Abstract
Despite the great potential capabilities and the mature technological solutions, the smart contracts have never been used at a large scale, one of the reasons being the lack of good methods to verify the correctness and security of the contracts—although the technology itself (e.g. the Ethereum platform) is well studied and secure, the actual smart contracts are human-made and thus inherently error-prone. As a consequence, critical vulnerabilities in the contracts are discovered and exploited every few months. The most prominent example of a buggy contract was the infamous DAO attack—a successful attack on the largest Ethereum contract in June 2016 resulting in $70 mln-worth Ether stolen and the hard fork of the Ethereum network (80% of Ethereum users decided to revert the transaction and hence two parallel transaction histories exist from that event).
The main contribution of this work is the automatic method of formal verification of randomized Ethereum smart contracts. We formally define and implement the translation of the contracts into MDP (Markov decision process) formal models which can be verified using the PRISM model checker—a state of the art tool for formal verification of models. As a proof of concept, we use our tool, EthVer, to verify two smart contracts from the literature: the Rock-Paper-Scissors protocol from K. Delmolino et al., Step by step towards creating a safe smart contract: Lessons and insights from a cryptocurrency lab. and the Micropay 1 protocol from R. Pass, a. shelat, Micropayments for decentralized currencies.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
Recall that the extended version of the paper as well as the code of EthVer and example contracts are available at https://github.com/lukmaz/ethver.
- 6.
Note that we don’t describe here how to sign messages in Solidity. In fact, Solidity does not provide convenient API for this. The reason is that a private key is required to sign and we rarely want to do this in the contract code, because we do not want to reveal the private keys to public.
- 7.
This is the actual code of computing and verifying the signature \(\sigma = \textsf {sig}(c, r_2, a)\) from the Micropay 1 protocol (cf. Sect. 7).
- 8.
Recall that 1 finney = 0.001 ETH is a denomination of Ether, the currency of Ethereum. For simplicity, we neglect the transaction fees, unless stated otherwise.
- 9.
- 10.
A PRISM model can consists of several modules, each corresponding to a different part of the system and each with a separate set of variables.
- 11.
The same pattern of a two-phase function execution could be accomplished using only the
and
modules, however because of visibility of the variables in PRISM, the
module is needed to correctly pass the arguments of the call. - 12.
The current version of EthVer is limited to 2-players protocols only. However, all the security claims as well as the formal translation defined in appendix D of the extended version of the paper hold also for protocols with larger number of players. Note that although EthVer accepts only 2-player protocols, it verifies the contract also against the attacks in which more adversarial players join the protocol at the same time.
- 13.
The ETV code of all tested models is available in the project repository, https://github.com/lukmaz/ethver.
and
modules, however because of visibility of the variables in PRISM, the
module is needed to correctly pass the arguments of the call.References
Accidental bug may have frozen \$280 million worth of digital coin ether in a cryptocurrency wallet. https://www.cnbc.com/2017/11/08/accidental-bug-may-have-frozen-280-worth-of-ether-on-parity-wallet.html. Accessed 2 Mar 2019
How to find \$10m just by reading the blockchain. https://coinspectator.com/news/539/how-to-find-10m-just-by-reading-the-blockchain. Accessed 2 Mar 2019
An in-depth look at the parity multisig bug. http://hackingdistributed.com/2017/07/22/deep-dive-parity-bug/. Accessed 2 Mar 2019
Manticore. https://github.com/trailofbits/manticore
Mythril. https://github.com/ConsenSys/mythril
Smartcheck. https://github.com/smartdec/smartcheck
solgraph. https://github.com/raineorshine/solgraph
Amani, S., Bégel, M., Bortin, M., Staples, M.: Towards verifying ethereum smart contract bytecode in Isabelle/HOL. In: Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs, CPP 2018, pp. 66–77. ACM, New York (2018). https://doi.org/10.1145/3167084
Bhargavan, K., et al.: Formal verification of smart contracts: short paper. In: Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, pp. 91–96. ACM (2016)
Buterin, V.: Ethereum: a next-generation smart contract and decentralized application platform (2014). https://github.com/ethereum/wiki/wiki/White-Paper. Accessed 22 Aug 2016
Chatterjee, K., Goharshady, A.K., Velner, Y.: Quantitative analysis of smart contracts. In: Ahmed, A. (ed.) ESOP 2018. LNCS, vol. 10801, pp. 739–767. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89884-1_26
Cook, T., Latham, A., Lee, J.H.: Dappguard: active monitoring and defense for solidity smart contracts. Retrieved July 18, 2018 (2017)
Courtois, N.T., Grajek, M., Naik, R.: Optimizing SHA256 in bitcoin mining. In: Kotulski, Z., Księżopolski, B., Mazur, K. (eds.) CSS 2014. CCIS, vol. 448, pp. 131–144. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44893-9_12
Delmolino, K., Arnett, M., Kosba, A., Miller, A., Shi, E.: Step by step towards creating a safe smart contract: lessons and insights from a cryptocurrency lab. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 79–94. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_6
Falkon, S.: The story of the DAO – its history and consequences (2017). https://medium.com/swlh/the-story-of-the-dao-its-history-and-consequences-71e6a8a551ee
Filliâtre, J.-C., Paskevich, A.: Why3 — where programs meet provers. In: Felleisen, M., Gardner, P. (eds.) ESOP 2013. LNCS, vol. 7792, pp. 125–128. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37036-6_8
Grossman, S., et al.: Online detection of effectively callback free objects with applications to smart contracts. In: Proceedings of the ACM on Programming Languages 2(POPL), pp. 1–28 (2017)
Hildenbrandt, E., et al.: Kevm: a complete formal semantics of the ethereum virtual machine. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp. 204–217 (2018). https://doi.org/10.1109/CSF.2018.00022
Hirai, Y.: Defining the ethereum virtual machine for interactive theorem provers. In: Financial Cryptography Workshops (2017)
Kalra, S., Goel, S., Dhawan, M., Sharma, S.: Zeus: analyzing safety of smart contracts. In: NDSS, pp. 1–12 (2018)
Kwiatkowska, M., Norman, G., Parker, D.: PRISM 4.0: verification of probabilistic real-time systems. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 585–591. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22110-1_47
Luu, L., Chu, D.H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269. ACM (2016)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. http://bitcoin.org/bitcoin.pdf
Nikolić, I., Kolluri, A., Sergey, I., Saxena, P., Hobor, A.: Finding the greedy, prodigal, and suicidal contracts at scale. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 653–663 (2018)
O’Connor, R.: Simplicity: a new language for blockchains. In: Proceedings of the 2017 Workshop on Programming Languages and Analysis for Security, pp. 107–120 (2017)
Pass, R., Shelat, A.: Micropayments for decentralized currencies. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015: 22nd Conference on Computer and Communications Security, pp. 207–218. ACM Press, Denver (2015). https://doi.org/10.1145/2810103.2813713
Pass, R., Shelat, A.: Micropayments for decentralized currencies. Cryptology ePrint Archive, Report 2016/332 (2016). http://eprint.iacr.org/2016/332
Pettersson, J., Edström, R.: Safer smart contracts through type-driven development. Master’s thesis. Chalmers University of Technology, Sweden (2016)
Szabo, N.: Formalizing and securing relationships on public networks. First Monday 2(9) (1997)
Tsankov, P., Dan, A., Drachsler-Cohen, D., Gervais, A., Bünzli, F., Vechev, M.: Security: practical security analysis of smart contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, pp. 67–82. ACM, New York (2018). https://doi.org/10.1145/3243734.3243780
Wohrer, M., Zdun, U.: Smart contracts: security patterns in the ethereum ecosystem and solidity. In: 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), pp. 2–8. IEEE (2018)
Zhou, E., et al.: Security assurance for smart contract. In: 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–5. IEEE (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 International Financial Cryptography Association
About this paper
Cite this paper
Mazurek, Ł. (2021). EthVer: Formal Verification of Randomized Ethereum Smart Contracts. In: Bernhard, M., et al. Financial Cryptography and Data Security. FC 2021 International Workshops. FC 2021. Lecture Notes in Computer Science(), vol 12676. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-63958-0_30
Download citation
DOI: https://doi.org/10.1007/978-3-662-63958-0_30
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-63957-3
Online ISBN: 978-3-662-63958-0
eBook Packages: Computer ScienceComputer Science (R0)