solc-verify: A Modular Verifier for Solidity Smart Contracts

07/09/2019
by   Ákos Hajdu, et al.
0

We present solc-verify, a source-level verification tool for Ethereum smart contracts. Solc-verify takes smart contracts written in Solidity and discharges verification conditions using modular program analysis and SMT solvers. Built on top of the Solidity compiler, solc-verify reasons at the level of the contract source code, as opposed to the more common approaches that operate at the level of Ethereum bytecode. This enables solc-verify to effectively reason about high-level contract properties while modeling low-level language semantics precisely. The contract properties, such as contract invariants, loop invariants, and function pre- and post-conditions, can be provided as annotations in the code by the developer. This enables automated, yet user-friendly formal verification for smart contracts. We demonstrate solc-verify by examining real-world examples where our tool can effectively find bugs and prove correctness of non-trivial properties with minimal user effort.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
06/12/2019

SAFEVM: A Safety Verifier for Ethereum Smart Contracts

Ethereum smart contracts are public, immutable and distributed and, as s...
research
03/03/2021

SciviK: A Versatile Framework for Specifying and Verifying Smart Contracts

The growing adoption of smart contracts on blockchains poses new securit...
research
01/09/2020

SMT-Friendly Formalization of the Solidity Memory Model

Solidity is the dominant programming language for Ethereum smart contrac...
research
08/23/2019

Contract-based verification of a realistic quantum compiler

In this paper, we present CertiQ, a mostly-automated verification framew...
research
05/17/2021

Summing Up Smart Transitions

Some of the most significant high-level properties of currencies are the...
research
09/01/2019

Refinement type contracts for verification of scientific investigative software

Our scientific knowledge is increasingly built on software output. User ...
research
06/02/2021

Phoenix: A Formally Verified Regenerating Vault

An attacker that gains access to a cryptocurrency user's private keys ca...

Please sign up or login with your details

Forgot password? Click here to reset