Provas de Coerência Transacional para Smart Contracts em Blockhains

Blockchain technology is an emergent topic based on decentralization and immutability, enabling mutually untrusting parties to fairly exchange assets without the need of a central authority. Recently, the addition of blockchain programs, known as smart contracts, enabled the technology to expand upon a variety of industry sectors, already known to traditional software. Many organizations and corporates saw a growth opportunity, extending their businesses into this domain — now, though, with the blockchain twist. However, the inclusion of computation exposed a weak link in the overall blockchain security, due to carrying not only traditional software bugs, but also never before seen ones. That way, smart contracts, especially valuable ones, became enticing for hackers to exploit, which resulted in a set of tragedies where funds were stolen, among other consequences. Soon after, smart contract security became a most valuable topic of research among blockchain platforms. The Tezos blockchain is a relatively new platform whose stance values security by construct infrastructure, in consequence of the past incidents. While many smart contract security solutions were devised over the years, these have not been properly adapted nor adopted for the average developer in the community. Due to various reasons, but for one, seamless integration with the smart contract development processes is one of them. This dissertation approaches the blockchain security problem through an indirect approach, providing the developer with better accessibility and conditions for working on one of Tezos’s state-of-the-art security tools. Although it is unorthodox, it is hoped for the solution to inspire and appeal other blockchain communities by shedding some light in this unknown direction.A tecnologia blockchain é um tópico emergente baseado na descentralização e imutabilidade, permitindo que entidades desconhecidas e não confiáveis consigam trocar bens e valores digitais de forma justa sem necessitarem uma entidade central. Recentemente, a adição de programas na blockchain, designados de smart contracts, permitiu que tal se expandisse sobre uma variedade de sectores industriais já explorada por programas tradicionais. Contudo, muitas empresas viram uma oportunidade de negócio bastante lucrativa, estendendo o seu negócio para este ambiente, agora incutindo as regras da blockchain. Embora oportunidades lucrativas tenham aparecido, problemas relativos aos programas tradicionais, bem como outros novos ainda não descobertos, também. Os smart contracts revelaram-se como um elo mais fraco para a segurança da blockchain e, tendo estes a capacidade de reter bastante valor monetário, tornaram-se um alvo aliciante para hackers. Não muito depois, notícias espalharam-se pela internet a anunciar crimes por entidades anónimas — roubo e congelamento de fundos, entre outras consequências, na blockchain. Após o primeiro grande incidente, a segurança na blockchain começou a ser um tópico bastante estudado por peritos e investigadores das várias comunidades. A blockchain da Tezos é uma plataforma relativamente recente, com uma postura relativa à segurança bastante madura, resultado dos incidentes passados. Enquanto várias soluções foram alcançadas para a segurança de smart contracts, estas não seriam ainda bem incorporadas pela comunidade, ou pelo menos para o engenheiro de contratos comum. Existem várias razões, porém, acessibilidade nos vários aspetos das ferramentas de segurança é uma delas. O trabalho realizado por esta dissertação passa por solucionar este problema, mais especificamente, solucionar o problema para uma ferramenta de segurança de programas na blockchain da Tezos. Este tipo de solução não é comum na literatura, contudo, espera-se que o trabalho realizado sirva de inspiração para que as comunidades possa explorar esta vertente mais indireta de segurança na blockchain

Formal Specification and Verification of Hyperledger Fabric Chaincode

Smart contracts are programs building on blockchain technology. They implement functionality that has been agreed on between the concerned parties on a network. However, their immutability and exposed position make them vulnerable to programming errors, leading to faulty behavior and possible exploits. Therefore, smart contracts demand a particularly thorough analysis, ideally using formal program verification. In this paper, we present an approach for the deductive verification of Hyperledger Fabric smart contracts using the KeY prover. We have extended KeY to handle Fabric ledger implementations; in particular, we have developed mechanisms for reasoning about serialization and object persistence. The feasibility of our approach is demonstrated with a small case study

Tezla, an Intermediate Representation for Static Analysis of Michelson Smart Contracts

This paper introduces Tezla, an intermediate representation of Michelson smart contracts that eases the design of static smart contract analysers. This intermediate representation uses a store and aims to preserve the semantics, flow and resource usage of the original smart contract. This enables properties like gas consumption to be statically verified. We provide an automated decompiler of Michelson smart contracts to Tezla. In order to support our claim about the adequacy of Tezla, we develop a static analyser that takes advantage of the Tezla representation of Michelson smart contracts to prove simple but non-trivial properties

Inter-Blockchain Protocols with the Isabelle Infrastructure Framework

The main incentives of blockchain technology are distribution and distributed change, consistency, and consensus. Beyond just being a distributed ledger for digital currency, smart contracts add transaction protocols to blockchains to execute terms of a contract in a blockchain network. Inter-blockchain (IBC) protocols define and control exchanges between different blockchains. The Isabelle Infrastructure framework {has been designed to} serve security and privacy for IoT architectures by formal specification and stepwise attack analysis and refinement. A major case study of this framework is a distributed health care scenario for data consistency for GDPR compliance. This application led to the development of an abstract system specification of blockchains for IoT infrastructures. In this paper, we first give a summary of the concept of IBC. We then introduce an instantiation of the Isabelle Infrastructure framework to model blockchains. Based on this we extend this model to instantiate different blockchains and formalize IBC protocols. We prove the concept by defining the generic property of global consistency and prove it in Isabelle

Journées Francophones des Langages Applicatifs 2018

National audienceLes 29èmes journées francophones des langages applicatifs (JFLA) se déroulent en 2018 à l'observatoire océanographique de Banyuls-sur-Mer. Les JFLA réunissent chaque année, dans un cadre convivial, concepteurs, développeurs et utilisateurs des langages fonctionnels, des assistants de preuve et des outils de vérification de programmes en présentant des travaux variés, allant des aspects les plus théoriques aux applications industrielles.Cette année, nous avons sélectionné 9 articles de recherche et 8 articles courts. Les thématiques sont variées : preuve formelle, vérification de programmes, modèle mémoire, langages de programmation, mais aussi théorie de l'homotopieet blockchain