Skip to main content
Springer Nature Link
Log in

Model-Based Static and Runtime Verification for Ethereum Smart Contracts

  • Conference paper
  • First Online:
Model-Driven Engineering and Software Development (MODELSWARD 2020)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1361))

Abstract

Distributed ledger technologies, e.g. blockchains, are an innovative solution to the problem of trust between different parties. Smart contracts, programs executing on these ledgers present new challenges given their non-traditional execution context – blockchains. The immutability of smart contracts once they are deployed makes their pre-deployment correctness essential. This can be achieved through verification methods, which attempt to answer conclusively whether the code respects some specification. Another approach is model-driven development, where the specification is used directly to create a correct-by-const-ruction implementation. A specification may however still need to be verified to ensure it satisfies some properties. Verifying properties pre-deployment is ideal, however it may not always be possible to do completely, depending on the complexity of the smart contract. Traditionally upon failure of a verification attempt the only option is to attempt a different verification method. Recent approaches instead enable the transformation of the verification problem into a smaller problem, reducing the load of subsequent verification attempts. We have previously proposed an automata-theoretic approach to reason systematically about this kind of residual analysis for (co-)safety properties, while we have implemented an intraprocedural data-flow approach for Java programs. In this paper we extend our approach for Solidity smart contracts, present a corresponding tool, evaluate the approach with several new case studies, and compare it with existing approaches.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://solidity.readthedocs.io/.

  2. 2.

    https://www.github.com/shaunazzopardi/solidity-static-analysis.

  3. 3.

    is used to denote a partial function.

  4. 4.

    In this paper we will be limiting our analysis to when this is finite, which is sufficient for smart contracts.

  5. 5.

    Here we use the otherwise condition for simplicity to denote the situation when no other rule applies.

  6. 6.

    \(out : \mathbf{CFA} \rightarrow 2^\varSigma \) is the function that returns the set of events used shallowly in CFAs of P that are not the input CFA.

  7. 7.

    https://www.github.com/shaunazzopardi/solidity-static-analysis.

  8. 8.

    Available at https://www.github.com/shaunazzopardi/solidity-static-analysis.

References

  1. Ahrendt, W., et al.: Verification of smart contract business logic - exploiting a Java source code verifier. In: Hojjat, H., Massink, M. (eds.) Fundamentals of Software Engineering - 8th International Conference, FSEN 2019, Tehran, Iran, May 1–3, 2019, Revised Selected Papers. Lecture Notes in Computer Science, vol. 11761, pp. 228–243. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-030-31517-7_16

  2. Ahrendt, W., Pace, G.J., Schneider, G.: A unified approach for static and runtime verification: framework and applications. In: Margaria, T., Steffen, B. (eds.) Leveraging Applications of Formal Methods, Verification and Validation - 5th International Symposium, ISoLA 2012, Heraklion, Crete, Greece, Proceedings, Part I. LNCS, vol. 7609, pp. 312–326. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34026-0_24

  3. Albert, E., Correas, J., Gordillo, P., Román-Díez, G., Rubio, A.: SAFEVM: a safety verifier for Ethereum smart contracts. In: Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2019, pp. 386–389. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3293882.3338999

  4. Angelo, M.D., Salzer, G.: A survey of tools for analyzing Ethereum smart contracts. In: IEEE International Conference on Decentralized Applications and Infrastructures, DAPPCON 2019, Newark, CA, USA, April 4–9, 2019, pp. 69–78. IEEE (2019). https://doi.org/10.1109/DAPPCON.2019.00018

  5. Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on Ethereum smart contracts SoK. In: Proceedings of the 6th International Conference on Principles of Security and Trust, vol. 10204, pp. 164–186. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54455-6_8

  6. Azzopardi, S., Colombo, C., Pace, G.: A technique for automata-based verification with residual reasoning. Tech. rep. CS-2019-02, Department of Computer Science, University of Malta (2019). https://www.um.edu.mt/ict/cs/ourresearch/technicalreports

  7. Azzopardi, S., Colombo, C., Pace, G.J.: A model-based approach to combining static and dynamic verification techniques. In: Margaria, T., Steffen, B. (eds.) Leveraging Applications of Formal Methods, Verification and Validation: Foundational Techniques - 7th International Symposium, ISoLA 2016, Imperial, Corfu, Greece, October 10–14, 2016, Proceedings, Part I. Lecture Notes in Computer Science, vol. 9952, pp. 416–430. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47166-2_29

  8. Azzopardi, S., Colombo, C., Pace, G.J.: Control-flow residual analysis for symbolic automata. In: Francalanza, A., Pace, G.J. (eds.) Proceedings Second International Workshop on Pre- and Post-Deployment Verification Techniques, Torino, Italy, 19 September 2017. Electronic Proceedings in Theoretical Computer Science, vol. 254, pp. 29–43. Open Publishing Association (2017). https://doi.org/10.4204/EPTCS.254.3

  9. Azzopardi, S., Colombo, C., Pace, G.J.: A technique for automata-based verification with residual reasoning. In: Model-Driven Engineering and Software Development - 8th International Conference, MODELSWARD 2020, Valletta, Malta, February 25–27, 2020 (2020)

    Google Scholar 

  10. Azzopardi, S., Colombo, C., Pace, G.J.: CLarva: model-based residual verification of java programs. In: Model-Driven Engineering and Software Development - 8th International Conference, MODELSWARD 2020, Valletta, Malta, February 25–27, 2020 (2020)

    Google Scholar 

  11. Azzopardi, S., Ellul, J., Pace, G.J.: Monitoring smart contracts: contractLarva and open challenges beyond. In: Colombo, C., Leucker, M. (eds.) Runtime Verification, pp. 113–137. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03769-7_8

  12. Azzopardi, S., Pace, G.J., Schapachnik, F.: On observing contracts: deontic contracts meet smart contracts. In: Palmirani, M. (ed.) Legal Knowledge and Information Systems - JURIX 2018: The Thirty-first Annual Conference, Groningen, The Netherlands, 12–14 December 2018. Frontiers in Artificial Intelligence and Applications, vol. 313, pp. 21–30. IOS Press (2018). https://doi.org/10.3233/978-1-61499-935-5-21

  13. Barrett, C., Stump, A., Tinelli, C.: The SMT-LIB standard: version 2.0. In: Gupta, A., Kroening, D. (eds.) Proceedings of the 8th International Workshop on Satisfiability Modulo Theories, Edinburgh, UK (2010)

    Google Scholar 

  14. Beyer, D., Henzinger, T.A., Keremoglu, M.E., Wendler, P.: Conditional model checking: a technique to pass information between verifiers. In: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, FSE 2012, pp. 57:1–57:11. ACM, New York (2012). https://doi.org/10.1145/2393596.2393664

  15. Beyer, D., Jakobs, M.C., Lemberger, T., Wehrheim, H.: Reducer-based construction of conditional verifiers. In: Proceedings of the 40th International Conference on Software Engineering, ICSE 2018, pp. 1182–1193. ACM, New York (2018). https://doi.org/10.1145/3180155.3180259

  16. Bodden, E., Lam, P.: Clara: partially evaluating runtime monitors at compile time. In: Barringer, H., et al. (eds.) Runtime Verification. RV 2010. Lecture Notes in Computer Science, vol. 6418. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16612-9_8

  17. Dwyer, M.B., Purandare, R.: Residual dynamic typestate analysis exploiting static analysis: results to reformulate and reduce the cost of dynamic analysis. In: Proceedings of the Twenty-Second IEEE/ACM International Conference on Automated Software Engineering, ASE 2007, pp. 124–133. ACM, New York (2007). https://doi.org/10.1145/1321631.1321651

  18. Dwyer, M.B., Purandare, R.: Residual checking of safety properties. In: Havelund, K., Majumdar, R., Palsberg, J. (eds.) Model Checking Software. SPIN 2008. Lecture Notes in Computer Science, vol. 5156. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85114-1_1

  19. Ellul, J., Pace, G.J.: Runtime verification of Ethereum smart contracts. In: 14th European Dependable Computing Conference, EDCC 2018, Iaşi, Romania, September 10–14, 2018, pp. 158–163. IEEE Computer Society (2018). https://doi.org/10.1109/EDCC.2018.00036

  20. Falcone, Y., Krstić, S., Reger, G., Traytel, D.: A taxonomy for classifying runtime verification tools. In: Colombo, C., Leucker, M. (eds.) Runtime Verification. RV 2018. Lecture Notes in Computer Science, vol. 11237. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03769-7_14

  21. Hildenbrandt, E., et al.: KEVM: a complete formal semantics of the Ethereum virtual machine. In: 31st IEEE Computer Security Foundations Symposium, CSF 2018, Oxford, United Kingdom, July 9–12, 2018, pp. 204–217. IEEE Computer Society (2018). https://doi.org/10.1109/CSF.2018.00022

  22. Li, A., Choi, J.A., Long, F.: Securing smart contract with runtime validation. In: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2020, pp. 438–453. Association for Computing Machinery, New York (2020). https://doi.org/10.1145/3385412.3385982

  23. Mavridou, A., Laszka, A.: Designing secure Ethereum smart contracts: a finite state machine based approach. In: Meiklejohn, S., Sako, K. (eds.) Financial Cryptography and Data Security - 22nd International Conference, FC 2018, Nieuwpoort, Curaçao, February 26–March 2, 2018, Revised Selected Papers. Lecture Notes in Computer Science, vol. 10957, pp. 523–540. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-662-58387-6_28

  24. Mavridou, A., Laszka, A., Stachtiari, E., Dubey, A.: VeriSolid: correct-by-design smart contracts for Ethereum. In: Goldberg, I., Moore, T. (eds.) Financial Cryptography and Data Security, pp. 446–465. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32101-727

  25. de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) Tools and Algorithms for the Construction and Analysis of Systems. TACAS 2008. Lecture Notes in Computer Science, vol. 4963. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78800-3_24

  26. Osterland, T., Rose, T.: Model checking smart contracts for Ethereum. Pervasive Mob. Comput. 63, 101129 (2020). https://doi.org/10.1016/j.pmcj.2020.101129

    Article  Google Scholar 

  27. Park, D., Zhang, Y., Saxena, M., Daian, P., Roşu, G.: A formal verification tool for Ethereum VM bytecode. In: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2018, pp. 912–915. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3236024.3264591

  28. Permenev, A., Dimitrov, D., Tsankov, P., Drachsler-Cohen, D., Vechev, M.: VerX: safety verification of smart contracts. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 414–430. IEEE Computer Society, Los Alamitos (May 2020)

    Google Scholar 

  29. Tran, A.B., Lu, Q., Weber, I.: Lorikeet: a model-driven engineering tool for blockchain-based business process execution and asset management. In: van der Aalst, W.M.P., et al. (eds.) Proceedings of the Dissertation Award, Demonstration, and Industrial Track at BPM 2018 Co-located with 16th International Conference on Business Process Management (BPM 2018), Sydney, Australia, September 9–14, 2018. CEUR Workshop Proceedings, vol. 2196, pp. 56–60. CEUR-WS.org (2018)

    Google Scholar 

  30. Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Proj. Yellow Pap. 151, 1–32 (2014)

    Google Scholar 

  31. Xu, X., Weber, I., Staples, M.: Model-driven engineering for blockchain applications. In: Architecture for Blockchain Applications. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-03035-3_8

  32. Zhang, Y., Ma, S., Li, J., Li, K., Nepal, S., Gu, D.: Smartshield: automatic smart contract protection made easy. In: 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER), pp. 23–34 (February 2020). https://doi.org/10.1109/SANER48275.2020.9054825

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Malta, Msida, Malta

    Shaun Azzopardi, Christian Colombo & Gordon Pace

Authors
  1. Shaun Azzopardi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christian Colombo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gordon Pace
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shaun Azzopardi .

Editor information

Editors and Affiliations

  1. Siège du Groupe ESEO, Angers Cedex 02, France

    Slimane Hammoudi

  2. University of Twente, Enschede, The Netherlands

    Luís Ferreira Pires

  3. Malina Software Corp., Nepean, ON, Canada

    Bran Selić

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Azzopardi, S., Colombo, C., Pace, G. (2021). Model-Based Static and Runtime Verification for Ethereum Smart Contracts. In: Hammoudi, S., Pires, L.F., Selić, B. (eds) Model-Driven Engineering and Software Development. MODELSWARD 2020. Communications in Computer and Information Science, vol 1361. Springer, Cham. https://doi.org/10.1007/978-3-030-67445-8_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-67445-8_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-67444-1

  • Online ISBN: 978-3-030-67445-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics