Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Theoretical Aspects of Software Engineering

TASE 2022: Theoretical Aspects of Software Engineering pp 92–112Cite as

On Verification of Smart Contracts via Model Checking

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13299))

Abstract

Combined with smart contracts, the application of blockchain techniques has grown faster and broader. However, it is very difficult to write secure and functionally correct smart contracts because of the openness of blockchain platforms. Formal verification, such as model checking, has been proven to be an effective way of guaranteeing security and correctness of systems. In this paper, we propose a novel model checking based framework, called mcVer, to support the verification of smart contracts written in Solidity. Built on model checking tool VERDS, the mcVer framework is able to verify not only safety properties but also liveness properties of smart contracts. For the properties that are not satisfied, mcVer produces a counter example by showing a sequence of statements in the original Solidity program as a hint for fault localization. We implemented the automatic transformation from a subset of the Solidity language to the modeling language of VERDS, that therefore provides automatic verification for smart contracts. Experiments are carried out on various cases, including checking contracts for finding typical security vulnerabilities and verifying properties of an access control smart contract. The experimental results demonstrate the flexibility and efficiency of mcVer.

This work is partially supported by the National Natural Science Foundation of China (No. 62072443).

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. https://solidity-cn.readthedocs.io/zh/develop/solidity-by-example.html

  2. https://bitcoinist.com/smart-contract-bug-disable-icon-icx-transfers/

  3. https://blog.csdn.net/programmer_cjc/article/details/85987234

  4. Analysis of the DAO exploit. https://hackingdistributed.com/2016/06/18/analysis-of-the-dao-exploit/

  5. Dataset for mcver. https://gitee.com/fmpa/dataset-for-mcVer

  6. Transaction order dependence. https://swcregistry.io/docs/swc-114

  7. Albert, E., Correas, J., Gordillo, P., Román-Díez, G., Rubio, A.: SAFEVM: a safety verifier for Ethereum smart contracts. In: Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 386–389 (2019)

    Google Scholar 

  8. Alqahtani, S., He, X., Gamble, R., Mauricio, P.: Formal verification of functional requirements for smart contract compositions in supply chain management systems. In: Proceedings of the 53rd Hawaii International Conference on System Sciences (2020)

    Google Scholar 

  9. Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on ethereum smart contracts (SoK). In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 164–186. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54455-6_8

    Chapter  Google Scholar 

  10. Beyer, D., Keremoglu, M.E.: CPAchecker: a tool for configurable software verification. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 184–190. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22110-1_16

    Chapter  Google Scholar 

  11. Bhargavan, K., et al.: Formal verification of smart contracts: short paper. In: Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, pp. 91–96 (2016)

    Google Scholar 

  12. Brent, L., Grech, N., Lagouvardos, S., Scholz, B., Smaragdakis, Y.: Ethainter: a smart contract security analyzer for composite vulnerabilities. In: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 454–469 (2020)

    Google Scholar 

  13. Chen, R., Zhang, W.: Checking multi-agent systems against temporal-epistemic specifications. In: the 24th International Conference on Engineering of Complex Computer Systems, pp. 21–30. IEEE (2019)

    Google Scholar 

  14. Cimatti, A., Clarke, E., Giunchiglia, F., Roveri, M.: NUSMV: a new symbolic model checker. Int. J. Softw. Tools Technol. Transf. 2(4), 410–425 (2000)

    Article  Google Scholar 

  15. Clarke, E.M., Wing, J.M.: Formal methods: state of the art and future directions. ACM Comput. Surv. (CSUR) 28(4), 626–643 (1996)

    Article  Google Scholar 

  16. Costello, K.: Gartner predicts 90% of current enterprise blockchain platform implementations will require replacement by 2021 (2019). https://www.gartner.com/en/newsroom/press-releases/2019-07-03-gartner-predicts-90-of-current-enterprise-blockchain

  17. Clarke Jr., E.M., Grumberg, O., Kroening, D., Peled, D., Veith, H.: Model Checking, 2nd edn. MIT Press, Cambridge (2018)

    Google Scholar 

  18. Feist, J., Grieco, G., Groce, A.: Slither: a static analysis framework for smart contracts. In: 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), pp. 8–15. IEEE (2019)

    Google Scholar 

  19. Filliâtre, J.-C., Paskevich, A.: Why3—where programs meet provers. In: Felleisen, M., Gardner, P. (eds.) ESOP 2013. LNCS, vol. 7792, pp. 125–128. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37036-6_8

    Chapter  Google Scholar 

  20. Frank, J., Aschermann, C., Holz, T.: ETHBMC: a bounded model checker for smart contracts. In: 29th USENIX Security Symposium, pp. 2757–2774 (2020)

    Google Scholar 

  21. Grieco, G., Song, W., Cygan, A., Feist, J., Groce, A.: Echidna: effective, usable, and fast fuzzing for smart contracts. In: Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 557–560 (2020)

    Google Scholar 

  22. Hegedűs, P.: Towards analyzing the complexity landscape of solidity based ethereum smart contracts. Technologies 7(1), 6 (2019)

    Article  MathSciNet  Google Scholar 

  23. Hirai, Y.: Formal verification of deed contract in ethereum name service, November 2016. https://yoichihirai.com/deed.pdf

  24. Hirai, Y.: Defining the ethereum virtual machine for interactive theorem provers. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 520–535. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_33

    Chapter  Google Scholar 

  25. Kalra, S., Goel, S., Dhawan, M., Sharma, S.: ZEUS: analyzing safety of smart contracts. In: Network and Distributed Systems Security (NDSS) Symposium, pp. 1–12 (2018)

    Google Scholar 

  26. Liu, Y., Li, Y., Lin, S.W., Zhao, R.: Towards automated verification of smart contract fairness. In: Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 666–677 (2020)

    Google Scholar 

  27. Luu, L., Chu, D.H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269 (2016)

    Google Scholar 

  28. Manna, Z., Pnueli, A.: The Temporal Logic of Reactive and Concurrent Systems: Specification. Springer, New York (2012). https://doi.org/10.1007/978-1-4612-0931-7

    Book  MATH  Google Scholar 

  29. Mavridou, A., Laszka, A., Stachtiari, E., Dubey, A.: VeriSolid: correct-by-design smart contracts for ethereum. In: Goldberg, I., Moore, T. (eds.) FC 2019. LNCS, vol. 11598, pp. 446–465. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32101-7_27

    Chapter  Google Scholar 

  30. Mossberg, M., et al.: Manticore: a user-friendly symbolic execution framework for binaries and smart contracts. In: 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 1186–1189 (2019)

    Google Scholar 

  31. Mulligan, D.P., Owens, S., Gray, K.E., Ridge, T., Sewell, P.: Lem: reusable engineering of real-world semantics. In: the 19th ACM SIGPLAN international conference on Functional programming, pp. 175–188 (2014)

    Google Scholar 

  32. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Technical report, Manubot (2019)

    Google Scholar 

  33. Nehaï, Z., Piriou, P., Daumas, F.: Model-checking of smart contracts. In: IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp. 980–987

    Google Scholar 

  34. Nehai, Z., Bobot, F.: Deductive proof of ethereum smart contracts using why3. arXiv preprint arXiv:1904.11281 (2019)

  35. Nipkow, T., Wenzel, M., Paulson, L.C.: Isabelle/HOL – A Proof Assistant for Higher-Order Logic. LNCS, vol. 2283. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45949-9

    Book  MATH  Google Scholar 

  36. Permenev, A., Dimitrov, D., Tsankov, P., Drachsler-Cohen, D., Vechev, M.: VerX: safety verification of smart contracts. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1661–1677 (2020)

    Google Scholar 

  37. Sergey, I., Hobor, A.: A concurrent perspective on smart contracts. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 478–493. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_30

    Chapter  Google Scholar 

  38. So, S., Lee, M., Park, J., Lee, H., Oh, H.: VeriSmart: a highly precise safety verifier for ethereum smart contracts. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1678–1694 (2020)

    Google Scholar 

  39. Swamy, N., et al.: Dependent types and multi-monadic effects in F. In: Proceedings of the 43rd annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 256–270 (2016)

    Google Scholar 

  40. Szabo, N.: Formalizing and securing relationships on public networks. First Monday 2(9) (1997). https://firstmonday.org/ojs/index.php/fm/article/view/548

  41. Thomson, I.: Parity: the bug that put \$169m of ethereum on ice? Yeah, it was on the todo list for months (2017). https://www.theregister.com/2017/11/16/parity_flaw_not_fixed/

  42. Thomson, I.: Mythril classic: security analysis tool for ethereum smart contracts (2018). https://github.com/ConsenSys/mythril

  43. Tikhomirov, S., Voskresenskaya, E., Ivanitskiy, I., Takhaviev, R., Marchenko, E., Alexandrov, Y.: SmartCheck: static analysis of ethereum smart contracts. In: Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain, pp. 9–16 (2018)

    Google Scholar 

  44. Tolmach, P., Li, Y., Lin, S.W., Liu, Y., Li, Z.: A survey of smart contract formal specification and verification. ACM Comput. Surv. 54(7), 1–38 (2022)

    Article  Google Scholar 

  45. Tsankov, P., Dan, A., Drachsler-Cohen, D., Gervais, A., Buenzli, F., Vechev, M.: Securify: Practical security analysis of smart contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 67–82 (2018)

    Google Scholar 

  46. Wang, S., Zhang, C., Su, Z.: Detecting nondeterministic payment bugs in ethereum smart contracts. Proc. ACM Program. Lang. 3, Article 189 (2019)

    Google Scholar 

  47. Wood, G., et al.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum project yellow paper 151, 1–32 (2014)

    Google Scholar 

  48. Wüstholz, V., Christakis, M.: Harvey: a greybox fuzzer for smart contracts. In: Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 1398–1409 (2020)

    Google Scholar 

  49. Zeng, N., Zhang, W.: An executable semantics of SystemC transaction level models and its applications with VERDS. In: the 19th International Conference on Engineering of Complex Computer Systems, pp. 198–201 (2014)

    Google Scholar 

  50. Zhang, W.: VERDS: verification of hierarchical discrete systems by symbolic techniques. Manuscript (2013). http://lcs.ios.ac.cn/~zwh/verds

  51. Zhang, Y., Kasahara, S., Shen, Y., Jiang, X., Wan, J.: Smart contract-based access control for the internet of things. IEEE Internet Things J. 6(2), 1594–1605 (2018)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, Beijing, China

    Yulong Bao, Xue-Yang Zhu, Wenhui Zhang, Pengfei Sun & Yingqi Zhao

  2. University of the Chinese Academy of Sciences, Beijing, China

    Yulong Bao, Xue-Yang Zhu, Wenhui Zhang, Pengfei Sun & Yingqi Zhao

  3. Department of Computer Science, Western Michigan University, Kalamazoo, MI, USA

    Wuwei Shen

Authors
  1. Yulong Bao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xue-Yang Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wenhui Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Wuwei Shen
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Pengfei Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yingqi Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xue-Yang Zhu .

Editor information

Editors and Affiliations

  1. IRIT, Toulouse, France

    Yamine Aït-Ameur

  2. Babeș-Bolyai University, Cluj-Napoca, Romania

    Florin Crăciun

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bao, Y., Zhu, XY., Zhang, W., Shen, W., Sun, P., Zhao, Y. (2022). On Verification of Smart Contracts via Model Checking. In: Aït-Ameur, Y., Crăciun, F. (eds) Theoretical Aspects of Software Engineering. TASE 2022. Lecture Notes in Computer Science, vol 13299. Springer, Cham. https://doi.org/10.1007/978-3-031-10363-6_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-10363-6_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-10362-9

  • Online ISBN: 978-3-031-10363-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation