Abstract
Smart contracts have recently attracted much attention from industry as they aim to assure anonymous distributed secure transactions. It also becomes clear that they are not immune to code vulnerabilities. As smart contracts cannot be patched once deployed, it is crucial to verify their correctness before deployment. Existing approaches mainly focus on testing and bounded verification which do not guarantee the correctness of smart contracts. In this work, we develop a formal verifier called sVerify for Solidity smart contracts based on a combination of lazy annotation and automatic loop invariant learning techniques. The latter is essential as explicit or implicit loops (due to fallback function calls) are common in smart contracts. Patterns and features which are specific to smart contracts are used to facilitate invariant learning. sVerify has been evaluated with 4670 Solidity smart contracts, and the evaluation result shows that sVerify is effective and reasonably efficient for verifying smart contracts .
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
We omit the details on the content of the stack for brevity.
- 2.
Due to the page limit, only a core set of rules are presented here.
- 3.
Necessary assertions regarding overflow and reentrancy are inserted manually.
- 4.
Details and benchmarks can be found at https://doi.org/10.5281/zenodo.5168441.
References
Dao (2016). https://www.coindesk.com/understanding-dao-hack-journalists
Akca, S., Rajan, A., Peng, C.: SolAnalyser: a framework for analysing and testing smart contracts, pp. 482–489 (2019). https://doi.org/10.1109/APSEC48747.2019.00071
Albert, E., Correas, J., Gordillo, P., Román-Díez, G., Rubio, A.: Analyzing smart contracts: from EVM to a sound control-flow graph. arXiv preprint arXiv:2004.14437 (2020)
Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Gollamudi, A., Gonthier, G., Kobeissi, N.: Formal verification of smart contracts: short paper. In: PLAS, pp. 91–96. ACM (2016)
Chang, C.C., Lin, C.J.: LIBSVM: a library for support vector machines. ACM TIST 2, 27:1–27:27 (2011). http://www.csie.ntu.edu.tw/~cjlin/libsvm
Chang, J., Gao, B., Xiao, H., Sun, J., Cai, Y., Yang, Z.: sCompile: critical path identification and analysis for smart contracts. In: Ait-Ameur, Y., Qin, S. (eds.) ICFEM 2019. LNCS, vol. 11852, pp. 286–304. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32409-4_18
Clarke, E., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement for symbolic model checking. J. ACM 50(5), 752–794 (2003)
ConsenSys: Mythril: Security analysis of ethereum smart contracts (2018). https://github.com/ConsenSys/mythril. Accessed 30 May 2019. online
CVE: CVE list. https://cve.mitre.org/data/downloads/index.html. Accessed 4 June 2021
Dillig, I., Dillig, T., Li, B., McMillan, K.: Inductive invariant generation via abductive inference. In: OOPSLA, pp. 443–456 (2013)
Flanagan, C., Qadeer, S.: Predicate abstraction for software verification. In: POPL, pp. 191–202. ACM (2002)
Haber, S., Stornetta, W.S.: How to time-stamp a digital document. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 437–455. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-38424-3_32
Hajdu, Á., Jovanović, D.: solc-verify: a modular verifier for solidity smart contracts. In: Chakraborty, S., Navas, J.A. (eds.) VSTTE 2019. LNCS, vol. 12031, pp. 161–179. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-41600-3_11
Jiang, B., Liu, Y., Chan, W.: ContractFuzzer: fuzzing smart contracts for vulnerability detection, pp. 259–269 (2018). https://doi.org/10.1145/3238147.3238177
Kalra, S., Goel, S., Dhawan, M., Sharma, S.: ZEUS: analyzing safety of smart contracts. In: NDSS. The Internet Society (2018)
Lamport, L.: Time, clocks, and the ordering of events in a distributed system. Commun. ACM 21(7), 558–565 (1978)
Li, J., Sun, J., Li, L., Le, Q.L., Lin, S.: Automatic loop-invariant generation and refinement through selective sampling. In: ASE, pp. 782–792 (2017)
Lin, S., Sun, J., Nguyen, T.K., Liu, Y., Dong, J.S.: Interpolation guided compositional verification (t). In: ASE, pp. 65–74 (2015)
Lin, S.: K-framework Solidity (2018). https://github.com/kframework/solidity-semantics
Luu, L., Chu, D.H., Olickel, H., Saxena, P.: Making smart contracts smarter. In: CCS, pp. 254–269. ACM (2016)
McMillan, K.L.: Lazy annotation for program testing and verification. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 104–118. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14295-6_10
Mossberg, M., Manzano, F., Hennenfent, E., Groce, A.: Manticore: a user-friendly symbolic execution framework for binaries and smart contracts. In: ASE, pp. 1186–1189. IEEE (2019)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Technical report, Manubot (2019)
Nikolic, I., Kolluri, A., Sergey, I., Saxena, P., Hobor, A.: Finding the greedy, prodigal, and suicidal contracts at scale. In: ACSAC, pp. 653–663. ACM (2018)
Permenev, A., Dimitrov, D., Tsankov, P., Drachsler-Cohen, D., Vechev, M.: VerX: safety verification of smart contract. In: IEEE Symposium on Security and Privacy (2020)
Quinlan, J.: C5.0: an informal tutorial (2017). http://www.rulequest.com/see5-unix.html
Tsankov, P., Dan, A., Drachsler-Cohen, D., Gervais, A., Buenzli, F., Vechev, M.: Securify: practical security analysis of smart contracts. In: CCS, pp. 67–82. ACM (2018)
Wang, Y., et al.: Formal verification of workflow policies for smart contracts in azure blockchain. In: Chakraborty, S., Navas, J.A. (eds.) VSTTE 2019. LNCS, vol. 12031, pp. 87–106. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-41600-3_7
Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper 151, 1–32 (2014)
Wüstholz, V., Christakis, M.: Harvey: a greybox fuzzer for smart contracts. In: ESEC/FSE, pp. 1398–1409 (2020)
Zhu, H., Magill, S., Jagannathan, S.: A data-driven CHC solver. In: PLDI, pp. 707–721. ACM (2018)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Gao, B., Shi, L., Li, J., Chang, J., Sun, J., Yang, Z. (2021). sVerify: Verifying Smart Contracts Through Lazy Annotation and Learning. In: Margaria, T., Steffen, B. (eds) Leveraging Applications of Formal Methods, Verification and Validation. ISoLA 2021. Lecture Notes in Computer Science(), vol 13036. Springer, Cham. https://doi.org/10.1007/978-3-030-89159-6_28
Download citation
DOI: https://doi.org/10.1007/978-3-030-89159-6_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-89158-9
Online ISBN: 978-3-030-89159-6
eBook Packages: Computer ScienceComputer Science (R0)