Skip to main content
SpringerLink
Log in

A Framework of Runtime Monitoring for Correct Execution of Smart Contracts

  • Conference paper
  • First Online:
Blockchain – ICBC 2022 (ICBC 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13733))

Included in the following conference series:

Abstract

Smart contracts have been subjected to several attacks that have exploited various vulnerabilities of languages like Solidity, which has resulted in huge financial losses. The functioning and deployment of smart contracts are somewhat different from classical programming environments. Once a smart contract is up and running, changing it, is very complicated and nearly infeasible as the contract is expected to be immutable when created. If we find a defect in a deployed smart contract, a new version of the contract has to be created and deployed with concurrence from the stakeholders. Further, when a new version of an existing contract is deployed, data stored in the previous contract does not get transferred automatically to the newly refined contract. We have to manually initialize the new contract with the past data which makes it very cumbersome and not very trustworthy. As neither updating a contract nor rolling back an update is possible, it greatly increases the complexity of implementation and places a huge responsibility while being deployed initially on the blockchain.

The main rationale for smart contracts has been to enforce contracts safely among the stakeholders. In this paper, we shall discuss a framework for runtime monitoring to prevent the exploitation of a major class of vulnerabilities using the programmers’ annotations given in the smart contracts coded in Solidity. We have chosen several phrases for annotation mimicking declarations of concurrent programming languages so that the underlying run-time monitors can be automatically generated. The annotations simply reflect the intended constraints on the execution of programs relative to the object state relative to observables like method calls, exceptions, etc. Such a framework further adds to the advantage of debugging at the source level as the original structure is preserved and also enhances the trust of the user as the run-time monitoring assertion logs provide a rough proof-outline of the contract.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 44.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 59.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://book.clarity-lang.org.

  2. 2.

    https://docs.casperlabs.io/dapp-dev-guide/writing-contracts/rust/.

  3. 3.

    https://docs.daml.com/daml/reference/interfaces.html.

  4. 4.

    Compiler limits like Stack size limit can also be exploited by adversaries but the current compilers have overcome such exploits.

  5. 5.

    GitHub - trailofbits/manticore: Symbolic execution tool.

  6. 6.

    The requirement for run-time checks for overcoming the re-entrancy vulnerability follows from the decidability issues of the problem of effective call-back free contracts discussed in [17] where the general problem is shown to be undecidable in Turing-complete languages.

  7. 7.

    SafeMath transforms expressions in a binary manner. That is, for exception handling in compound expressions, say, for instance, a + b + c, SafeMath needs to be invoked compositionally.

  8. 8.

    This is a constraint we have enforced for simplicity; we could enforce controls like only one writer is permitted on a shared resource whereas multiple readers are allowed on that shared resource. This will become clear when we discuss nondeterminism in ERC20.

  9. 9.

    https://ethereum.org/en/developers/docs/standards/tokens/erc-20/.

  10. 10.

    https://ethereum.org/en/developers/tutorials/erc20-annotated-code/.

  11. 11.

    https://docs.google.com/document/d/1YLPtQxZu1UAvO9cZ1O2RPXBbT0mooh4DYKjA_jp-RLM/edit#.

  12. 12.

    Snehal Borse, Prateek Patidar Solidity+: Specification Enhanced Solidity to Overcome Vulnerabilities, M.Tech. Dissertation, Department of Computer Science and Engineering, IIT Bombay 2019.

  13. 13.

    https://mythril-classic.readthedocs.io/en/master/about.html.

References

  1. Akentiev, A.: Parity multisig github. https://github.com/paritytech/parity/issues/6995

  2. Amani, S., Bégel, M., Bortin, M., Staples, M.: Towards verifying Ethereum smart contract bytecode in Isabelle/HOL. In: Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs, CPP 2018, pp. 66–77. ACM, New York (2018). https://doi.org/10.1145/3167084

  3. Andrews, G.R., McGraw, J.R.: Language features for process interaction. SIGOPS Oper. Syst. Rev. 11(2), 114–127 (1977). https://doi.org/10.1145/390018.808318

    Article  Google Scholar 

  4. Androulaki, E., et al.: Hyperledger fabric: a distributed operating system for permissioned blockchains. In: Proceedings of the Thirteenth EuroSys Conference, EuroSys 2018, pp. 30:1–30:15 (2018)

    Google Scholar 

  5. Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on Ethereum smart contracts (SoK). In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 164–186. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54455-6_8

    Chapter  Google Scholar 

  6. Bhargavan, K., et al.: Formal verification of smart contracts: short paper. In: Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, PLAS 2016, pp. 91–96. ACM, New York (2016). https://doi.org/10.1145/2993600.2993611

  7. Campbell, R.H., Habermann, A.N.: The specification of process synchronization by path expressions. In: Gelenbe, E., Kaiser, C. (eds.) OS 1974. LNCS, vol. 16, pp. 89–102. Springer, Heidelberg (1974). https://doi.org/10.1007/BFb0029355

    Chapter  Google Scholar 

  8. Crafa, S., Di Pirro, M., Zucca, E.: Is solidity solid enough? In: Bracciali, A., Clark, J., Pintore, F., Rønne, P.B., Sala, M. (eds.) FC 2019. LNCS, vol. 11599, pp. 138–153. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-43725-1_11

    Chapter  Google Scholar 

  9. Das, A., Balzer, S., Hoffmann, J., Pfenning, F.: Resource-aware session types for digital contracts. CoRR abs/1902.06056 (2019)

    Google Scholar 

  10. Dickerson, T., Gazzillo, P., Herlihy, M., Saraph, V., Koskinen, E.: Proof-carrying smart contracts. In: Zohar, A., et al. (eds.) FC 2018. LNCS, vol. 10958, pp. 325–338. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-662-58820-8_22

    Chapter  Google Scholar 

  11. Ellul, J., Pace, G.J.: Runtime verification of Ethereum smart contracts. In: 2018 14th European Dependable Computing Conference (EDCC), pp. 158–163 (2018). https://doi.org/10.1109/EDCC.2018.00036

  12. Ethereum: Solidity documentation (2018). https://solidity.readthedocs.io/

  13. Filliâtre, J.-C., Paskevich, A.: Why3—where programs meet provers. In: Felleisen, M., Gardner, P. (eds.) ESOP 2013. LNCS, vol. 7792, pp. 125–128. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37036-6_8

    Chapter  Google Scholar 

  14. Ghaleb, A., Pattabiraman, K.: How effective are smart contract analysis tools? Evaluating smart contract static analysis tools using bug injection. In: ISSTA 2020. Association for Computing Machinery, New York (2020). https://doi.org/10.1145/3395363.3397385

  15. Grishchenko, I., Maffei, M., Schneidewind, C.: Foundations and tools for the static analysis of Ethereum smart contracts. In: Chockler, H., Weissenbacher, G. (eds.) CAV 2018. LNCS, vol. 10981, pp. 51–78. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96145-3_4

    Chapter  Google Scholar 

  16. Grishchenko, I., Maffei, M., Schneidewind, C.: A semantic framework for the security analysis of Ethereum smart contracts. In: Bauer, L., Küsters, R. (eds.) POST 2018. LNCS, vol. 10804, pp. 243–269. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89722-6_10

    Chapter  Google Scholar 

  17. Grossman, S., et al.: Online detection of effectively callback free objects with applications to smart contracts. 2(POPL) (2017)

    Google Scholar 

  18. Guerraoui, R., Kuznetsov, P., Monti, M., Pavlovič, M., Seredinschi, D.A.: The consensus number of a cryptocurrency. In: Proceedings of the 2019 ACM Symposium on Principles of Distributed Computing, PODC 2019, pp. 307–316. Association for Computing Machinery, New York (2019)

    Google Scholar 

  19. Hansen, P.B., Dijkstra, E.W., Hoare, C.A.R.: The Origins of Concurrent Programming: From Semaphores to Remote Procedure Calls. Springer, Heidelberg (2002)

    Book  Google Scholar 

  20. Hildenbrandt, E., et al.: KEVM: a complete formal semantics of the Ethereum virtual machine. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp. 204–217 (2018)

    Google Scholar 

  21. Hirai, Y.: Defining the Ethereum virtual machine for interactive theorem provers. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 520–535. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_33

    Chapter  Google Scholar 

  22. Kolluri, A., Nikolic, I., Sergey, I., Hobor, A., Saxena, P.: Exploiting the laws of order in smart contracts. CoRR abs/1810.11605 (2018)

    Google Scholar 

  23. Krishna Rao, M.R.K., Kapur, D., Shyamasundar, R.K.: Proving termination of GHC programs. New Gen. Comput. 15(3), 293–338 (1997). https://doi.org/10.1007/BF03037949

  24. Lee, J.H.: DappGuard: active monitoring and defense for solidity smart contracts (2017)

    Google Scholar 

  25. Luu, L., Chu, D.H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 254–269. ACM, New York (2016). https://doi.org/10.1145/2976749.2978309

  26. Mueller(ConsenSys), B.: Mythril: a classic security analysis tool for Ethereum smart contracts (2017). https://github.com/ConsenSys/mythril

  27. Nikolić, I., Kolluri, A., Sergey, I., Saxena, P., Hobor, A.: Finding the greedy, prodigal, and suicidal contracts at scale. In: Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC 2018, pp. 653–663. Association for Computing Machinery, New York (2018)

    Google Scholar 

  28. Openzeppelin contributors: Safemath.sol (2019). https://github.com/OpenZeppelin/openzeppelin-solidity/blob/master/contracts/math/SafeMath.sol. Accessed 16 June 2019

  29. Permenev, A., Dimitrov, D., Tsankov, P., Drachsler-Cohen, D., Vechev, M.: VerX: safety verification of smart contracts. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 414–430. Los Alamitos, CA, USA (2020)

    Google Scholar 

  30. Remix: Remix - Solidity IDE (2018). https://remix.ethereum.org/

  31. Schneidewind, C., Grishchenko, I., Scherer, M., Maffei, M.: Ethor: practical and provably sound static analysis of Ethereum smart contracts (2020). https://doi.org/10.48550/ARXIV.2005.06227

  32. Sergey, I., Hobor, A.: A concurrent perspective on smart contracts. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 478–493. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_30

    Chapter  Google Scholar 

  33. Shyamasundar, K.R.: A safety assessment of token standards for Ethereum: Erc20 and beyond. In: 6th Symposium on Distributed Ledger Technology (SDLT). SDLT, Gold Coast, Australia (2022)

    Google Scholar 

  34. Shyamsundar, R.K., Thatcher, J.W.: Language constructs for specifying concurrency in CDL. IEEE Trans. Softw. Eng. 15(8), 977–993 (1989). https://doi.org/10.1109/32.31354

    Article  Google Scholar 

  35. Tsankov, P., Dan, A., Drachsler-Cohen, D., Gervais, A., Bünzli, F., Vechev, M.: Securify: practical security analysis of smart contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, pp. 67–82. ACM, New York (2018). https://doi.org/10.1145/3243734.3243780

  36. Zhang, W., Banescu, S., Pasos, L., Stewart, S., Ganesh, V.: MPRO: combining static and symbolic analysis for scalable testing of smart contract. arXiv abs/1911.00570 (2019)

    Google Scholar 

Download references

Acknowledgments

The work was carried out at the Centre of Excellence for Blockchains supported by Ripple Corporation. I wish to thank Snehal Borse, and Prateek Patidar who initially were responsible for building the basic prototype and to Hrishikesh Saloi and Mohammad Ummair, who have been re-engineering the system in Python to handle a spectrum vulnerabilities using this approach. Special thanks to Dr. Vishwas Patil of Center for Blockchain Research for his constructive comments on an initial draft of the paper.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology, Bombay, Mumbai, 400076, India

    R. K. Shyamasundar

Authors
  1. R. K. Shyamasundar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to R. K. Shyamasundar .

Editor information

Editors and Affiliations

  1. CSIRO Data61 and UNSW, Canberra, ACT, Australia

    Shiping Chen

  2. Indian Institute of Technology Bombay, Mumbai, India

    Rudrapatna K. Shyamasundar

  3. Kingdee International Software Group Co., Ltd., Shenzhen, China

    Liang-Jie Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Shyamasundar, R.K. (2022). A Framework of Runtime Monitoring for Correct Execution of Smart Contracts. In: Chen, S., Shyamasundar, R.K., Zhang, LJ. (eds) Blockchain – ICBC 2022. ICBC 2022. Lecture Notes in Computer Science, vol 13733. Springer, Cham. https://doi.org/10.1007/978-3-031-23495-8_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-23495-8_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-23494-1

  • Online ISBN: 978-3-031-23495-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation