Abstract
Smart contracts are programs that help in automating agreement between multiple parties involving no external trusted authority. Since smart contracts deal with millions of dollars worth of virtual coins, it is important to ensure that they execute correctly and are free from vulnerabilities. This work focuses on smart contracts in Ethereum blockchain, the most utilized platform for smart contracts so far. Our emphasis is mainly on two core areas. One involves the runtime verification of ERC20 tokens using K framework and the other involves the comparison of tools available for detecting the vulnerabilities in smart contract. The six core functions of ERC20, namely allowance(), approve(), total-supply(), balanceof(), transferfrom() and transfer() were considered for runtime verification. ERC20 contracts were tested with ERC20 standard and the results showed that only 30% in allowance() function, 50% in transferfrom() function, and 90% in transfer() function, were compliant to the standard. The other focus area involves the comparison of existing tool that could identify vulnerabilities in smart contract. Five tools were taken for the comparison, namely Oyente, Securify, Remix, Smartcheck and Mythril and were tested against 15 different vulnerabilities. Out of the 5 tools taken, Smartcheck was found to detect the highest number of vulnerabilities.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Zheng, Z., et al.: An overview of blockchain technology: architecture, consensus, and future trends. In: 2017 IEEE International Congress on Big Data (BigData Congress). IEEE (2017)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)
K Framework - An Overview. https://runtimeverification.com/blog/k-framework-an-overview/. Accessed 22 Sept 2018
Rosu, G.: ERC20-K: Formal Executable Specification of ERC20. https://runtimeverification.com/blog/erc20-k-formal-executable-specification-of-erc20/. Accessed 21 Sept 2018
Formal verification of ERC-20 contracts. https://runtimeverification.com/blog/erc-20-verification/. Accessed 21 Sept 2018
How Formal Verification of Smart Contracts Works. https://runtimeverification.com/blog/how-formal-verification-of-smart-contracts-works/. Accessed 21 Sept 2018
Sajana, P., Sindhu, M., Sethumadhavan, M.: On blockchain applications: hyperledger fabric and ethereum. Int. J. Pure Appl. Math. 118, 2965–2970 (2018)
Alharby, M., van Moorsel, A.: Blockchain-based smart contracts: a systematic mapping study. arXiv preprint arXiv:1710.06372 (2017)
https://theethereum.wiki/w/index.php/ERC20TokenStandard. Accessed 22 Aug 2018
https://runtimeverification.com/blog/k-framework-an-overview/. Accessed 1 Aug 2018
Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on ethereum smart contracts (SoK). In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 164–186. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54455-6_8
Egbertsen, W., et al.: Replacing paper contracts with Ethereum smart contracts (2016)
Kosba, A., et al.: Hawk: the blockchain model of cryptography and privacy-preserving smart contracts. In: 2016 IEEE Symposium on Security and Privacy (SP). IEEE (2016)
del Castillo, M.: The dao attacked: code issue leads to $60 million ether theft. Saatavissa (viitattu 13.2.2017). http://www.coindesk.com/dao-attacked-code-issue-leads-60-million-ether-theft. Accessed 15 Sept 2018
Reentrancy Woes in Smart Contracts. http://hackingdistributed.com/2016/07/13/reentrancy-woes/. Accessed 22 Aug 2018
Luu, L., et al.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM (2016)
Kalra, S., et al.: ZEUS: analyzing safety of smart contracts. In: NDSS (2018)
Delmolino, K., Arnett, M., Kosba, A., Miller, A., Shi, E.: Step by step towards creating a safe smart contract: lessons and insights from a cryptocurrency lab. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 79–94. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_6
Hildenbrandt, E., et al.: KEVM: a complete semantics of the ethereum virtual machine (2017)
Bhargavan, K., et al.: Formal verification of smart contracts: short paper. In: Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security. ACM (2016)
Nikolic, I., et al.: Finding the greedy, prodigal, and suicidal contracts at scale. arXiv preprint arXiv:1802.06038 (2018)
https://remix.ethereum.org. Accessed 13 Sept 2018
https://github.com/smartdec/smartcheck/tree/master/src/test/resources/rules. Accessed 07 Aug 2018
https://github.com/eth-sri/securify/tree/master/src/test/resources/solidity. Accessed 07 Aug 2018
https://github.com/trailofbits/not-so-smart-contracts. Accessed 07 Aug 2018
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Abraham, M., Jevitha, K.P. (2019). Runtime Verification and Vulnerability Testing of Smart Contracts. In: Singh, M., Gupta, P., Tyagi, V., Flusser, J., Ören, T., Kashyap, R. (eds) Advances in Computing and Data Sciences. ICACDS 2019. Communications in Computer and Information Science, vol 1046. Springer, Singapore. https://doi.org/10.1007/978-981-13-9942-8_32
Download citation
DOI: https://doi.org/10.1007/978-981-13-9942-8_32
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-9941-1
Online ISBN: 978-981-13-9942-8
eBook Packages: Computer ScienceComputer Science (R0)