4 research outputs found
Pre-deployment Analysis of Smart Contracts -- A Survey
Smart contracts are programs that execute transactions involving independent
parties and cryptocurrencies. As programs, smart contracts are susceptible to a
wide range of errors and vulnerabilities. Such vulnerabilities can result in
significant losses. Furthermore, by design, smart contract transactions are
irreversible. This creates a need for methods to ensure the correctness and
security of contracts pre-deployment. Recently there has been substantial
research into such methods. The sheer volume of this research makes
articulating state-of-the-art a substantial undertaking. To address this
challenge, we present a systematic review of the literature. A key feature of
our presentation is to factor out the relationship between vulnerabilities and
methods through properties. Specifically, we enumerate and classify smart
contract vulnerabilities and methods by the properties they address. The
methods considered include static analysis as well as dynamic analysis methods
and machine learning algorithms that analyze smart contracts before deployment.
Several patterns about the strengths of different methods emerge through this
classification process
Formal Specification and Verification of Solidity Contracts with Events (Short Paper)
Events in the Solidity language provide a means of communication between the on-chain services of decentralized applications and the users of those services. Events are commonly used as an abstraction of contract execution that is relevant from the users\u27 perspective. Users must, therefore, be able to understand the meaning and trust the validity of the emitted events. This paper presents a source-level approach for the formal specification and verification of Solidity contracts with the primary focus on events. Our approach allows the specification of events in terms of the on-chain data that they track, and the predicates that define the correspondence between the blockchain state and the abstract view provided by the events. The approach is implemented in solc-verify, a modular verifier for Solidity, and we demonstrate its applicability with various examples