Developing Safe Smart Contracts

Developing Safe Smart Contracts

Developing Safe Smart Contracts Sajjad Rezaei Ehsan Khamespanah Marjan Sirjani Ali Sedaghatbaf Siamak Mohammadi ECE Department ECE Department School of IDT School of IDT ECE Department University of Tehran University of Tehran Malardalen¨ University Malardalen¨ University University of Tehran Tehran, Iran Tehran, Iran Vaster¨ as,˚ Sweden Vaster¨ as,˚ Sweden Tehran, Iran [email protected] [email protected] [email protected] [email protected] [email protected] Abstract—Blockchain is a shared, distributed ledger on which security issue [3]. Besides, there is no way to patch bugs and transactions are digitally recorded and linked together. Smart vulnerabilities of smart contracts due to their immutability. Contracts are programs running on Blockchain and are used Accounts using smart contracts in a Blockchain are like to perform transactions in a distributed environment without need for any trusted third party. Since smart contracts are used threads using concurrent objects in shared memory [4]. There to transfer assets between contractual parties, their safety and are well-known pitfalls in building distributed and concurrent security are crucial and badly written and insecure contracts systems using threads [5], and well-established practices for may result in catastrophe. Actor-based programming is known avoiding these problems. For example in Solidity [6] (one to solve several problems in building distributed software systems. of the most mature languages for building smart contracts) Moreover, formal verification is a solid technique for developing dependable systems. In this paper, we show how the actor execution of smart contracts callback functions and implicit model can be used for modeling, analysis and synthesis of arbitrary execution of fallback functions can cause concur- smart contracts. We propose Smart Rebeca as an extension of rency problems. A contract may call an external service the actor-based language Rebeca, and use the model checking that calls the contract’s callback function in response. If the toolset Afra for verification of smart contracts. We implement contract calls more than one service the order of callbacks a synthesizer to synthesise Solidity programs that run on the Ethereum platform from Smart Rebeca models. We examine may be significant while there is no guarantee that the order is challenges and opportunities of our approach in modeling, formal preserved. Fallback functions are called because of the Solidity verification and synthesis of smart contracts using actors. payment mechanism and their order of execution can change Index Terms—Smart Contract, Actor Model, Safety Verifica- the results tremendously. tion, Model Checking Most of the currently existing work on verification of smart contracts, e.g. Ahrendt et.al. in [7] and Osterland et.al. in I. INTRODUCTION [8], focus on program verification rather than concurrency problems. However, a wide range of issues in safety and Smart contracts are lines of code that are stored on a security of smart contracts are concurrency problems. Blockchain and automatically executed when predetermined Using actors is a way towards building less error-prone dis- terms and conditions are met. Blockchain is a shared, dis- tributed and concurrent models [5]. In this paper, we propose tributed ledger on which transactions are digitally recorded a model-driven approach for developing smart contracts using and linked together. It can be seen as time-stamped series actors. We propose Smart Rebeca as an extension of the actor- of immutable record of data that is managed by a cluster of based language Rebeca [9], [10]. Smart contracts are modeled computers not owned by any single entity, and provide the using Smart Rebeca. Smart Rebeca has a syntax similar to entire history of transactions. The benefits of smart contracts Solidity and is supported by the model checking tool Afra [11]. are most apparent in business collaborations. These contracts Counter examples are generated and help in debugging the are typically used to enforce some kind of agreement, and model. Then the correct model can be transformed to Solidity are used to perform transactions in a distributed environment code. Hence, the modeler is enabled to assure the safety and without need for any trusted third party. security of Solidity smart contracts before the synthesis. By Since smart contracts are used to transfer valuable assets using the model checking tool of Rebeca, we can find a set between contractual parties, their safety and security are of of concurrency issues and program bugs. Synthesis of smart paramount importance. Blockchain assures deterministic exe- contracts based on a formally verified model provides correct- cution and consistent state representations, but it cannot guard ness by design which results in improving public acceptance against badly written or insecure contracts. Therefore, careful of smart contracts. design and implementation of contracts is still necessary II. PRELIMINARIES [1]. Moreover, contracts may be the target of adversaries with malicious intents e.g. to transfer money from legitimate A. Solidity users to themselves. A significant number of deployed smart Currently, Bitcoin and the Ethereum virtual machine (EVM) contracts are intentionally fraudulent [2], and a recent analysis are the most popular platforms that support smart contract de- on 20K of them indicated that each of them had at least one velopment. Among the languages designed to target Ethereum, Solidity [6] is the most mature and popular one. Solidity Another set of Solidity built-in functions are used for encod- is an object-oriented language influenced by C++, Python ing/decoding purpose which are encapsulated in the abi pack- and JavaScript. This language is statically typed, supports age or independent functions like sha256, keccak256, and inheritance, libraries and complex user-defined types among ecrecover. Solidity provides a set of functions for aborting other features. However, writing smart contracts in Solidity the execution and reverting changes which are assert, is still challenging [12], mainly due to the need to use un- require, and revert. The first two functions revert if their conventional programming paradigms like fallback functions, input condition (i.e. a boolean expression) is not met. Also, function modifiers, etc. selfdestruct function can be used to destroy the current In Listing 1, the code of a simple contract which provides contract and send its funds to its given Address. basic banking operations is shown in Solidity. B. Rebeca Modeling Language 1 contract Bank{ 2 mapping(address=>uint) userBalances; Rebeca is an actor-based language designed for modeling 3 function getUserBalance(address user) and verification of concurrent and distributed systems and is constant returns(uint){ supported by a model checking tool, Afra [9], [10]. There is 4 return userBalances[user]; no shared variables among actors and the communication takes } 5 place by asynchronous message passing. Rebeca is designed 6 function addToBalance() { 7 userBalances[msg.sender] = with the goal to bridge the gap between software engineers 8 userBalances[msg.sender] + msg.value; and the formal methods community. With usability as one of 9 } the primary design goals, Rebeca’s concrete syntax is Java- 10 function withdrawBalance() { like (close to object-oriented languages), and its computation uint amount= 11 and communication model is kept simple. Learning Rebeca 12 userBalances[msg.sender]; 13 if (msg.sender.call.value(amount)() is fairly easy for programmers and using model checking == false){ tools requires far less expertise than deduction-based analysis 14 throw; methods. Rebeca has a formal semantics and allows efficient 15 } compositional verification based on model checking. There are userBalances[msg.sender] = 0; 16 multiple state space reduction techniques designed for Rebeca 17 } 18 } based on its actor-based model of computation [13], [14]. In Rebeca a set of actors are defined and each actor has Listing 1. Smart Contract’s Code of a simple bank in Solidity an unbounded buffer, called message queue, for its arriving A contract is like a class in object-oriented languages, messages. Computation in Rebeca is event-driven, meaning consisting of declaration of state variables, functions, function that each actor takes a message that can be considered as modifiers, events, structure types, enum types, etc. The values an event from the top of its message queue and executes the of the state variables (e.g. line 2 of Listing 1) are stored corresponding message server. The execution of a message in the blockchain. Provided functions of smart contracts can server is atomic which means that there is no way to preempt be called by users or other contracts. In the contract of the execution of a message server of an actor and start Listing 1, the user can deposit to the bank with the function executing another message server of that actor. addToBalance and withdraw using withdrawBalance A Rebeca model consists of a set of reactive classes and the function. The variable userBalances is a hash table that main block. In the main block, actors which are instances of saves the money balance of each user with users addresses in the reactive classes are declared. The body of the reactive class the blockchain. Note that functions may have parameters and includes the declaration of its known rebecs, state variables, return values. private methods, and message servers. A very simple example Functions have different

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    9 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us