Abstract
Callbacks are an effective programming discipline for implementing event-driven programming, especially in environments like Ethereum which forbid shared global state and concurrency. Callbacks allow a callee to delegate the execution back to the caller. Though effective, they can lead to subtle mistakes principally in open environments where callbacks can be added in a new code. Indeed, several high profile bugs in smart contracts exploit callbacks.
We present the first static technique ensuring modularity in the presence of callbacks and apply it to verify prominent smart contracts. Modularity ensures that external calls to other contracts cannot affect the behavior of the contract. Importantly, modularity is guaranteed without restricting programming.
In general, checking modularity is undecidable—even for programs without loops. This paper describes an effective technique for soundly ensuring modularity harnessing SMT solvers. The main idea is to define a constructive version of modularity using commutativity and projection operations on program segments. We believe that this approach is also accessible to programmers, since counterexamples to modularity can be generated automatically by the SMT solvers, allowing programmers to understand and fix the error.
We implemented our approach in order to demonstrate the precision of the modularity analysis and applied it to real smart contracts, including a subset of the 150 most active contracts in Ethereum. Our implementation decompiles bytecode programs into an intermediate representation and then implements the modularity checking using SMT queries. Overall, we argue that our experimental results indicate that the method can be applied to many realistic contracts, and that it is able to prove modularity where other methods fail.
Supplemental Material
- Elvira Albert, Miguel Gómez-Zamalloa, Miguel Isabel, and Albert Rubio. 2018. Constrained Dynamic Partial Order Reduction. In Computer Aided Verification-30th International Conference, CAV 2018, Held as Part of the Federated Logic Conference, FloC 2018, Oxford, UK, July 14-17, 2018, Proceedings, Part II. 392-410.Google ScholarCross Ref
- Anonymized for the submission. 2020. Anonymized for the submission..Google Scholar
- Nicola Atzei, Massimo Bartoleti, and Tiziana Cimoli. 2017. A Survey of Atacks on Ethereum Smart Contracts SoK. In Proceedings of the 6th International Conference on Principles of Security and Trust-Volume 10204. Springer-Verlag New York, Inc., New York, NY, USA, 164-186. https://doi.org/10.1007/978-3-662-54455-6_8 Google ScholarDigital Library
- Kshitij Bansal, Eric Koskinen, and Omer Tripp. 2018. Automatic Generation of Precise and Useful Commutativity Conditions. In Tools and Algorithms for the Construction and Analysis of Systems, Dirk Beyer and Marieke Huisman (Eds.). Springer International Publishing, Cham, 115-132.Google Scholar
- Gilles Barthe, Renate Eilers, Pamina Georgiou, Bernhard Gleiss, Laura Kovács, and Mateo Mafei. 2019. Verifying Relational Properties using Trace Logic. In 2019 Formal Methods in Computer Aided Design, FMCAD 2019, San Jose, CA, USA, October 22-25, 2019. 170-178.Google Scholar
- Sidi Mohamed Beillahi, Gabriela Ciocarlie, Michael Emmi, and Constantin Enea. 2020. Behavioral Simulation for Smart Contracts. ( 2020 ), To appear.Google Scholar
- Nick Benton. 2004. Simple relational correctness proofs for static analyses and program transformations. ACM SIGPLAN Notices 39, 1 ( 2004 ), 14-25.Google Scholar
- Thomas Bernardi, Nurit Dor, Anastasia Fedotov, Shelly Grossman, Alexander Nutz, Lior Oppenheim, Or Pistiner, Mooly Sagiv, John Toman, and James Wilcox. 2020. Preventing Reentrancy Bugs-Another Use Case for Formal Verification. https://www.certora.com/blog/reentrancy.html.Google Scholar
- Philip A. Bernstein, Vassos Hadzilacos, and Nathan Goodman. 1987. Concurrency Control and Recovery in Database Systems. Addison-Wesley.Google ScholarDigital Library
- Alina Bizga. 2020. A hackers' dream payday: Ledf.Me and Uniswap lose $25 million worth of cryptocurrency. https://securityboulevard.com/ 2020 /04/a-hackers-dream-payday-ledf-me-and-uniswap-lose-25-million-worthof-cryptocurrency/. [Online; accessed 11-May-2020].Google Scholar
- Lexi Brent, Neville Grech, Sifis Lagouvardos, Bernhard Scholz, and Yannis Smaragdakis. 2020. Ethainter: A Smart Contract Security Analyzer for Composite Vulnerabilities. ( 2020 ), To appear.Google Scholar
- Vitalik Buterin. 2016. CRITICAL UPDATE Re: DAO Vulnerability. https://blog.ethereum.org/ 2016 /06/17/critical-update-redao-vulnerability/. [Online; accessed 2-July-2017].Google Scholar
- Ethan Ceccheti, Siqiu Yao, Haobin Ni, and Andrew Myers. 2020. Securing Smart Contracts with Information Flow. In Third International Symposium on Foundations and Applications of Blockchain 2020.Google Scholar
- Consensys. 2019. Ethereum Smart Contract Best Practices. https://consensys.github.io/smart-contract-best-practices/ known_attacks/. [Online; accessed 14-May-2020].Google Scholar
- Phil Daian. 2016. ( 2016 ). http://hackingdistributed.com/ 2016 /06/18/ analysis-of-the-dao-exploit/Google Scholar
- Leonardo De Moura and Nikolaj Bjørner. [n.d.]. Z3: An Eficient SMT Solver. In Proceedings of the Theory and Practice of Software, 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (Budapest, Hungary) ( TACAS'08/ETAPS'08). Springer-Verlag, Berlin, Heidelberg, 337-340.Google Scholar
- Josselin Feist, Gustavo Grieco, and Alex Groce. 2019. Slither: a static analysis framework for smart contracts. In 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). IEEE, 8-15.Google ScholarDigital Library
- Christof Ferreira Torres, Mathis Baden, Robert Norvill, and Hugo Jonker. 2019. ÆGIS: Smart Shielding of Smart Contracts. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (London, United Kingdom) (CCS 19). Association for Computing Machinery, New York, NY, USA, 2589-2591.Google ScholarDigital Library
- Bernd Finkbeiner, Christopher Hahn, Marvin Stenger, and Leander Tentrup. 2019. Monitoring hyperproperties. Formal Methods Syst. Des. 54, 3 ( 2019 ), 336-363.Google Scholar
- Cormac Flanagan and Shaz Qadeer. 2003. A type and efect system for atomicity. In Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation 2003, San Diego, California, USA, June 9-11, 2003. ACM, 338-349.Google ScholarDigital Library
- Ilya Grishchenko, Mateo Mafei, and Clara Schneidewind. 2018a. Foundations and Tools for the Static Analysis of Ethereum Smart Contracts. In Computer Aided Verification, Hana Chockler and Georg Weissenbacher (Eds.). Springer International Publishing, Cham, 51-78.Google Scholar
- Ilya Grishchenko, Mateo Mafei, and Clara Schneidewind. 2018b. A Semantic Framework for the Security Analysis of Ethereum Smart Contracts. In Principles of Security and Trust, Lujo Bauer and Ralf Küsters (Eds.). Springer International Publishing, Cham, 243-269.Google Scholar
- Shelly Grossman, Itai Abraham, Guy Golan-Gueta, Yan Michalevsky, Noam Rinetzky, Mooly Sagiv, and Yoni Zohar. 2018. Online detection of efectively callback free objects with applications to smart contracts. PACMPL 2, POPL ( 2018 ), 48 : 1-48 : 28.Google Scholar
- Fernando Hernandez. 2019. Understanding Callbacks and Promises. https://dev.to/_ferh97/ understanding-callbacks-andpromises-3fd5. [Online; accessed 14-May-2020].Google Scholar
- Hudson Jameson. 2019. Security Alert: Ethereum Constantinople Postponement. https://blog.ethereum.org/ 2019 /01/15/ security-alert-ethereum-constantinople-postponement/. [Online; accessed 11-May-2020].Google Scholar
- Aashish Kolluri, Ivica Nikolic, Ilya Sergey, Aquinas Hobor, and Prateek Saxena. 2019. Exploiting the Laws of Order in Smart Contracts. In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis (Beijing, China) ( ISSTA 2019). ACM, New York, NY, USA, 363-373. https://doi.org/10.1145/3293882.3330560 Google ScholarDigital Library
- Patrick Lam, Eric Bodden, Ondrej Lhoták, and Laurie Hendren. 2011. The Soot framework for Java program analysis: a retrospective.Google Scholar
- Ao Li, Jemin Andrew Choi, and Fan Long. 2020. Securing Smart Contract with Runtime Validation. ( 2020 ), To appear.Google Scholar
- Richard J. Lipton. 1975. Reduction: A Method of Proving Properties of Parallel Programs. Commun. ACM 18, 12 (Dec. 1975 ), 717-721.Google ScholarDigital Library
- Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making Smart Contracts Smarter. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (Vienna, Austria) ( CCS '16). ACM, New York, NY, USA, 254-269.Google ScholarDigital Library
- Anastasia Mavridou and Aron Laszka. 2018. Tool Demonstration: FSolidM for Designing Secure Ethereum Smart Contracts. In Principles of Security and Trust, Lujo Bauer and Ralf Küsters (Eds.). Springer International Publishing, Cham, 270-277.Google Scholar
- Ivica Nikolić, Aashish Kolluri, Ilya Sergey, Prateek Saxena, and Aquinas Hobor. 2018. Finding the greedy, prodigal, and suicidal contracts at scale. In Proceedings of the 34th Annual Computer Security Applications Conference. 653-663.Google ScholarDigital Library
- Daniel Palmer. 2018. SpankChain Loses $40K in Hack Due to Smart Contract Bug. https://www.coindesk.com/spankchainloses-40k-in-hack-due-to-smart-contract-bug. [Online; accessed 11-May-2020].Google Scholar
- Michael Rodler, Wenting Li, Ghassan O. Karame, and Lucas Davi. 2019. Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Atacks. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24-27, 2019. The Internet Society. https://www.ndss-symposium.org/ndss-paper/sereumprotecting-existing-smart-contracts-against-re-entrancy-attacks/Google Scholar
- Clara Schneidewind, Markus Scherer, Ilya Grishchenko, and Mateo Mafei. 2020. eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts. ( 2020 ), To appear.Google Scholar
- Ilya Sergey and Aquinas Hobor. 2017. A Concurrent Perspective on Smart Contracts. In Financial Cryptography and Data Security, Michael Brenner, Kurt Rohlof, Joseph Bonneau, Andrew Miller, Peter Y.A. Ryan, Vanessa Teague, Andrea Bracciali, Massimiliano Sala, Federico Pintore, and Markus Jakobsson (Eds.). Springer International Publishing, Cham, 478-493.Google Scholar
- Marcelo Sousa and Isil Dillig. 2016. Cartesian hoare logic for verifying k-safety properties. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2016, Santa Barbara, CA, USA, June 13-17, 2016. 57-69.Google ScholarDigital Library
- Synthetix. 2020. Synthetix-Decentralised synthetic assets. www.synthetix.io.Google Scholar
- The Concourse Open Community. 2019. DeFi Pulse. https://defipulse.com/. [Online; accessed 11-May-2020].Google Scholar
- S. Tikhomirov, E. Voskresenskaya, I. Ivanitskiy, R. Takhaviev, E. Marchenko, and Y. Alexandrov. 2018. SmartCheck: Static Analysis of Ethereum Smart Contracts. In 2018 IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). 9-16.Google Scholar
- Omer Tripp, Roman Manevich, John Field, and Mooly Sagiv. 2012. JANUS: exploiting parallelism via hindsight. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ' 12, Beijing, China-June 11-16, 2012, Jan Vitek, Haibo Lin, and Frank Tip (Eds.). ACM, 145-156.Google ScholarDigital Library
- Petar Tsankov, Andrei Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Bünzli, and Martin Vechev. 2018. Securify: Practical Security Analysis of Smart Contracts. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (Toronto, Canada) ( CCS '18). ACM, New York, NY, USA, 67-82. https://doi.org/10.1145/ 3243734.3243780 Google ScholarDigital Library
- Cooper Turley. 2020. imBTC Uniswap Pool Drained for $300k in ETH. https://defirate.com/imbtc-uniswap-hack/. [Online; accessed 11-May-2020].Google Scholar
- Chao Wang, Zijiang Yang, Vineet Kahlon, and Aarti Gupta. 2008. Peephole Partial Order Reduction. In Tools and Algorithms for the Construction and Analysis of Systems, 14th International Conference, TACAS 2008, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2008, Budapest, Hungary, March 29-April 6, 2008. Proceedings. 382-396.Google ScholarCross Ref
- Liqiang Wang and Scot D. Stoller. 2005. Static analysis of atomicity for programs with non-blocking synchronization. In Proceedings of the ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming, PPOPP 2005, June 15-17, 2005, Chicago, IL, USA. ACM, 61-71. https://doi.org/10.1145/1065944.1065953 Google ScholarDigital Library
- Yuepeng Want, Shuvendu Lahiri, Shuo Chen, Rong Pan, Isil Dillig, Cody Bprb, and Immad Naseer. 2019. Formal Specification and Verification of Smart Contracts for Azure Blockchain., 13 pages. arXiv: 1812.08829v2.Google Scholar
- Gavin Wood. 2016. Ethereum: A Secure Decentralised Generalised Transaction Ledger. http://gavwood.com/paper.pdf. [Online; accessed 5-July-2017].Google Scholar
Index Terms
- Taming callbacks for smart contract modularity
Recommendations
On-Chain Smart Contract Verification over Tendermint
Financial Cryptography and Data Security. FC 2021 International WorkshopsAbstractSmart contracts are computer code that runs in blockchain and expresses the rules of an agreement among parties. A bug in their code has major consequences, such as rule violations and security attacks. Smart contracts are immutable and cannot be ...
The treewidth of smart contracts
SAC '19: Proceedings of the 34th ACM/SIGAPP Symposium on Applied ComputingSmart contracts are programs that are stored and executed on the Blockchain and can receive, manage and transfer money (cryptocurrency units). Two important problems regarding smart contracts are formal analysis and compiler optimization. Formal ...
Formal Modeling and Verification of Smart Contracts
ICSCA '18: Proceedings of the 2018 7th International Conference on Software and Computer ApplicationsSmart contracts can automatically perform the contract terms according to the received information, and it is one of the most important research fields in digital society. The core of smart contracts is algorithm contract, that is, the parties reach an ...
Comments