Abstract
Combined with smart contracts, the application of blockchain techniques has grown faster and broader. However, it is very difficult to write secure and functionally correct smart contracts because of the openness of blockchain platforms. Formal verification, such as model checking, has been proven to be an effective way of guaranteeing security and correctness of systems. In this paper, we propose a novel model checking based framework, called mcVer, to support the verification of smart contracts written in Solidity. Built on model checking tool VERDS, the mcVer framework is able to verify not only safety properties but also liveness properties of smart contracts. For the properties that are not satisfied, mcVer produces a counter example by showing a sequence of statements in the original Solidity program as a hint for fault localization. We implemented the automatic transformation from a subset of the Solidity language to the modeling language of VERDS, that therefore provides automatic verification for smart contracts. Experiments are carried out on various cases, including checking contracts for finding typical security vulnerabilities and verifying properties of an access control smart contract. The experimental results demonstrate the flexibility and efficiency of mcVer.
This work is partially supported by the National Natural Science Foundation of China (No. 62072443).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
https://solidity-cn.readthedocs.io/zh/develop/solidity-by-example.html
https://bitcoinist.com/smart-contract-bug-disable-icon-icx-transfers/
https://blog.csdn.net/programmer_cjc/article/details/85987234
Analysis of the DAO exploit. https://hackingdistributed.com/2016/06/18/analysis-of-the-dao-exploit/
Dataset for mcver. https://gitee.com/fmpa/dataset-for-mcVer
Transaction order dependence. https://swcregistry.io/docs/swc-114
Albert, E., Correas, J., Gordillo, P., Román-Díez, G., Rubio, A.: SAFEVM: a safety verifier for Ethereum smart contracts. In: Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 386–389 (2019)
Alqahtani, S., He, X., Gamble, R., Mauricio, P.: Formal verification of functional requirements for smart contract compositions in supply chain management systems. In: Proceedings of the 53rd Hawaii International Conference on System Sciences (2020)
Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on ethereum smart contracts (SoK). In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 164–186. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54455-6_8
Beyer, D., Keremoglu, M.E.: CPAchecker: a tool for configurable software verification. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 184–190. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22110-1_16
Bhargavan, K., et al.: Formal verification of smart contracts: short paper. In: Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, pp. 91–96 (2016)
Brent, L., Grech, N., Lagouvardos, S., Scholz, B., Smaragdakis, Y.: Ethainter: a smart contract security analyzer for composite vulnerabilities. In: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 454–469 (2020)
Chen, R., Zhang, W.: Checking multi-agent systems against temporal-epistemic specifications. In: the 24th International Conference on Engineering of Complex Computer Systems, pp. 21–30. IEEE (2019)
Cimatti, A., Clarke, E., Giunchiglia, F., Roveri, M.: NUSMV: a new symbolic model checker. Int. J. Softw. Tools Technol. Transf. 2(4), 410–425 (2000)
Clarke, E.M., Wing, J.M.: Formal methods: state of the art and future directions. ACM Comput. Surv. (CSUR) 28(4), 626–643 (1996)
Costello, K.: Gartner predicts 90% of current enterprise blockchain platform implementations will require replacement by 2021 (2019). https://www.gartner.com/en/newsroom/press-releases/2019-07-03-gartner-predicts-90-of-current-enterprise-blockchain
Clarke Jr., E.M., Grumberg, O., Kroening, D., Peled, D., Veith, H.: Model Checking, 2nd edn. MIT Press, Cambridge (2018)
Feist, J., Grieco, G., Groce, A.: Slither: a static analysis framework for smart contracts. In: 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), pp. 8–15. IEEE (2019)
Filliâtre, J.-C., Paskevich, A.: Why3—where programs meet provers. In: Felleisen, M., Gardner, P. (eds.) ESOP 2013. LNCS, vol. 7792, pp. 125–128. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37036-6_8
Frank, J., Aschermann, C., Holz, T.: ETHBMC: a bounded model checker for smart contracts. In: 29th USENIX Security Symposium, pp. 2757–2774 (2020)
Grieco, G., Song, W., Cygan, A., Feist, J., Groce, A.: Echidna: effective, usable, and fast fuzzing for smart contracts. In: Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 557–560 (2020)
Hegedűs, P.: Towards analyzing the complexity landscape of solidity based ethereum smart contracts. Technologies 7(1), 6 (2019)
Hirai, Y.: Formal verification of deed contract in ethereum name service, November 2016. https://yoichihirai.com/deed.pdf
Hirai, Y.: Defining the ethereum virtual machine for interactive theorem provers. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 520–535. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_33
Kalra, S., Goel, S., Dhawan, M., Sharma, S.: ZEUS: analyzing safety of smart contracts. In: Network and Distributed Systems Security (NDSS) Symposium, pp. 1–12 (2018)
Liu, Y., Li, Y., Lin, S.W., Zhao, R.: Towards automated verification of smart contract fairness. In: Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 666–677 (2020)
Luu, L., Chu, D.H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269 (2016)
Manna, Z., Pnueli, A.: The Temporal Logic of Reactive and Concurrent Systems: Specification. Springer, New York (2012). https://doi.org/10.1007/978-1-4612-0931-7
Mavridou, A., Laszka, A., Stachtiari, E., Dubey, A.: VeriSolid: correct-by-design smart contracts for ethereum. In: Goldberg, I., Moore, T. (eds.) FC 2019. LNCS, vol. 11598, pp. 446–465. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32101-7_27
Mossberg, M., et al.: Manticore: a user-friendly symbolic execution framework for binaries and smart contracts. In: 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 1186–1189 (2019)
Mulligan, D.P., Owens, S., Gray, K.E., Ridge, T., Sewell, P.: Lem: reusable engineering of real-world semantics. In: the 19th ACM SIGPLAN international conference on Functional programming, pp. 175–188 (2014)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Technical report, Manubot (2019)
Nehaï, Z., Piriou, P., Daumas, F.: Model-checking of smart contracts. In: IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp. 980–987
Nehai, Z., Bobot, F.: Deductive proof of ethereum smart contracts using why3. arXiv preprint arXiv:1904.11281 (2019)
Nipkow, T., Wenzel, M., Paulson, L.C.: Isabelle/HOL – A Proof Assistant for Higher-Order Logic. LNCS, vol. 2283. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45949-9
Permenev, A., Dimitrov, D., Tsankov, P., Drachsler-Cohen, D., Vechev, M.: VerX: safety verification of smart contracts. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1661–1677 (2020)
Sergey, I., Hobor, A.: A concurrent perspective on smart contracts. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 478–493. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_30
So, S., Lee, M., Park, J., Lee, H., Oh, H.: VeriSmart: a highly precise safety verifier for ethereum smart contracts. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1678–1694 (2020)
Swamy, N., et al.: Dependent types and multi-monadic effects in F. In: Proceedings of the 43rd annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 256–270 (2016)
Szabo, N.: Formalizing and securing relationships on public networks. First Monday 2(9) (1997). https://firstmonday.org/ojs/index.php/fm/article/view/548
Thomson, I.: Parity: the bug that put \$169m of ethereum on ice? Yeah, it was on the todo list for months (2017). https://www.theregister.com/2017/11/16/parity_flaw_not_fixed/
Thomson, I.: Mythril classic: security analysis tool for ethereum smart contracts (2018). https://github.com/ConsenSys/mythril
Tikhomirov, S., Voskresenskaya, E., Ivanitskiy, I., Takhaviev, R., Marchenko, E., Alexandrov, Y.: SmartCheck: static analysis of ethereum smart contracts. In: Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain, pp. 9–16 (2018)
Tolmach, P., Li, Y., Lin, S.W., Liu, Y., Li, Z.: A survey of smart contract formal specification and verification. ACM Comput. Surv. 54(7), 1–38 (2022)
Tsankov, P., Dan, A., Drachsler-Cohen, D., Gervais, A., Buenzli, F., Vechev, M.: Securify: Practical security analysis of smart contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 67–82 (2018)
Wang, S., Zhang, C., Su, Z.: Detecting nondeterministic payment bugs in ethereum smart contracts. Proc. ACM Program. Lang. 3, Article 189 (2019)
Wood, G., et al.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum project yellow paper 151, 1–32 (2014)
Wüstholz, V., Christakis, M.: Harvey: a greybox fuzzer for smart contracts. In: Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 1398–1409 (2020)
Zeng, N., Zhang, W.: An executable semantics of SystemC transaction level models and its applications with VERDS. In: the 19th International Conference on Engineering of Complex Computer Systems, pp. 198–201 (2014)
Zhang, W.: VERDS: verification of hierarchical discrete systems by symbolic techniques. Manuscript (2013). http://lcs.ios.ac.cn/~zwh/verds
Zhang, Y., Kasahara, S., Shen, Y., Jiang, X., Wan, J.: Smart contract-based access control for the internet of things. IEEE Internet Things J. 6(2), 1594–1605 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Bao, Y., Zhu, XY., Zhang, W., Shen, W., Sun, P., Zhao, Y. (2022). On Verification of Smart Contracts via Model Checking. In: Aït-Ameur, Y., Crăciun, F. (eds) Theoretical Aspects of Software Engineering. TASE 2022. Lecture Notes in Computer Science, vol 13299. Springer, Cham. https://doi.org/10.1007/978-3-031-10363-6_7
Download citation
DOI: https://doi.org/10.1007/978-3-031-10363-6_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-10362-9
Online ISBN: 978-3-031-10363-6
eBook Packages: Computer ScienceComputer Science (R0)