Formal Models of Bitcoin Contracts: A Survey

Although Bitcoin is mostly used as a decentralized application to transfer cryptocurrency, over the last 10 years there have been several studies on how to exploit Bitcoin to execute smart contracts. These are computer protocols which allow users to exchange bitcoins according to complex pre-agreed rules. Some of these studies introduce formal models of Bitcoin contracts, which specify their behavior in non-ambiguous terms, in some cases providing tools to automatically verify relevant contract properties. In this paper, we survey the formal models proposed in the scientific literature, comparing their expressiveness and applicability in the wild

Smart Types for Smart Contracts Validation

The notion of Smart Contracts consist in describing agreements between two or more parties that can be automatically enforced without a trusted intermediary. Smart Con- tracts run on a very specific network of peers called Blockchain, a a digitally distributed, decentralized, public ledger that exists across a network. Potential conflicts are resolved by the network’s consensus protocol. The Blockchain [26] is immutable, this means that once a Smart Contract is deployed on the Blockchain it cannot be amended. This immutability (despite being one important selling point of Smart Contracts) leave no room for mistakes in their implementation. Many contracts are hard to implement correctly and bugs and vulnerabilities can be exploited for erroneous or even fraudulent behaviour. The countless advantages and applications of Smart contracts are constantly increas- ing their popularity. This added to the fact that Smart Contracts manipulate resources with monetary value is bringing a lot of attention to attackers. There are a lot of infamous Smart Contracts attacks, the DAO Attack per example drained millions of dollars in Ether (cryptocurrency of Ethereum). Mainstream tools used to develop distributed Smart Contracts do not address these requirements. Consequently, many vulnerabilities of these contracts are known and can be exploited. In order to help developers to design safer contracts that follow their protocols and specifications we propose a language integrated with assertions and a static behavioural type system able of protecting resources and enforce usage protocols to ensure the safety and soundness in Smart Contracts execution. Since proof assistants are too demanding for most developers, there is a need for automatic tools well integrated with programming languages. Therefore, we joined our language with a model-checker to discharge to it the quantitative assertions during the compilation process. In short, we provided a translation of the types and assertions to an automaton in the format of Cubicle’s (model checker) input language and used this one to conduct Software Verification

Verified compilation from BitML to Bitcoin: an Agda odyssey

Blockchain technology has taken the financial world by storm in recent years, allowing for programmable contracts to be enacted amongst participants in a decentralised fashion. Bugs in those programs, however, can lead to huge monetary losses and cannot in principle be amended after detection, due to the blockchain being an immutable data structure. This incentivizes a high-assurance approach to developing smart contracts, which so far has mainly consisted of approximate methods of static analysis. Here, we strive for something more radical, namely the use of interactive proof assistants grounded in Type Theory to develop such contracts and formally verify their correctness by proving logical propositions within the same system. Specifically, we take existing work on the Bitcoin Modelling Language (BitML) — a high-level process calculus for expressing contracts that compile down to Bitcoin transactions — and encode its definitions, semantics, and translation procedure in the Agda proof assistant. BitML is one of the most mature works at the confluence of Blockchain and Programming Languages, which justifies the tremendous amount of effort required to mechanise the intricate results of the original paper, compared to various more lightweight alternatives such as model checking. We can then prove properties about BitML contracts as Agda programs, in particular the main meta-theoretical result of the BitML paper, compilation correctness, which states that it suffices to prove properties at the more abstract level of BitML contracts, and then provably transfer them to the low-level of Bitcoin transactions. By virtue of working in a type-theoretic proof assistant whose underlying logic is constructive, we can say that the central research goal of this thesis amounts to producing a verified compiler from BitML contracts to Bitcoin transactions. This whole dissertation is a type-checked Agda script, and the corresponding formalisations are publicly available in HTML format: - https://omelkonian.github.io/formal-bitcoin/ - https://omelkonian.github.io/formal-bitml/ - https://omelkonian.github.io/formal-bitml-to-bitcoin

Developing secure bitcoin contracts with BitML

We present a toolchain for developing and verifying smart contracts that can be executed on Bitcoin. The toolchain is based on BitML, a recent domain-specific language for smart contracts with a computationally sound embedding into Bitcoin. Our toolchain automatically verifies relevant properties of contracts, among which liquidity, ensuring that funds do not remain frozen within a contract forever. A compiler is provided to translate BitML contracts into sets of standard Bitcoin transactions: executing a contract corresponds to appending these transactions to the blockchain. We assess our toolchain through a benchmark of representative contracts