VERISMART: A Highly Precise Safety Verifier for Ethereum Smart Contracts
Sunbeom So,Myungho Lee,Jisu Park,Heejo Lee,Hakjoo Oh +4 more
- pp 1678-1694
TLDR
VerISMART as discussed by the authors is a highly precise verifier for ensuring arithmetic safety of Ethereum smart contracts, which is able to automatically discover and leverage transaction invariants that are essential for precisely analyzing smart contracts.Abstract:
We present VERISMART, a highly precise verifier for ensuring arithmetic safety of Ethereum smart contracts. Writing safe smart contracts without unintended behavior is critically important because smart contracts are immutable and even a single flaw can cause huge financial damage. In particular, ensuring that arithmetic operations are safe is one of the most important and common security concerns of Ethereum smart contracts nowadays. In response, several safety analyzers have been proposed over the past few years, but state-of-the-art is still unsatisfactory; no existing tools achieve high precision and recall at the same time, inherently limited to producing annoying false alarms or missing critical bugs. By contrast, VERISMART aims for an uncompromising analyzer that performs exhaustive verification without compromising precision or scalability, thereby greatly reducing the burden of manually checking undiscovered or incorrectly-reported issues. To achieve this goal, we present a new domain-specific algorithm for verifying smart contracts, which is able to automatically discover and leverage transaction invariants that are essential for precisely analyzing smart contracts. Evaluation with real-world smart contracts shows that VERISMART can detect all arithmetic bugs with a negligible number of false alarms, far outperforming existing analyzers.read more
Citations
More filters
Tools and Algorithms for the Construction and Analysis of Systems. Proc. TACAS 2009
Stefan Kowalewski,Anna Philippou +1 more
TL;DR: This paper presents a meta-modelling framework for modeling and testing the robustness of the modeled systems and some of the techniques used in this framework have been developed and tested in the field.
Journal ArticleDOI
A Survey on Blockchain Technology and its security
Huaqun Guo,Xingjie Yu +1 more
TL;DR: Wang et al. as discussed by the authors carried out a deeper survey about blockchain technology, especially its history, consensus algorithms' quantitative comparisons, details of cryptography in terms of public key cryptography, Zero-Knowledge Proofs, and hash functions used in the blockchain, and the comprehensive list of blockchain applications.
Proceedings ArticleDOI
Echidna: effective, usable, and fast fuzzing for smart contracts
TL;DR: An open-source smart contract fuzzer called Echidna that makes it easy to automatically generate tests to detect violations in assertions and custom properties, and which has been used in more than 10 large paid security audits.
Journal ArticleDOI
A Comprehensive Survey on Smart Contract Construction and Execution: Paradigms, Tools and Systems
TL;DR: This paper surveys the literature and online resources on smart contract construction and execution over the period 2008–2020 and divides the studies into three categories: design paradigms that give examples and patterns on contract construction, design tools that facilitate the development of secure smart contracts, and extensions and alternatives that improve the privacy or efficiency of the system.
Proceedings ArticleDOI
Semantic Understanding of Smart Contracts: Executable Operational Semantics of Solidity
TL;DR: This work develops a formal semantics for Solidity which provides a formal specification of smart contracts to define semantic-level security properties for the high-level verification and defines correct and secure high- level execution behaviours ofSmart contracts to reason about compiler bugs and assist developers in writing secure smart contracts.
References
More filters
Book ChapterDOI
Z3: an efficient SMT solver
TL;DR: Z3 is a new and efficient SMT Solver freely available from Microsoft Research that is used in various software verification and analysis applications.
Proceedings ArticleDOI
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints
Patrick Cousot,Radhia Cousot +1 more
TL;DR: In this paper, the abstract interpretation of programs is used to describe computations in another universe of abstract objects, so that the results of abstract execution give some information on the actual computations.
Book
Isabelle/HOL: A Proof Assistant for Higher-Order Logic
TL;DR: This presentation discusses Functional Programming in HOL, which aims to provide students with an understanding of the programming language through the lens of Haskell.
Proceedings ArticleDOI
Systematic design of program analysis frameworks
Patrick Cousot,Radhia Cousot +1 more
TL;DR: The systematic and correct design of program analysis frameworks with respect to a formal semantics is devoted to the main elements of the lattice theoretic approach to approximate semantic analysis of programs.
Book ChapterDOI
A Tool for Checking ANSI-C Programs
TL;DR: The tool supports almost all ANSI-C language features, including pointer constructs, dynamic memory allocation, recursion, and the float and double data types, and is integrated into a graphical user interface.