KEVM: A Complete Formal Semantics of the Ethereum Virtual Machine

Hildenbrandt, Everett; Saxena, Manasvi; Rodrigues, Nishant; Zhu, Xiaoran; Daian, Philip; Guth, Dwight; Moore, B.; Park, Daejun; Zhang, Yi; Ștefănescu, Andrei; Roşu, Grigore

doi:10.1109/csf.2018.00022

Cited by 339 publications

(275 citation statements)

References 12 publications

Supporting

Mentioning

273

Contrasting

Unclassified

Order By: Relevance

“…Existing techniques for smart contract security can be roughly categorized into various categories, including static approaches for finding vulnerable patterns, formal verification techniques, and runtime checking. In addition, there has been work on formalizing the semantics of EVM in a formal language such as the K Framework [20]. Finally, there are several works that discuss a survey and taxonomy of vulnerabilities in smart contracts [13], [26], [28].…”

Section: Related Workmentioning

confidence: 99%

Formal Verification of Workflow Policies for Smart Contracts in Azure Blockchain

Wang

Lahiri

Chen

et al. 2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Ensuring correctness of smart contracts is paramount to ensuring trust in blockchain-based systems. This paper studies the safety and security of smart contracts in the Azure Blockchain Workbench, an enterprise Blockchain-asa-Service offering from Microsoft. As part of this study, we formalize semantic conformance of smart contracts against a state machine model with access-control policy and develop a highly-automated formal verifier for Solidity that can produce proofs as well as counterexamples. We have applied our verifier VERISOL to analyze all contracts shipped with the Azure Blockchain Workbench, which includes application samples as well as a governance contract for Proof of Authority (PoA). We have found previously unknown bugs in these published smart contracts. After fixing these bugs, VERISOL was able to successfully perform full verification for all of these contracts.

show abstract

Section: Related Workmentioning

confidence: 99%

Formal Verification of Workflow Policies for Smart Contracts in Azure Blockchain

Wang

Lahiri

Chen

et al. 2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Grishchenko et al [20] extend this work by providing a complete small step semantics for EVM. Kevm [22] provides an executable formal semantics of EVM in the K framework. Hirai [23] formalizes EVM in Lem, a language used by some interactive theorem provers.…”

Section: Related Workmentioning

confidence: 99%

“…Early approaches to verification of Ethereum smart contracts focused mostly on formalizing the low-level virtual machine precisely (see, e.g., [11,20,22,23,2]). However, the unnecessary details of the EVM execution model make it difficult to reason about high-level functional properties of contracts (as they were written by developers) in an effective and automated way.…”

mentioning

confidence: 99%

SMT-Friendly Formalization of the Solidity Memory Model

Hajdu

Jovanović

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Solidity is the dominant programming language for Ethereum smart contracts. This paper presents a high-level formalization of the Solidity language with a focus on the memory model. The presented formalization covers all features of the language related to managing state and memory. In addition, the formalization we provide is effective: all but few features can be encoded in the quantifier-free fragment of standard SMT theories. This enables precise and efficient reasoning about the state of smart contracts written in Solidity. The formalization is implemented in the solc-verify verifier and we provide an extensive set of tests that covers the breadth of the required semantics. We also provide an evaluation on the test set that validates the semantics and shows the novelty of the approach compared to other Solidity-level contract analysis tools. IntroductionEthereum [30] is a public blockchain platform that provides a novel computing paradigm for developing decentralized applications. Ethereum allows the deployment of arbitrary programs (termed smart contracts [29]) that operate over the blockchain state, and allows the public to interact with the contracts. It is currently the most popular public blockchain with smart contract functionality. While the nodes participating in the Ethereum network operate a low-level, stack-based virtual machine (EVM) that executes the compiled smart contracts, the contracts themselves are mostly written in a high-level, contract-oriented programming language called Solidity [28].Even though smart contracts are generally short, they are no less prone to errors than software in general. In the Ethereum context, any flaws in the contract code come with potentially devastating financial consequences (such as the infamous DAO exploit [18]). This has inspired a great interest in applying formal verification techniques to Ethereum smart contracts (see e.g., [4] or [14] for surveys). In order to apply formal verification of any kind, be it static analysis or model checking, the first step is to formalize the semantics of the programming language that the smart contracts are written in. Such semantics should not ⋆ The author was also affiliated with SRI International as an intern during this project.

show abstract

“…Mitigations of such vulnerabilities can be done by code analysis tools [101], [133], respecting best practices [126], [134], utilizing known design patterns [141], audits, and testing. Various approaches are used for source code analysis, such as linters [133], [109], [46], fuzzers [73], semantic-based program verifiers [68], and other symbolic code analyzers [135] often using control flowgraph techniques. Note that source code of contracts is often not public in contrast to their bytecode.…”

Section: B Smart Contractsmentioning

confidence: 99%

A Security Reference Architecture for Blockchains

Homoliak

Venugopalan

Hum

et al. 2019

2019 IEEE International Conference on Blockchain (Blockchain)

View full text Add to dashboard Cite

Due to their interesting features, blockchains have become popular in recent years. They are full-stack systems where security is a critical factor for their success. The main focus of this work is to systematize knowledge about security and privacy issues of blockchains. To this end, we propose a security reference architecture based on models that demonstrate the stacked hierarchy of various threats (similar to the ISO/OSI hierarchy) as well as threat-risk assessment using ISO/IEC 15408. In contrast to the previous surveys [39], [8], [139], [20], we focus on the categorization of security incidents based on their origins and using the proposed architecture we present existing prevention and mitigation techniques. The scope of our work mainly covers aspects related to decentralized nature of blockchains, while we mention common operational security issues and countermeasures only tangentially.Index Terms-blockchain • distributed ledgers • reference architecture • threat-risk assessment arXiv:1904.06898v1 [cs.CR]

show abstract

KEVM: A Complete Formal Semantics of the Ethereum Virtual Machine

Cited by 339 publications

References 12 publications

Formal Verification of Workflow Policies for Smart Contracts in Azure Blockchain

Formal Verification of Workflow Policies for Smart Contracts in Azure Blockchain

SMT-Friendly Formalization of the Solidity Memory Model

A Security Reference Architecture for Blockchains

Contact Info

Product

Resources

About