86 research outputs found
Towards Safer Smart Contracts: A Survey of Languages and Verification Methods
With a market capitalisation of over USD 205 billion in just under ten years, public distributed ledgers have experienced significant adoption. Apart from novel consensus mechanisms, their success is also accountable to smart contracts. These programs allow distrusting parties to enter agreements that are executed autonomously. However, implementation issues in smart contracts caused severe losses to the users of such contracts. Significant efforts are taken to improve their security by introducing new programming languages and advance verification methods. We provide a survey of those efforts in two parts. First, we introduce several smart contract languages focussing on security features. To that end, we present an overview concerning paradigm, type, instruction set, semantics, and metering. Second, we examine verification tools and methods for smart contract and distributed ledgers. Accordingly, we introduce their verification approach, level of automation, coverage, and supported languages. Last, we present future research directions including formal semantics, verified compilers, and automated verification
Short Paper: Blockcheck the Typechain
Recent efforts have sought to design new smart contract programming languages that make writing blockchain programs safer. But programs on the blockchain are beholden only to the safety properties enforced by the blockchain itself: even the strictest language-only properties can be rendered moot on a language-oblivious blockchain due to inter-contract interactions. Consequently, while safer languages are a necessity, fully realizing their benefits necessitates a language-aware redesign of the blockchain itself. To this end, we propose that the blockchain be viewed as a typechain: a chain of typed programs-not arbitrary blocks-that are included iff they typecheck against the existing chain. Reaching consensus, or blockchecking, validates typechecking in a byzantine fault-tolerant manner. Safety properties traditionally enforced by a runtime are instead enforced by a type system with the aim of statically capturing smart contract correctness. To provide a robust level of safety, we contend that a typechain must minimally guarantee (1) asset linearity and liveness, (2) physical resource availability, including CPU and memory, (3) exceptionless execution, or no early termination, (4) protocol conformance, or adherence to some state machine, and (5) inter-contract safety, including reentrancy safety. Despite their exacting nature, typechains are extensible, allowing for rich libraries that extend the set of verified properties. We expand on typechain properties and present examples of real-world bugs they prevent
Smart Contract Languages: A Multivocal Mapping Study
Blockchain is a disruptive technology that has attracted the attention of the scientific community and compa nies, as proven by the exponential growth of publications on this topic in recent years. This growing interest
is mainly due to the promise that the use of blockchain enables it to be verified, without including any trusted
intermediaries, that the information received from the network is authentic and up-to-date. In this respect,
blockchain is a distributed database that can be seen as a ledger that records all transactions that have ever
been executed. In this context, smart contracts are pieces of software used to facilitate, verify, and enforce
the negotiation of a transaction on a blockchain platform. These pieces of software are implemented by using
programming languages, which are sometimes provided by the blockchain platforms themselves. This study
aims to (1) identify and categorise the state-of-the-art related to smart contract languages, in terms of the
existing languages and their main features, and (2) identify new research opportunities. The review has been
conducted as a multivocal mapping study that followsthe guidelines proposed by Garousi et al. for conducting
multivocal literature reviews, as well as the guidelines proposed by Kitchenham and Charters for conducting
mapping studies. As a result of the implementation of the review protocol, 4,119 papers were gathered, and
109 of them were selected for extraction. The contributions of this article are twofold: (1) 101 different smart
contract languages have been identified and classified according to a variety of criteria; (2) a discussion on
the findings and their implications for future research have been outlined. As a conclusion, it could be stated
that a rigorous and replicable overview of the state-of-the-art of smart contract languages has been provided
that can benefit not only researchers but also practitioners in the field, thanks to its multivocal nature.Ministerio de Ciencia y Tecnología RTI2018-094283-B-C33 (ECLIPSE)Junta de Andalucía COPERNICA (P20-01224)Junta de Andalucía METAMORFOSIS (US-1381375
Detection of Vulnerabilities in Smart Contracts Specifications in Ethereum Platforms
Ethereum is the principal ecosystem based on blockchain that provides a suitable environment for coding and executing smart contracts, which have been receiving great attention due to the commercial apps and among the scientific community. The process of writing secure and well performing contracts in the Ethereum platform is a major challenge for developers. It consists of the application of non-conventional programming paradigms due to the inherent characteristics of the execution of distributed computing programs. Furthermore, the errors in the deployed contracts could have serious consequences because of the immediate linkage between the contract code and the financial transactions. The direct handling of the assets means that the errors can be more relevant for security and have greater economic consequences than a mistake in the conventional apps. In this paper, we propose a tool for the detection of vulnerabilities in high-level languages based on automatized static analysis
Detection of vulnerabilities in smart contracts specifications in ethereum platforms
Ethereum is the principal ecosystem based on blockchain that provides a suitable environment
for coding and executing smart contracts, which have been receiving great attention due to the
commercial apps and among the scientific community. The process of writing secure and well
performing contracts in the Ethereum platform is a major challenge for developers. It consists of
the application of non-conventional programming paradigms due to the inherent characteristics of
the execution of distributed computing programs. Furthermore, the errors in the deployed contracts
could have serious consequences because of the immediate linkage between the contract code and
the financial transactions. The direct handling of the assets means that the errors can be more
relevant for security and have greater economic consequences than a mistake in the conventional
apps. In this paper, we propose a tool for the detection of vulnerabilities in high-level languages
based on automatized static analysis.This work has been supported by FCT – Fundação para a Ciência e Tecnologia within the Project Scope: UIDB/05757/2020.info:eu-repo/semantics/publishedVersio
GASOL: Gas Analysis and Optimization for Ethereum Smart Contracts
We present the main concepts, components, and usage of GASOL, a Gas AnalysiS
and Optimization tooL for Ethereum smart contracts. GASOL offers a wide variety
of cost models that allow inferring the gas consumption associated to selected
types of EVM instructions and/or inferring the number of times that such types
of bytecode instructions are executed. Among others, we have cost models to
measure only storage opcodes, to measure a selected family of gas-consumption
opcodes following the Ethereum's classification, to estimate the cost of a
selected program line, etc. After choosing the desired cost model and the
function of interest, GASOL returns to the user an upper bound of the cost for
this function. As the gas consumption is often dominated by the instructions
that access the storage, GASOL uses the gas analysis to detect under-optimized
storage patterns, and includes an (optional) automatic optimization of the
selected function. Our tool can be used within an Eclipse plugin for Solidity
which displays the gas and instructions bounds and, when applicable, the
gas-optimized Solidity function
- …