Smart Contracts: A Killer Application for Deductive Source Code Verification

Ahrendt, Wolfgang; Pace, Gordon J.; Schneider, Gerardo

doi:10.1007/978-3-319-98047-8_1

Cited by 10 publications

(7 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…See, for example [37,89,172,232,246,275,276,330], just to mention a few. 8 Why is there a need for a logic or some other formal language? One of the aims of formalizing contracts is not simply to use them as specification, but also to be able to prove properties about the contracts themselves, to perform queries on the contracts (like what each party is agreeing to), and ultimately to ensure at runtime that the contract is satisfied (or alternatively to detect for violations).…”

Section: Contracts: Normative Documentsmentioning

confidence: 99%

“…Static analysis techniques for the verification of smart contracts has been proposed in [77], via a translation from smart contracts into another language (F* in this case) for verification. See [8] for a discussion on some challenges concerning the verification of smart contracts using deductive verification techniques. From a runtime perspective, there has been some work on using blockchain technology to regulate distributed systems (see [174,182,277,321]), but the focus of this work is not on the verification of the smart contracts themselves.…”

Section: Smart Contractsmentioning

confidence: 99%

“…See [8] and references therein for a discussion on the verification of smart contracts, as well as papers in [200] for recent advances and a discussion on open issues in the area.…”

Section: Smart Contractsmentioning

confidence: 99%

See 2 more Smart Citations

A survey of challenges for runtime verification from advanced application domains (beyond software)

Sánchez

Schneider

Ahrendt

et al. 2019

Form Methods Syst Des

Self Cite

View full text Add to dashboard Cite

Runtime verification is an area of formal methods that studies the dynamic analysis of execution traces against formal specifications. Typically, the two main activities in runtime verification efforts are the process of creating monitors from specifications, and the algorithms for the evaluation of traces against the generated monitors. Other activities involve the instrumentation of the system to generate the trace and the communication between the system under analysis and the monitor.Most of the applications in runtime verification have been focused on the dynamic analysis of software, even though there are many more potential applications to other computational devices and target systems. In this paper we present a collection of challenges for runtime verification extracted from concrete application domains, focusing on the difficulties that must be overcome to tackle these specific challenges. The computational models that characterize these domains require to devise new techniques beyond the current state of the art in runtime verification.

show abstract

Section: Contracts: Normative Documentsmentioning

confidence: 99%

Section: Smart Contractsmentioning

confidence: 99%

See 1 more Smart Citation

A survey of challenges for runtime verification from advanced application domains (beyond software)

Sánchez

Schneider

Ahrendt

et al. 2019

Form Methods Syst Des

Self Cite

View full text Add to dashboard Cite

show abstract

“…Blockchain and other distributed ledger technologies (DLTs) have enabled the possibility of having trusted code execution without the need for trusted parties. Smart contracts are nothing but computer programs in the most traditional sense of the word but differ, and take their name from the computational model they are executed on 1 . By ensuring that the code is faithfully executed in an untampered manner without a centralised party having control over its execution is the key distinguishing element, making them ideal to regulate behaviour between parties.…”

Section: Introductionmentioning

confidence: 99%

“…Due to the importance of smart contract correctness, there has been much work on their verification. Many approaches use static analysis to ensure correctness a priori, an approach justified by the need to deploy only correct contracts but also, from a pragmatic point-of-view, by the fact that many smart contracts are relatively small pieces of code [1,8,13].…”

Section: Introductionmentioning

confidence: 99%

Optional monitoring for long-lived transactions

Ellul

Pace

2021

Proceedings of the 5th ACM International Workshop on Verification and mOnitoring at Runtime EXecution

Self Cite

View full text Add to dashboard Cite

Runtime monitoring comes at a runtime cost. Overheads induced by monitoring and verification code may be necessary, and yet prohibitive in certain circumstances. When verification is local to a single unit of execution in a system, one can choose whether or not to monitor based on the risk of that individual unit. In this paper, we propose a monitoring and verification approach for a class of long-lived transactionbased systems whose execution can be partitioned into separate subtraces, one for each such transaction, and which are independent of each other from a correctness perspective. We focus on the use of this approach for the monitoring of smart contracts on distributed ledger technologies to show how we can reduce overheads in this manner.

show abstract

Smart Contracts: Application Scenarios for Deductive Program Verification

Beckert

Schiffl

Ulbrich

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Smart contracts are programs that run on a distributed ledger platform. They usually manage resources representing valuable assets. Moreover, their source code is visible to potential attackers, they are distributed, and bugs are hard to fix. Thus, they are susceptible to attacks exploiting programming errors. Their vulnerability makes a rigorous formal analysis of the functional correctness of smart contracts highly desirable. In this short paper, we show that the architecture of smart contract platforms offers a computation model for smart contracts that yields itself naturally to deductive program verification. We discuss different classes of correctness properties of distributed ledger applications, and show that design-by-contract verification tools are suitable to prove these properties. We present experiments where we apply the KeY verification tool to smart contracts in the Hyperledger Fabric framework which are implemented in Java and specified using the Java Modeling Language.

show abstract

Smart Contracts: A Killer Application for Deductive Source Code Verification

Cited by 10 publications

References 16 publications

A survey of challenges for runtime verification from advanced application domains (beyond software)

A survey of challenges for runtime verification from advanced application domains (beyond software)

Optional monitoring for long-lived transactions

Smart Contracts: Application Scenarios for Deductive Program Verification

Contact Info

Product

Resources

About