237 research outputs found
Semantic understanding of smart contracts: Executable operational semantics of solidity
Ministry of Education, Singapore under its Academic Research Funding Tier 2; National Research Foundation (NRF) Singapor
Formalisation of Smart Contract Languages
Smart contracts automatically verify and enforce contractual agreements without the
need of a trusted intermediary, as potential conflicts are resolved by the network’s consensus
protocol. Since "code is law", contracts should be correct, but bugs and vulnerabilities,
often exploited by attackers, allow erroneous or even fraudulent behaviour. These days
smart contracts are still mostly being written in general purpose programming languages,
without proper specifications, let alone correctness proofs. Immutability is one of its
selling points, but it is also one of its major problems, as once a contract is deployed to
the blockchain it cannot be amended. Additionally, many vulnerabilities come from the
misimplementation of contracts’ intended behaviour, as developers struggle to grasp the
behavioural impact that the contract has in the blockchain. It is thus crucial to achieve
correct implementations of smart contracts.
In order to aid developers to promote the design of safer contracts that follow the
protocols they are supposed to implement, we propose the use of behavioural types in
smart languages. We believe that the use of typestates, for dynamic checking, and session
types, for static checking, can ensure the intended behaviour of the contract before and
during its execution.
To better understand a contract’s behaviour throughout its execution, we took advantage
of Racket (and PLT Redex), to have a visualisation of a step-by-step execution graph.
By formally defining the syntax and reduction rules of a "core" smart contract language,
and how each rule affects the statements and the programs configuration, this visualisation
tool allows programmers to check and adjust the language’s formal semantics. This is
a successful proof-of-concept exercise, confirming the suitability of Racket to develop program
semantics which can be analysed throughout its execution. In the context of smart
contract languages, these are important features (to be combined with formal verification
with proof assistants). Furthermore, we also implemented a typechecker in OCaml that
provides a type derivation tree of the program, in addition to preventing the occurrence
of execution errors.
To illustrate the usefulness of this approach, we took two different smart contract
languages, one completely formalised with syntax, operational semantics and type system (Featherweight solidity, FS), and another only with its natural language semantics (Flint).
We formalised FS in Racket and OCaml, where we were able to detect an inaccuracy;
and we repeated this process with Flint, formalising its operation semantics and type
system. The latter was much more challenging as it incorporated the use of typestates.
Throughout this thesis, we present many examples on how the use of visual tools can
help in the developing states of contracts and better understand the correct execution of
programs, as well as how the use of behavioural types can prevent many execution errors
even before running.
The framework we define herein not only finds defects in the contracts, but also,
crucially, detects vulnerabilities in a language construction, as we demonstrate with our
use-cases. Therefore, this approach is very valuable not only for the programmer as visual
debugging, but also for the language designer to test the effects of definitions
Dissecting Smart Contract Languages: A Survey
Blockchain is a distributed ledger technology that gained popularity for
enabling the transformation of cryptocurrency among peers without mediation by
a centralized third-party authority. Smart contracts expand the applications of
blockchain technology and have played a role in its widespread adoption. Smart
contracts are immutable digital programs that are deployed on blockchains to
codify agreements between parties. Existing smart contract implementations have
faced challenges, including security vulnerabilities, leading to significant
losses and concerns. This has stimulated a wave of attempts to improve Smart
Contract Languages (SCLs) to overcome implementation challenges and ensure code
quality, producing many languages with diverse features. Scholars have made
some attempts to classify SCLs and clarify the process of selecting an SCL, but
to the best of our knowledge, no comprehensive survey of existing SCLs has been
published. Our work surpasses earlier efforts by evaluating a significantly
larger set of SCLs, in greater depth, to ease the process of SCL selection for
blockchain research and implementation. In this paper, we (1) propose a robust
framework for comparing existing SCLs, (2) analyze and discuss 36 SCLs,
addressing issues beyond those used to construct the comparison framework, and
(3) define new parameters for future research and development of SCLs. The
survey provides a guide for those who intend to select or use an SCL to
implement smart contracts, develop new SCLs, or add new extensions to the
existing SCLs
Dotación de una semántica formal a Solidity que permita su verificación
Trabajo de Fin de Grado en IngenierÃa Informática, Facultad de Informática UCM, Departamento de Sistemas Informáticos y Computación, Curso 2019/2020Whilst the number of programming languages continuously increases, along with their multiple applications, the need of guaranteeing correction or predicting the outcome of a certain program arises. Due to the lack of information that is often available in the official documentation of the languages, formal methods seem a powerful tool in this sense. Thanks to program verification using formal semantics we can abstract the behaviour of an instruction using mathematical notation.
In this work we will study Solidity, a language used to create the so-called smart contracts in the Ethereum platform. Our goal is to study the state-of-the-art semantics in this topic, to ultimately suggest our own, with the aim of covering what we believe has not been covered yet, and to propose modifications to the rules that we have found rather imprecise.
We have decided to pay special attention to how values are updated and retrieved from the storage, which is one on the four data locations Solidity makes use of.
Lastly, it has been our goal to propose semantics that are executable in languages like K or Maude. For this reason, we have also coded several Maude modules which can be helpful when verifying a contract using this language.En un contexto en el cual el número de lenguajes de programación cada vez es más elevado, y su uso se extiende a un mayor número de ámbitos, aparece la necesidad de asegurar la corrección o de determinar el resultado de ciertos programas. Debido a la falta de información concreta que muchas veces encontramos en la documentación oficial de los lenguajes, surgen técnicas como la verificación de programas a través de semánticas formales, que permiten modelizar mediante abstracciones matemáticas el funcionamiento de las instrucciones.
En este trabajo estudiaremos el lenguaje Solidity, utilizado para crear los llamados smart contracts en la plataforma Ethereum. Nuestro objetivo es estudiar qué propuestas de semánticas se han hecho, para posteriormente aportar la nuestra, que tratará de rellenar y corregir ciertos huecos e imprecisiones que hayamos podido encontrar en la literatura consultada.
En nuestro caso, presentamos una semántica centrada sobre todo en la obtención y actualización de valores en storage, una de las cuatro memorias que utiliza Ethereum.
Por último, el objetivo último de este trabajo es el ofrecer una semántica que sea implementable en lenguajes como K o Maude. En nuestro caso, hemos desarrollado diferentes módulos en Maude que pueden servir como base a la hora de realizar una verificación de un contrato en este lenguaje.Depto. de Sistemas Informáticos y ComputaciónFac. de InformáticaTRUEunpu
- …