27 research outputs found
Tezla, an Intermediate Representation for Static Analysis of Michelson Smart Contracts
This paper introduces Tezla, an intermediate representation of Michelson smart contracts that eases the design of static smart contract analysers. This intermediate representation uses a store and aims to preserve the semantics, flow and resource usage of the original smart contract. This enables properties like gas consumption to be statically verified. We provide an automated decompiler of Michelson smart contracts to Tezla. In order to support our claim about the adequacy of Tezla, we develop a static analyser that takes advantage of the Tezla representation of Michelson smart contracts to prove simple but non-trivial properties
Pre-deployment Analysis of Smart Contracts -- A Survey
Smart contracts are programs that execute transactions involving independent
parties and cryptocurrencies. As programs, smart contracts are susceptible to a
wide range of errors and vulnerabilities. Such vulnerabilities can result in
significant losses. Furthermore, by design, smart contract transactions are
irreversible. This creates a need for methods to ensure the correctness and
security of contracts pre-deployment. Recently there has been substantial
research into such methods. The sheer volume of this research makes
articulating state-of-the-art a substantial undertaking. To address this
challenge, we present a systematic review of the literature. A key feature of
our presentation is to factor out the relationship between vulnerabilities and
methods through properties. Specifically, we enumerate and classify smart
contract vulnerabilities and methods by the properties they address. The
methods considered include static analysis as well as dynamic analysis methods
and machine learning algorithms that analyze smart contracts before deployment.
Several patterns about the strengths of different methods emerge through this
classification process
Provas de Coerência Transacional para Smart Contracts em Blockhains
Blockchain technology is an emergent topic based on decentralization and immutability, enabling mutually untrusting parties to fairly exchange assets without the need of a central authority. Recently, the addition of blockchain programs, known as smart contracts, enabled
the technology to expand upon a variety of industry sectors, already known to traditional software. Many organizations and corporates saw a growth opportunity, extending their businesses into this domain — now, though, with the blockchain twist. However, the inclusion
of computation exposed a weak link in the overall blockchain security, due to carrying not
only traditional software bugs, but also never before seen ones. That way, smart contracts,
especially valuable ones, became enticing for hackers to exploit, which resulted in a set of
tragedies where funds were stolen, among other consequences. Soon after, smart contract
security became a most valuable topic of research among blockchain platforms. The Tezos
blockchain is a relatively new platform whose stance values security by construct infrastructure, in consequence of the past incidents. While many smart contract security solutions were
devised over the years, these have not been properly adapted nor adopted for the average developer in the community. Due to various reasons, but for one, seamless integration with
the smart contract development processes is one of them. This dissertation approaches the
blockchain security problem through an indirect approach, providing the developer with better accessibility and conditions for working on one of Tezos’s state-of-the-art security tools.
Although it is unorthodox, it is hoped for the solution to inspire and appeal other blockchain
communities by shedding some light in this unknown direction.A tecnologia blockchain é um tópico emergente baseado na descentralização e imutabilidade,
permitindo que entidades desconhecidas e não confiáveis consigam trocar bens e valores
digitais de forma justa sem necessitarem uma entidade central. Recentemente, a adição de
programas na blockchain, designados de smart contracts, permitiu que tal se expandisse
sobre uma variedade de sectores industriais já explorada por programas tradicionais. Contudo, muitas empresas viram uma oportunidade de negócio bastante lucrativa, estendendo
o seu negócio para este ambiente, agora incutindo as regras da blockchain. Embora oportunidades lucrativas tenham aparecido, problemas relativos aos programas tradicionais, bem
como outros novos ainda não descobertos, também. Os smart contracts revelaram-se como
um elo mais fraco para a segurança da blockchain e, tendo estes a capacidade de reter bastante valor monetário, tornaram-se um alvo aliciante para hackers. Não muito depois, notÃcias espalharam-se pela internet a anunciar crimes por entidades anónimas — roubo e congelamento de fundos, entre outras consequências, na blockchain. Após o primeiro grande
incidente, a segurança na blockchain começou a ser um tópico bastante estudado por peritos e investigadores das várias comunidades. A blockchain da Tezos é uma plataforma relativamente recente, com uma postura relativa à segurança bastante madura, resultado dos
incidentes passados. Enquanto várias soluções foram alcançadas para a segurança de smart
contracts, estas não seriam ainda bem incorporadas pela comunidade, ou pelo menos para
o engenheiro de contratos comum. Existem várias razões, porém, acessibilidade nos vários
aspetos das ferramentas de segurança é uma delas. O trabalho realizado por esta dissertação
passa por solucionar este problema, mais especificamente, solucionar o problema para uma
ferramenta de segurança de programas na blockchain da Tezos. Este tipo de solução não é
comum na literatura, contudo, espera-se que o trabalho realizado sirva de inspiração para
que as comunidades possa explorar esta vertente mais indireta de segurança na blockchain
Blockchain Software Verification and Optimization
In the last decade, blockchain technology has undergone a strong evolution. The maturity reached and the consolidation obtained have aroused the interest of companies and businesses, transforming it into a possible response to various industrial needs. However, the lack of standards and tools for the development and maintenance of blockchain software leaves open challenges and various possibilities for improvements. The goal of this thesis is to tackle some of the challenges proposed by blockchain technology, to design and implement analysis, processes, and architectures that may be applied in the real world. In particular, two topics are addressed: the verification of the blockchain software and the code optimization of smart contracts. As regards the verification, the thesis focuses on the original developments of tools and analyses able to detect statically, i.e. without code execution, issues related to non-determinism, untrusted cross-contracts invocation, and numerical overflow/underflow. Moreover, an approach based on on-chain verification is investigated, to proactively involve the blockchain in verifying the code before and after its deployment. For the optimization side, the thesis describes an optimization process for the code translation from Solidity language to Takamaka, also proposing an efficient algorithm to compute snapshots for fungible and non-fungible tokens. The results of this thesis are an important first step towards improving blockchain software development, empirically demonstrating the applicability of the proposed approaches and their involvement also in the industrial field
Towards Safer Smart Contracts: A Survey of Languages and Verification Methods
With a market capitalisation of over USD 205 billion in just under ten years, public distributed ledgers have experienced significant adoption. Apart from novel consensus mechanisms, their success is also accountable to smart contracts. These programs allow distrusting parties to enter agreements that are executed autonomously. However, implementation issues in smart contracts caused severe losses to the users of such contracts. Significant efforts are taken to improve their security by introducing new programming languages and advance verification methods. We provide a survey of those efforts in two parts. First, we introduce several smart contract languages focussing on security features. To that end, we present an overview concerning paradigm, type, instruction set, semantics, and metering. Second, we examine verification tools and methods for smart contract and distributed ledgers. Accordingly, we introduce their verification approach, level of automation, coverage, and supported languages. Last, we present future research directions including formal semantics, verified compilers, and automated verification