733 research outputs found
Using Coq to Enforce the Checks-Effects-Interactions Pattern in DeepSEA Smart Contracts
Using the DeepSEA system for smart contract proofs, this paper investigates how to use the Coq theorem prover to enforce that smart contracts follow the Checks-Effects-Interactions Pattern. This pattern is widely understood to mitigate the risks associated with reentrancy. The infamous "The DAO" exploit is an example of the risks of not following the Checks-Effects-Interactions Pattern. It resulted in the loss of over 50 million USD and involved reentrancy - the exploit used would not have been possible if the Checks-Effects-Interactions Pattern had been followed.
Remix IDE, for example, already has a tool to check that the Checks-Effects-Interactions Pattern has been followed as part of the Solidity Static Analysis module which is available as a plugin. However, aside from simply replicating the Remix IDE feature, implementing a Checks-Effects-Interactions Pattern checker in the proof assistant Coq also allows us to use the proofs, which are generated in the process, in other proofs related to the smart contract.
As an example of this, we will demonstrate an idea for how the modelling of Ether transfer can be simplified by using automatically generated proofs of the property that each smart contract function will call the Ether transfer method at most once (excluding any calls related to invoking other smart contracts). This property is a consequence of following a strict version of the Checks-Effects-Interactions Pattern as given in this paper
Multi: A Formal Playground for Multi-Smart Contract Interaction
Blockchains are maintained by a network of participants, miner nodes, that run algorithms designed to maintain collectively a distributed machine tolerant to Byzantine attacks. From the point of view of users, blockchains provide the illusion of centralized computers that perform trustable verifiable computations, where all computations are deterministic and the results cannot be manipulated or undone.
Every blockchain is equipped with a crypto-currency. Programs running on blockchains are called smart-contracts and are written in a special-purpose programming language with deterministic semantics. Each transaction begins with an invocation from an external user to a smart contract. Smart contracts have local storage and can call other contracts, and more importantly, they store, send and receive cryptocurrency.
Once installed in a blockchain, the code of the smart-contract cannot be modified. Therefore, it is very important to guarantee that contracts are correct before deployment. However, the resulting ecosystem makes it very difficult to reason about program correctness, since smart-contracts can be executed by malicious users or malicious smart-contracts can be designed to exploit other contracts that call them. Many attacks and bugs are caused by unexpected interactions between multiple contracts, the attacked contract and unknown code that performs the exploit.
Moreover, there is a very aggressive competition between different blockchains to expand their user base. Ideas are implemented fast and blockchains compete to offer and adopt new features quickly.
In this paper, we propose a formal playground that allows reasoning about multi-contract interactions and is extensible to incorporate new features, study their behaviour and ultimately prove properties before features are incorporated into the real blockchain. We implemented a model of computation that models the execution platform, abstracts the internal code of each individual contract and focuses on contract interactions. Even though our Coq implementation is still a work in progress, we show how many features, existing or proposed, can be used to reason about multi-contract interactions
Multi: a Formal Playground for Multi-Smart Contract Interaction
Blockchains are maintained by a network of participants that run algorithms
designed to maintain collectively a distributed machine tolerant to Byzantine
attacks. From the point of view of users, blockchains provide the illusion of
centralized computers that perform trustable verifiable computations, where all
computations are deterministic and the results cannot be manipulated or undone.
Smart-contracts are written in a special-purpose programming language with
deterministic semantics. Each transaction begins with an invocation from an
external user to a smart contract. Contracts have local storage and can call
other contracts, and more importantly, they store, send and receive
cryptocurrency. It is very important to guarantee that contracts are correct
before deployment since their code cannot be modified afterward deployment.
However, the resulting ecosystem makes it very difficult to reason about
program correctness, since contracts can be executed by malicious users or
malicious contracts can be designed to exploit other contracts that call them.
Many attacks and bugs are caused by unexpected interactions between multiple
contracts, the attacked contract and unknown code that performs the exploit.
Moreover, there is a very aggressive competition between different blockchains
to expand their user base. Ideas are implemented fast and blockchains compete
to offer and adopt new features quickly. In this paper, we propose a formal
extensible playground that allows reasoning about multi-contract interactions
to ultimately prove properties before features are incorporated into the real
blockchain. We implemented a model of computation that models the execution
platform, abstracts the internal code of each individual contract and focuses
on contract interactions. Moreover, we show how many features, existing or
proposed, can be used to reason about multi-contract interactions
ConCert: A Smart Contract Certification Framework in Coq
We present a new way of embedding functional languages into the Coq proof
assistant by using meta-programming. This allows us to develop the meta-theory
of the language using the deep embedding and provides a convenient way for
reasoning about concrete programs using the shallow embedding. We connect the
deep and the shallow embeddings by a soundness theorem. As an instance of our
approach, we develop an embedding of a core smart contract language into Coq
and verify several important properties of a crowdfunding contract based on a
previous formalisation of smart contract execution in blockchains.Comment: Extended the related work section. Significantly extended sections on
translation and semantics. Added more examples and details about the
formalisation. Commented of unquote and the trusted computing base. Commented
on adequac
- …