Abstract
We introduce Featherweight Solidity, a calculus formalizing the core features of the Solidity language, thus providing a fundamental step to reason about safety properties of smart contracts’ source code. The formalization includes a static type system that represents the foundation of the Solidity compiler. We show that it prevents some errors whereas many others, such as accesses to a non existing function or state variable, are only detected at runtime and cause interruption and rolling-back of transactions. We then propose a refinement of the type system that is retro-compatible with original Solidity code, and statically captures more errors, such as unsafe casts and unsafe call-back expressions.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
In the examples, we use additional constructs, such as loops, booleans and key-value mappings (for the standard formalization see [6]).
- 2.
In some cases Solidity tries to convert values from the provided to the expected type, but no documentation about the precise behavior is available.
References
Solidity. https://solidity.readthedocs.io/en/develop/index.html. Release 0.4.25
Alt, L., Reitwiessner, C.: SMT-based verification of solidity smart contracts. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11247, pp. 376–388. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03427-6_28
Amani, S., Bégel, M., Bortin, M., Staples, M.: Towards verifying Ethereum smart contract bytecode in Isabelle/HOL. In: Certified Programs and Proofs, pp. 66–77. ACM (2018)
Bhargavan, K., et al.: Formal verification of smart contracts: short paper. In: ACM Workshop on Programming Languages and Analysis for Security, pp. 91–96. ACM (2016)
Buterin, V.: A next-generation smart contract and decentralized application platform (white paper). Technical report (2014)
Di Pirro, M.: How solid is Solidity? An in-dept study of solidity’s type safety. Master’s thesis, Università di Padova, September 2018. http://tesi.cab.unipd.it/61297/
Grishchenko, I., Maffei, M., Schneidewind, C.: A semantic framework for the security analysis of Ethereum smart contracts. In: Bauer, L., Küsters, R. (eds.) POST 2018. LNCS, vol. 10804, pp. 243–269. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89722-6_10
Hildenbrandt, E., et al.: KEVM: a complete formal semantics of the Ethereum virtual machine. In: Computer Security Foundations Symposium, CSF, pp. 204–217 (2018)
Igarashi, A., Pierce, B.C., Wadler, P.: Featherweight Java: a minimal core calculus for Java and GJ. ACM TOPLAS 23(3), 396–450 (2001)
Kalra, S., Goel, S., Dhawan, M., Sharma, S.: ZEUS: analyzing safety of smart contracts. In: Network and Distributed System Security Symposium (2018)
Lattner, C., Adve, V.: LLVM: a compilation framework for lifelong program analysis & transformation. In: Code generation and optimization: feedback-directed and runtime optimization, p. 75. IEEE (2004)
Shishkin, E.: Debugging smart contract’s business logic using symbolic model-checking. arXiv preprint arXiv:1812.00619 (2018)
Tikhomirov, S., Voskresenskaya, E., Ivanitskiy, I., Takhaviev, R., Marchenko, E., Alexandrov, Y.: SmartCheck: static analysis of Ethereum smart contracts. In: Workshop on Emerging Trends in Software Engineering for Blockchain, pp. 9–16 (2018)
Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Proj. Yellow Pap. 151, 1–32 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 International Financial Cryptography Association
About this paper
Cite this paper
Crafa, S., Di Pirro, M., Zucca, E. (2020). Is Solidity Solid Enough?. In: Bracciali, A., Clark, J., Pintore, F., Rønne, P., Sala, M. (eds) Financial Cryptography and Data Security. FC 2019. Lecture Notes in Computer Science(), vol 11599. Springer, Cham. https://doi.org/10.1007/978-3-030-43725-1_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-43725-1_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-43724-4
Online ISBN: 978-3-030-43725-1
eBook Packages: Computer ScienceComputer Science (R0)