21 research outputs found
Formal Methods for Secure Bitcoin Smart Contracts
The notion of smart contracts was introduced in 1997 by Nick Szabo, to describe agreements among mutually distrusting parties that can be automatically enforced without resorting to a trusted intermediary.
Then, the idea was mostly forgotten due to the technical impossibility to implement it. The advent of distributed ledger technologies, pioneered by Bitcoin, provided a technical foundation to reshape and develop smart contracts.
Since smart contracts handle the ownership of valuable assets, attackers may be tempted to exploit vulnerabilities in their implementation to steal or tamper with these assets. For instance, a series of vulnerabilities in Ethereum contracts have been exploited, causing money losses in the order of hundreds of millions of dollars.
Over the last years, a variety of smart contracts for Bitcoin have been proposed, both by the academic community and by that of developers. However, the heterogeneity in their treatment, the informal (often incomplete or imprecise) descriptions, and the use of poorly documented Bitcoin features, poses obstacles to the development of secure smart contracts.
Using formal models and domain-specific languages to describe the behaviour of the underlying platform, and to model contracts, could help to overcome these security issues, by reducing the distance between the intended behaviour of a contract and the implementation.
In this thesis, we propose a formal model of Bitcoin transactions, which is the foundation for a new process algebra for defining Bitcoin smart contracts. Furthermore, we present a toolchain for developing smart contracts in BitML, a domain-specific language based on the contributions of this thesis. Moreover, we propose a new extension to Bitcoin, called neighbourhood covenants, which extends its expressiveness as a smart contract platform. We then exploit neighbourhood covenants to implement fungible tokens on Bitcoin
Formal Models of Bitcoin Contracts: A Survey
Although Bitcoin is mostly used as a decentralized application to transfer cryptocurrency, over the last 10 years there have been several studies on how to exploit Bitcoin to execute smart contracts. These are computer protocols which allow users to exchange bitcoins according to complex pre-agreed rules. Some of these studies introduce formal models of Bitcoin contracts, which specify their behavior in non-ambiguous terms, in some cases providing tools to automatically verify relevant contract properties. In this paper, we survey the formal models proposed in the scientific literature, comparing their expressiveness and applicability in the wild
Verifying liquidity of recursive Bitcoin contracts
Smart contracts - computer protocols that regulate the exchange of
crypto-assets in trustless environments - have become popular with the spread
of blockchain technologies. A landmark security property of smart contracts is
liquidity: in a non-liquid contract, it may happen that some assets remain
frozen, i.e. not redeemable by anyone. The relevance of this issue is witnessed
by recent liquidity attacks to Ethereum, which have frozen hundreds of USD
millions. We address the problem of verifying liquidity on BitML, a DSL for
smart contracts with a secure compiler to Bitcoin, featuring primitives for
currency transfers, contract renegotiation and consensual recursion. Our main
result is a verification technique for liquidity. We first transform the
infinite-state semantics of BitML into a finite-state one, which focusses on
the behaviour of a chosen set of contracts, abstracting from the moves of the
context. With respect to the chosen contracts, this abstraction is sound, i.e.
if the abstracted contract is liquid, then also the concrete one is such. We
then verify liquidity by model-checking the finite-state abstraction. We
implement a toolchain that automatically verifies liquidity of BitML contracts
and compiles them to Bitcoin, and we assess it through a benchmark of
representative contracts.Comment: arXiv admin note: text overlap with arXiv:2003.0029
Principles of Security and Trust
This open access book constitutes the proceedings of the 8th International Conference on Principles of Security and Trust, POST 2019, which took place in Prague, Czech Republic, in April 2019, held as part of the European Joint Conference on Theory and Practice of Software, ETAPS 2019. The 10 papers presented in this volume were carefully reviewed and selected from 27 submissions. They deal with theoretical and foundational aspects of security and trust, including on new theoretical results, practical applications of existing foundational ideas, and innovative approaches stimulated by pressing practical problems
Dissecting Smart Contract Languages: A Survey
Blockchain is a distributed ledger technology that gained popularity for
enabling the transformation of cryptocurrency among peers without mediation by
a centralized third-party authority. Smart contracts expand the applications of
blockchain technology and have played a role in its widespread adoption. Smart
contracts are immutable digital programs that are deployed on blockchains to
codify agreements between parties. Existing smart contract implementations have
faced challenges, including security vulnerabilities, leading to significant
losses and concerns. This has stimulated a wave of attempts to improve Smart
Contract Languages (SCLs) to overcome implementation challenges and ensure code
quality, producing many languages with diverse features. Scholars have made
some attempts to classify SCLs and clarify the process of selecting an SCL, but
to the best of our knowledge, no comprehensive survey of existing SCLs has been
published. Our work surpasses earlier efforts by evaluating a significantly
larger set of SCLs, in greater depth, to ease the process of SCL selection for
blockchain research and implementation. In this paper, we (1) propose a robust
framework for comparing existing SCLs, (2) analyze and discuss 36 SCLs,
addressing issues beyond those used to construct the comparison framework, and
(3) define new parameters for future research and development of SCLs. The
survey provides a guide for those who intend to select or use an SCL to
implement smart contracts, develop new SCLs, or add new extensions to the
existing SCLs
Principles of Security and Trust
This open access book constitutes the proceedings of the 8th International Conference on Principles of Security and Trust, POST 2019, which took place in Prague, Czech Republic, in April 2019, held as part of the European Joint Conference on Theory and Practice of Software, ETAPS 2019. The 10 papers presented in this volume were carefully reviewed and selected from 27 submissions. They deal with theoretical and foundational aspects of security and trust, including on new theoretical results, practical applications of existing foundational ideas, and innovative approaches stimulated by pressing practical problems
A Service-Oriented Perspective on Blockchain Smart Contracts
Smart contracts turn blockchains into distributed computing platforms. This article studies whether smart contracts as implemented by state-of-the-art blockchain technology may serve as component technology for a computing paradigm like service-oriented computing (SOC) in the blockchain, in order to foster reuse and increase cost-effectiveness