Abstract
Smart contracts present new challenges for runtime verification techniques, due to features such as immutability of the code and the notion of gas that must be paid for the execution of code. In this paper we present the runtime verification tool ContractLarva and outline its use in instrumenting monitors in smart contracts written in Solidity, for the Ethereum blockchain-based distributed computing platform. We discuss the challenges faced in doing so, and how some of these can be addressed, using the ERC-20 token standard to illustrate the techniques. We conclude by proposing a list of open challenges in smart contract and blockchain monitoring.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
In this context, one typically finds the use of the term immutability for immutability of transactions or data written in the past, whilst still allowing for appending new entries (in a controlled manner) to the ledger.
- 2.
In practice, what stops these parties from doing so is the threat to be sued for breach of contract, which happens outside the realm of the contract itself.
- 3.
NP-complete problems are a classical case of this — although there is no known deterministic polynomial algorithm which can find a solution to instances of any one of these problems, a known solution to an NP-complete problem instance can be verified in polynomial time on a deterministic machine.
- 4.
Available from https://github.com/gordonpace/contractLarva.
- 5.
The choice of the term event, frequently used in runtime verification, is unfortunately overloaded with the notion of events in Solidity. In the rest of the paper, we use the term to refer to runtime points-of-interest.
- 6.
The only case which is not covered by this approach is if the contract performs external delegate calls (which may result in the callee changing the state of the caller). However, this can be syntactically checked at instrumentation time.
- 7.
Although in traditional systems, overheads in space, time and communication are still paid for financially (more memory, more CPU power or more bandwidth), the cost is indirect and the perception is that is a matter of efficiency, and not cost management..
- 8.
ERC stands for Ethereum Request for Comment, with 20 being the number that was assigned to the request.
- 9.
As reported by Etherscan (see www.etherscan.io/tokens) in July 2018. The number of active, and trustworthy token implementations is, however, much lower than this figure.
- 10.
The case study can be found at: https://github.com/shaunazzopardi/safely-mutable-ERC-20-interface.
- 11.
References
Ahrendt, W., Chimento, J.M., Pace, G.J., Schneider, G.: Verifying data- and control-oriented properties combining static and runtime verification: theory and tools. Form. Methods Syst. Des. 51(1), 200–265 (2017)
Ahrendt, W., Pace, G.J., Schneider, G.: Smart contracts –a killer application for deductive source code verification. In: Festschrift on the Occasion of Arnd Poetzsch-Heffter’s 60th Birthday (ARND 2018) (2018)
Amani, S., Bégel, M., Bortin, M., Staples, M.: Towards verifying Ethereum smart contract bytecode in Isabelle/Hol. In: Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs, CPP 2018, pp. 66–77, New York, NY, USA. ACM (2018)
Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on ethereum smart contracts (SoK). In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 164–186. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54455-6_8
Bartocci, E., Falcone, Y., Francalanza, A., Reger, G.: Introduction to runtime verification. In: Bartocci, E., Falcone, Y. (eds.) Lectures on Runtime Verification. LNCS, vol. 10457, pp. 1–33. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-75632-5_1
Bhargavan, K., et al.: Formal verification of smart contracts. In: The 11th Workshop on Programming Languages and Analysis for Security (PLAS 2016) (2016)
Bodden, E., Hendren, L., Lhoták, O.: A staged static program analysis to improve the performance of runtime monitoring. In: Ernst, E. (ed.) ECOOP 2007. LNCS, vol. 4609, pp. 525–549. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73589-2_25
Bodden, E., Lam, P., Hendren, L.: Clara: a framework for partially evaluating finite-state runtime monitors ahead of time. In: Barringer, H., Falcone, Y., Finkbeiner, B., Havelund, K., Lee, I., Pace, G., Roşu, G., Sokolsky, O., Tillmann, N. (eds.) RV 2010. LNCS, vol. 6418, pp. 183–197. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16612-9_15
Colombo, C., Ellul, J., Pace, G.J.: Contracts over smart contracts: recovering from violations dynamically. In: ISoLA. LNCS (2018)
Colombo, C., Pace, G.J.: Monitor-oriented compensation programming through compensating automata. In: ECEASST, vol. 58 (2013)
Colombo, C., Pace, G.J.: Comprehensive monitor-oriented compensation programming. In: FESCA, vol. 147, pp. 47–61. EPTCS (2014)
Colombo, C., Pace, G.J., Abela, P.: Compensation-aware runtime monitoring. In: Barringer, H., Falcone, Y., Finkbeiner, B., Havelund, K., Lee, I., Pace, G., Roşu, G., Sokolsky, O., Tillmann, N. (eds.) RV 2010. LNCS, vol. 6418, pp. 214–228. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16612-9_17
Colombo, C., Pace, G.J., Schneider, G.: Safe runtime verification of real-time properties. In: 7th International Conference Formal Modeling and Analysis of Timed Systems, FORMATS 2009, pp. 103–117 (2009)
de Boer, F.S., de Gouw, S., Johnsen, E.B., Kohn, A., Wong, P.Y.H.: Run-time assertion checking of data- and protocol-oriented properties of Java programs: an industrial case study. In: Chiba, S., Tanter, É., Bodden, E., Maoz, S., Kienzle, J. (eds.) Transactions on Aspect-Oriented Software Development XI. LNCS, vol. 8400, pp. 1–26. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55099-7_1
Falcone, Y., Havelund, K., Reger, G.: A tutorial on runtime verification. In: Broy, M., Peled, D.A., Kalus, G. (eds.) Engineering Dependable Software Systems, vol. 34. NATO Science for Peace and Security Series, D: Information and Communication Security, pp. 141–175. IOS Press (2013)
Fröwis, M., Böhme, R.: In code we trust? In: Garcia-Alfaro, J., Navarro-Arribas, G., Hartenstein, H., Herrera-JoancomartÃ, J. (eds.) Data Privacy Management. Cryptocurrencies and Blockchain Technology, pp. 357–372. Springer, Cham (2017)
Fuchs, N.E.: Specifications are (preferably) executable. Softw. Eng. J. 7(5), 323–334 (1992)
Grech, N., Kong, M., Jurisevic, A., Lexi, B., Scholz, B., Smaragdakis, Y.: Madmax: surviving out-of-gas conditions in Ethereum smart contracts. In: PACMPL, (OOPSLA) (2018)
Grishchenko, I., Maffei, M., Schneidewind, C.: Foundations and tools for the static analysis of ethereum smart contracts. In: Chockler, H., Weissenbacher, G. (eds.) Computer Aided Verification, pp. 51–78. Springer, Cham (2018)
Hayes, I., Jones, C.B.: Specifications are not (necessarily) executable. Softw. Eng. J. 4(6), 330–338 (1989)
Hirai, Y.: Defining the ethereum virtual machine for interactive theorem provers. In: Brenner, M., Rohloff, K., Bonneau, J., Miller, A., Ryan, P.Y., Teague, V., Bracciali, A., Sala, M., Pintore, F., Jakobsson, M. (eds.) Financial Cryptography and Data Security, pp. 520–535. Springer, Cham (2017)
Kalra, S., Goel, S., Dhawan, M., Sharma, S.: ZEUS: analyzing safety of smart contracts. In: 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, 18–21 February 2018
Lessig, L.: Code 2.0. CreateSpace, 2nd edn. Paramount (2009)
Leucker, M., Schallhart, C.: A brief account of runtime verification. J. Log. Algebr. Program. 78(5), 293–303 (2009)
Luu, L., Chu, D.-H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 254–269, New York, NY, USA. ACM (2016)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008). https://bitcoin.org/bitcoin.pdf
Nikolic, I., Kolluri, A., Sergey, I., Saxena, P., Hobor, A.: Finding the greedy, prodigal, and suicidal contracts at scale. CoRR, abs/1802.06038 (2018)
Park, D., Zhang, Y., Saxena, M., Daian, P., RoÅŸu, G.: A formal verification tool for Ethereum VM Bytecode. In: Proceedings of the 26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2018). ACM, November 2018
Reger, G.: An overview of MarQ. In: Falcone, Y., Sánchez, C. (eds.) RV 2016. LNCS, vol. 10012, pp. 498–503. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46982-9_34
Szabo, N.: Smart contracts: building blocks for digital markets. Extropy, vol. 16 (1996)
Vogelsteller, F.: ERC-20 Token Standard (2005). https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20.md
Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Proj. Yellow Pap. 151, 1–32 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Azzopardi, S., Ellul, J., Pace, G.J. (2018). Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond. In: Colombo, C., Leucker, M. (eds) Runtime Verification. RV 2018. Lecture Notes in Computer Science(), vol 11237. Springer, Cham. https://doi.org/10.1007/978-3-030-03769-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-03769-7_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-03768-0
Online ISBN: 978-3-030-03769-7
eBook Packages: Computer ScienceComputer Science (R0)