Towards Safer Smart Contracts: A Survey of Languages and Verification Methods

With a market capitalisation of over USD 205 billion in just under ten years, public distributed ledgers have experienced significant adoption. Apart from novel consensus mechanisms, their success is also accountable to smart contracts. These programs allow distrusting parties to enter agreements that are executed autonomously. However, implementation issues in smart contracts caused severe losses to the users of such contracts. Significant efforts are taken to improve their security by introducing new programming languages and advance verification methods. We provide a survey of those efforts in two parts. First, we introduce several smart contract languages focussing on security features. To that end, we present an overview concerning paradigm, type, instruction set, semantics, and metering. Second, we examine verification tools and methods for smart contract and distributed ledgers. Accordingly, we introduce their verification approach, level of automation, coverage, and supported languages. Last, we present future research directions including formal semantics, verified compilers, and automated verification

Short Paper: Blockcheck the Typechain

Recent efforts have sought to design new smart contract programming languages that make writing blockchain programs safer. But programs on the blockchain are beholden only to the safety properties enforced by the blockchain itself: even the strictest language-only properties can be rendered moot on a language-oblivious blockchain due to inter-contract interactions. Consequently, while safer languages are a necessity, fully realizing their benefits necessitates a language-aware redesign of the blockchain itself. To this end, we propose that the blockchain be viewed as a typechain: a chain of typed programs-not arbitrary blocks-that are included iff they typecheck against the existing chain. Reaching consensus, or blockchecking, validates typechecking in a byzantine fault-tolerant manner. Safety properties traditionally enforced by a runtime are instead enforced by a type system with the aim of statically capturing smart contract correctness. To provide a robust level of safety, we contend that a typechain must minimally guarantee (1) asset linearity and liveness, (2) physical resource availability, including CPU and memory, (3) exceptionless execution, or no early termination, (4) protocol conformance, or adherence to some state machine, and (5) inter-contract safety, including reentrancy safety. Despite their exacting nature, typechains are extensible, allowing for rich libraries that extend the set of verified properties. We expand on typechain properties and present examples of real-world bugs they prevent

Smart Contract Languages: A Multivocal Mapping Study

Blockchain is a disruptive technology that has attracted the attention of the scientific community and compa nies, as proven by the exponential growth of publications on this topic in recent years. This growing interest is mainly due to the promise that the use of blockchain enables it to be verified, without including any trusted intermediaries, that the information received from the network is authentic and up-to-date. In this respect, blockchain is a distributed database that can be seen as a ledger that records all transactions that have ever been executed. In this context, smart contracts are pieces of software used to facilitate, verify, and enforce the negotiation of a transaction on a blockchain platform. These pieces of software are implemented by using programming languages, which are sometimes provided by the blockchain platforms themselves. This study aims to (1) identify and categorise the state-of-the-art related to smart contract languages, in terms of the existing languages and their main features, and (2) identify new research opportunities. The review has been conducted as a multivocal mapping study that followsthe guidelines proposed by Garousi et al. for conducting multivocal literature reviews, as well as the guidelines proposed by Kitchenham and Charters for conducting mapping studies. As a result of the implementation of the review protocol, 4,119 papers were gathered, and 109 of them were selected for extraction. The contributions of this article are twofold: (1) 101 different smart contract languages have been identified and classified according to a variety of criteria; (2) a discussion on the findings and their implications for future research have been outlined. As a conclusion, it could be stated that a rigorous and replicable overview of the state-of-the-art of smart contract languages has been provided that can benefit not only researchers but also practitioners in the field, thanks to its multivocal nature.Ministerio de Ciencia y Tecnología RTI2018-094283-B-C33 (ECLIPSE)Junta de Andalucía COPERNICA (P20-01224)Junta de Andalucía METAMORFOSIS (US-1381375

Detection of Vulnerabilities in Smart Contracts Specifications in Ethereum Platforms

Ethereum is the principal ecosystem based on blockchain that provides a suitable environment for coding and executing smart contracts, which have been receiving great attention due to the commercial apps and among the scientific community. The process of writing secure and well performing contracts in the Ethereum platform is a major challenge for developers. It consists of the application of non-conventional programming paradigms due to the inherent characteristics of the execution of distributed computing programs. Furthermore, the errors in the deployed contracts could have serious consequences because of the immediate linkage between the contract code and the financial transactions. The direct handling of the assets means that the errors can be more relevant for security and have greater economic consequences than a mistake in the conventional apps. In this paper, we propose a tool for the detection of vulnerabilities in high-level languages based on automatized static analysis

Detection of vulnerabilities in smart contracts specifications in ethereum platforms

Ethereum is the principal ecosystem based on blockchain that provides a suitable environment for coding and executing smart contracts, which have been receiving great attention due to the commercial apps and among the scientific community. The process of writing secure and well performing contracts in the Ethereum platform is a major challenge for developers. It consists of the application of non-conventional programming paradigms due to the inherent characteristics of the execution of distributed computing programs. Furthermore, the errors in the deployed contracts could have serious consequences because of the immediate linkage between the contract code and the financial transactions. The direct handling of the assets means that the errors can be more relevant for security and have greater economic consequences than a mistake in the conventional apps. In this paper, we propose a tool for the detection of vulnerabilities in high-level languages based on automatized static analysis.This work has been supported by FCT – Fundação para a Ciência e Tecnologia within the Project Scope: UIDB/05757/2020.info:eu-repo/semantics/publishedVersio

GASOL: Gas Analysis and Optimization for Ethereum Smart Contracts

We present the main concepts, components, and usage of GASOL, a Gas AnalysiS and Optimization tooL for Ethereum smart contracts. GASOL offers a wide variety of cost models that allow inferring the gas consumption associated to selected types of EVM instructions and/or inferring the number of times that such types of bytecode instructions are executed. Among others, we have cost models to measure only storage opcodes, to measure a selected family of gas-consumption opcodes following the Ethereum's classification, to estimate the cost of a selected program line, etc. After choosing the desired cost model and the function of interest, GASOL returns to the user an upper bound of the cost for this function. As the gas consumption is often dominated by the instructions that access the storage, GASOL uses the gas analysis to detect under-optimized storage patterns, and includes an (optional) automatic optimization of the selected function. Our tool can be used within an Eclipse plugin for Solidity which displays the gas and instructions bounds and, when applicable, the gas-optimized Solidity function