DeepAI AI Chat
Log In Sign Up

A Semantic Framework for the Security Analysis of Ethereum smart contracts

by   Ilya Grishchenko, et al.

Smart contracts are programs running on cryptocurrency (e.g., Ethereum) blockchains, whose popularity stem from the possibility to perform financial transactions, such as payments and auctions, in a distributed environment without need for any trusted third party. Given their financial nature, bugs or vulnerabilities in these programs may lead to catastrophic consequences, as witnessed by recent attacks. Unfortunately, programming smart contracts is a delicate task that requires strong expertise: Ethereum smart contracts are written in Solidity, a dedicated language resembling JavaScript, and shipped over the blockchain in the EVM bytecode format. In order to rigorously verify the security of smart contracts, it is of paramount importance to formalize their semantics as well as the security properties of interest, in particular at the level of the bytecode being executed. In this paper, we present the first complete small-step semantics of EVM bytecode, which we formalize in the F* proof assistant, obtaining executable code that we successfully validate against the official Ethereum test suite. Furthermore, we formally define for the first time a number of central security properties for smart contracts, such as call integrity, atomicity, and independence from miner controlled parameters. This formalization relies on a combination of hyper- and safety properties. Along this work, we identified various mistakes and imprecisions in existing semantics and verification tools for Ethereum smart contracts, thereby demonstrating once more the importance of rigorous semantic foundations for the design of security verification techniques.


page 1

page 2

page 3

page 4


Tool Demonstration: FSolidM for Designing Secure Ethereum Smart Contracts

Blockchain-based distributed computing platforms enable the trusted exec...

Executable Operational Semantics of Solidity

Bitcoin has attracted everyone's attention and interest recently. Ethere...

Formal and Executable Semantics of the Ethereum Virtual Machine in Dafny

The Ethereum protocol implements a replicated state machine. The network...

FIRST: FrontrunnIng Resilient Smart ConTracts

Owing to the meteoric rise in the usage of cryptocurrencies, there has b...

Summing Up Smart Transitions

Some of the most significant high-level properties of currencies are the...

Data-Driven Model-Based Analysis of the Ethereum Verifier's Dilemma

In proof-of-work based blockchains such as Ethereum, verification of blo...

Formal Verification of Solidity contracts in Event-B

Smart contracts are the artifact of the blockchain that provide immutabl...