Mi-Cho-Coq, a framework for certifying Tezos Smart Contracts

Abstract: Tezos is a blockchain launched in June 2018. It is written in OCaml and supports smart contracts. Its smart contract language is called Michelson and it has been designed with formal verification in mind. In this article, we present Mi-Cho-Coq, a Coq framework for verifying the functional correctness of Michelson smart contracts. As a case study, we detail the certification of a Multisig contract with the Mi-Cho-Coq framework.

“…ConCert [19] is a Coq-based framework, which allows both meta-theoretic and functional reasoning about a (functional) language and a smart contract, respectively. Together with other publications [16,19,23,38,122,128,154,215], it illustrates how theorem proving helps to precisely describe and prove correctness conditions of smart contract execution. These conditions include Hoare-style correctness properties over the state of a smart contract and its environment [16,38,128,215], security requirements [23,187], and gas consumption reasoning [88].…”

“…Many program logics listed in Sect. 2.2.3 enable Hoare-style reasoning about smart contracts in theorem provers [16,38,128,215]. The work in [16] demonstrates how this approach is used to describe correctness of an escrow smart contract.…”

“…Social games typically require each user submission to be accompanied by a participation fee, be it a vote in a ballot [38], a bid in an auction [20,52,178], or a move in a game [114] (e.g., "a minimum deposit is required to play the game" [114]). Besides, users should have the permission to participate ("people may vote if they are registered voters" [83]), the choice submitted by a user should belong to a set of possible values ("the vote goes for a registered candidate" [38]) and, in some cases, submitted only once [114,178]. Temporal properties are often used to assure that submissions are made before a deadline ("people must not vote after the deadline" [83]) or before the results are finalized (" bid cannot happen after close" [142]).…”

“…In verification of properties, however, the former approach relies on theorem proving, while the latter translates a formal model of a contract to CPN for model checking. In other approaches based on theorem proving, Hoare-style properties are verified for smart contracts written in Michelson [38]-a smart contract language of the Tezos [90] platform, or Lolisa [215]-a formal syntax and semantics of a Solidity language subset. Apart from the tools based on Hoare logic, K is a framework for design and development of language semantics based on rewriting logic [160].…”

“…Such verification systems are usually built upon formal semantics of smart contract languages, e.g., EVM bytecode [16,72,105], Solidity [215], Michelson [38]. To make contracts amenable to formal reasoning, developers equip smart contract languages with a logical foundation, such as λ-calculus, and formal semantics [51,179].…”

A Survey of Smart Contract Formal Specification and Verification

“…ConCert [19] is a Coq-based framework, which allows both meta-theoretic and functional reasoning about a (functional) language and a smart contract, respectively. Together with other publications [16,19,23,38,122,128,154,215], it illustrates how theorem proving helps to precisely describe and prove correctness conditions of smart contract execution. These conditions include Hoare-style correctness properties over the state of a smart contract and its environment [16,38,128,215], security requirements [23,187], and gas consumption reasoning [88].…”

“…Many program logics listed in Sect. 2.2.3 enable Hoare-style reasoning about smart contracts in theorem provers [16,38,128,215]. The work in [16] demonstrates how this approach is used to describe correctness of an escrow smart contract.…”

“…Social games typically require each user submission to be accompanied by a participation fee, be it a vote in a ballot [38], a bid in an auction [20,52,178], or a move in a game [114] (e.g., "a minimum deposit is required to play the game" [114]). Besides, users should have the permission to participate ("people may vote if they are registered voters" [83]), the choice submitted by a user should belong to a set of possible values ("the vote goes for a registered candidate" [38]) and, in some cases, submitted only once [114,178]. Temporal properties are often used to assure that submissions are made before a deadline ("people must not vote after the deadline" [83]) or before the results are finalized (" bid cannot happen after close" [142]).…”

“…In verification of properties, however, the former approach relies on theorem proving, while the latter translates a formal model of a contract to CPN for model checking. In other approaches based on theorem proving, Hoare-style properties are verified for smart contracts written in Michelson [38]-a smart contract language of the Tezos [90] platform, or Lolisa [215]-a formal syntax and semantics of a Solidity language subset. Apart from the tools based on Hoare logic, K is a framework for design and development of language semantics based on rewriting logic [160].…”

“…Such verification systems are usually built upon formal semantics of smart contract languages, e.g., EVM bytecode [16,72,105], Solidity [215], Michelson [38]. To make contracts amenable to formal reasoning, developers equip smart contract languages with a logical foundation, such as λ-calculus, and formal semantics [51,179].…”

A Survey of Smart Contract Formal Specification and Verification