    Google Scholar 

  28. Tsankov, P., Dan, A., Drachsler-Cohen, D., Gervais, A., Buenzli, F., Vechev, M.: Securify: practical security analysis of smart contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 67–82 (2018)

    Google Scholar 

  29. Wesley, S., Christakis, M., Navas, J.A., Trefler, R., Wüstholz, V., Gurfinkel, A.: Verifying Solidity smart contracts via communication abstraction in SmartACE. In: Finkbeiner, B., Wies, T. (eds.) VMCAI 2022. LNCS, vol. 13182, pp. 425–449. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-94583-1_21

    Chapter  Google Scholar 

  30. Wood, G., et al.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Proj. Yellow Paper 151(2014), 1–32 (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Tai D. Nguyen .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Nguyen, T.D., Pham, L.H., Sun, J., Le, Q.L. (2023). An Idealist’s Approach for Smart Contract Correctness. In: Li, Y., Tahar, S. (eds) Formal Methods and Software Engineering. ICFEM 2023. Lecture Notes in Computer Science, vol 14308. Springer, Singapore. https://doi.org/10.1007/978-981-99-7584-6_2

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-7584-6_2

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-7583-9

  • Online ISBN: 978-981-99-7584-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics