A Solicitous Approach to Smart Contract Verification

【Author】 Otoni, Rodrigo; Marescotti, Matteo; Alt, Leonardo; Eugster, Patrick; Hyvarinen, Antti; Sharygina, Natasha

【Source】ACM TRANSACTIONS ON PRIVACY AND SECURITY

【影响因子】2.717

【Abstract】Smart contracts are tempting targets of attacks, as they often hold and manipulate significant financial assets, are immutable after deployment, and have publicly available source code, with assets estimated in the order of millions of dollars being lost in the past due to vulnerabilities. Formal verification is thus a necessity, but smart contracts challenge the existing highly efficient techniques routinely applied in the symbolic verification of software, due to specificities not present in general programming languages. A common feature of existingworks in this area is the attempt to reuse off-the-shelf verification tools designed for general programming languages. This reuse can lead to inefficiency and potentially unsound results, as domain translation is required. In this article, we describe a carefully crafted approach that directly models the central aspects of smart contracts natively, going from the contract to its logical representation without intermediary steps. We use the expressive and highly automatable logic of constrained Horn clauses for modeling and instantiate our approach to the Solidity language. A tool implementing our approach, called Solicitous, was developed and integrated into the SMTChecker module of the Solidity compiler solc. We evaluated our approach on an extensive benchmark set containing 22,446 real-world smart contracts deployed on the Ethereum blockchain over a 27-month period. The results show that our approach is able to establish safety of significantly more contracts than comparable, publicly available verification tools, with an order of magnitude increase in the percentage of formally verified contracts.

【Keywords】Smart contracts; direct modeling; vulnerability detection

【发表时间】2023 MAY

【收录时间】2023-05-22

【文献类型】实证数据

【主题类别】

区块链技术-核心技术-智能合约