1,162 research outputs found
Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach
The adoption of blockchain-based distributed computation platforms is growing
fast. Some of these platforms, such as Ethereum, provide support for
implementing smart contracts, which are envisioned to have novel applications
in a broad range of areas, including finance and Internet-of-Things. However, a
significant number of smart contracts deployed in practice suffer from security
vulnerabilities, which enable malicious users to steal assets from a contract
or to cause damage. Vulnerabilities present a serious issue since contracts may
handle financial assets of considerable value, and contract bugs are
non-fixable by design. To help developers create more secure smart contracts,
we introduce FSolidM, a framework rooted in rigorous semantics for designing
con- tracts as Finite State Machines (FSM). We present a tool for creating FSM
on an easy-to-use graphical interface and for automatically generating Ethereum
contracts. Further, we introduce a set of design patterns, which we implement
as plugins that developers can easily add to their contracts to enhance
security and functionality
solc-verify: A Modular Verifier for Solidity Smart Contracts
We present solc-verify, a source-level verification tool for Ethereum smart
contracts. Solc-verify takes smart contracts written in Solidity and discharges
verification conditions using modular program analysis and SMT solvers. Built
on top of the Solidity compiler, solc-verify reasons at the level of the
contract source code, as opposed to the more common approaches that operate at
the level of Ethereum bytecode. This enables solc-verify to effectively reason
about high-level contract properties while modeling low-level language
semantics precisely. The contract properties, such as contract invariants, loop
invariants, and function pre- and post-conditions, can be provided as
annotations in the code by the developer. This enables automated, yet
user-friendly formal verification for smart contracts. We demonstrate
solc-verify by examining real-world examples where our tool can effectively
find bugs and prove correctness of non-trivial properties with minimal user
effort.Comment: Authors' manuscript. Published in S. Chakraborty and J. A. Navas
(Eds.): VSTTE 2019, LNCS 12031, 2020. The final publication is available at
Springer via https://doi.org/10.1007/978-3-030-41600-3_1
- …