Semantic understanding of smart contracts: Executable operational semantics of solidity

Ministry of Education, Singapore under its Academic Research Funding Tier 2; National Research Foundation (NRF) Singapor

Formalisation of Smart Contract Languages

Smart contracts automatically verify and enforce contractual agreements without the need of a trusted intermediary, as potential conflicts are resolved by the network’s consensus protocol. Since "code is law", contracts should be correct, but bugs and vulnerabilities, often exploited by attackers, allow erroneous or even fraudulent behaviour. These days smart contracts are still mostly being written in general purpose programming languages, without proper specifications, let alone correctness proofs. Immutability is one of its selling points, but it is also one of its major problems, as once a contract is deployed to the blockchain it cannot be amended. Additionally, many vulnerabilities come from the misimplementation of contracts’ intended behaviour, as developers struggle to grasp the behavioural impact that the contract has in the blockchain. It is thus crucial to achieve correct implementations of smart contracts. In order to aid developers to promote the design of safer contracts that follow the protocols they are supposed to implement, we propose the use of behavioural types in smart languages. We believe that the use of typestates, for dynamic checking, and session types, for static checking, can ensure the intended behaviour of the contract before and during its execution. To better understand a contract’s behaviour throughout its execution, we took advantage of Racket (and PLT Redex), to have a visualisation of a step-by-step execution graph. By formally defining the syntax and reduction rules of a "core" smart contract language, and how each rule affects the statements and the programs configuration, this visualisation tool allows programmers to check and adjust the language’s formal semantics. This is a successful proof-of-concept exercise, confirming the suitability of Racket to develop program semantics which can be analysed throughout its execution. In the context of smart contract languages, these are important features (to be combined with formal verification with proof assistants). Furthermore, we also implemented a typechecker in OCaml that provides a type derivation tree of the program, in addition to preventing the occurrence of execution errors. To illustrate the usefulness of this approach, we took two different smart contract languages, one completely formalised with syntax, operational semantics and type system (Featherweight solidity, FS), and another only with its natural language semantics (Flint). We formalised FS in Racket and OCaml, where we were able to detect an inaccuracy; and we repeated this process with Flint, formalising its operation semantics and type system. The latter was much more challenging as it incorporated the use of typestates. Throughout this thesis, we present many examples on how the use of visual tools can help in the developing states of contracts and better understand the correct execution of programs, as well as how the use of behavioural types can prevent many execution errors even before running. The framework we define herein not only finds defects in the contracts, but also, crucially, detects vulnerabilities in a language construction, as we demonstrate with our use-cases. Therefore, this approach is very valuable not only for the programmer as visual debugging, but also for the language designer to test the effects of definitions

Dissecting Smart Contract Languages: A Survey

Blockchain is a distributed ledger technology that gained popularity for enabling the transformation of cryptocurrency among peers without mediation by a centralized third-party authority. Smart contracts expand the applications of blockchain technology and have played a role in its widespread adoption. Smart contracts are immutable digital programs that are deployed on blockchains to codify agreements between parties. Existing smart contract implementations have faced challenges, including security vulnerabilities, leading to significant losses and concerns. This has stimulated a wave of attempts to improve Smart Contract Languages (SCLs) to overcome implementation challenges and ensure code quality, producing many languages with diverse features. Scholars have made some attempts to classify SCLs and clarify the process of selecting an SCL, but to the best of our knowledge, no comprehensive survey of existing SCLs has been published. Our work surpasses earlier efforts by evaluating a significantly larger set of SCLs, in greater depth, to ease the process of SCL selection for blockchain research and implementation. In this paper, we (1) propose a robust framework for comparing existing SCLs, (2) analyze and discuss 36 SCLs, addressing issues beyond those used to construct the comparison framework, and (3) define new parameters for future research and development of SCLs. The survey provides a guide for those who intend to select or use an SCL to implement smart contracts, develop new SCLs, or add new extensions to the existing SCLs

Dotación de una semántica formal a Solidity que permita su verificación

Trabajo de Fin de Grado en Ingeniería Informática, Facultad de Informática UCM, Departamento de Sistemas Informáticos y Computación, Curso 2019/2020Whilst the number of programming languages continuously increases, along with their multiple applications, the need of guaranteeing correction or predicting the outcome of a certain program arises. Due to the lack of information that is often available in the official documentation of the languages, formal methods seem a powerful tool in this sense. Thanks to program verification using formal semantics we can abstract the behaviour of an instruction using mathematical notation. In this work we will study Solidity, a language used to create the so-called smart contracts in the Ethereum platform. Our goal is to study the state-of-the-art semantics in this topic, to ultimately suggest our own, with the aim of covering what we believe has not been covered yet, and to propose modifications to the rules that we have found rather imprecise. We have decided to pay special attention to how values are updated and retrieved from the storage, which is one on the four data locations Solidity makes use of. Lastly, it has been our goal to propose semantics that are executable in languages like K or Maude. For this reason, we have also coded several Maude modules which can be helpful when verifying a contract using this language.En un contexto en el cual el número de lenguajes de programación cada vez es más elevado, y su uso se extiende a un mayor número de ámbitos, aparece la necesidad de asegurar la corrección o de determinar el resultado de ciertos programas. Debido a la falta de información concreta que muchas veces encontramos en la documentación oficial de los lenguajes, surgen técnicas como la verificación de programas a través de semánticas formales, que permiten modelizar mediante abstracciones matemáticas el funcionamiento de las instrucciones. En este trabajo estudiaremos el lenguaje Solidity, utilizado para crear los llamados smart contracts en la plataforma Ethereum. Nuestro objetivo es estudiar qué propuestas de semánticas se han hecho, para posteriormente aportar la nuestra, que tratará de rellenar y corregir ciertos huecos e imprecisiones que hayamos podido encontrar en la literatura consultada. En nuestro caso, presentamos una semántica centrada sobre todo en la obtención y actualización de valores en storage, una de las cuatro memorias que utiliza Ethereum. Por último, el objetivo último de este trabajo es el ofrecer una semántica que sea implementable en lenguajes como K o Maude. En nuestro caso, hemos desarrollado diferentes módulos en Maude que pueden servir como base a la hora de realizar una verificación de un contrato en este lenguaje.Depto. de Sistemas Informáticos y ComputaciónFac. de InformáticaTRUEunpu