A formal verification approach for composite smart contracts security using FSM

Abstract

Many of today's companies use Smart Contracts to represent and execute their business processes. Smart contracts are self-executed programs running over blockchain. In this context, composite smart contracts are used to represent collaborative business processes. A composite smart contract is a smart contract that needs to execute other contracts using external calls to achieve its tasks. Composite smart contracts, through the use of external calls and the execution of other smart contracts that might belong to other owners or companies, bring many challenges with regard to security requirements. As a result, special efforts must be done to ensure composite smart contracts security verification. In this paper, we propose a novel approach to verify the security and the correctness of the composite smart contracts written in solidity in Ethereum blockchain. This approach is based on the finite state machine models and model checking method for modeling and verifying the composite smart contracts respectively. We consider seven security properties as well as the security issues that depend on the contract context to be checked in the composite smart contract. For this, we provide two different yet complementary types of verification. The first type of verification is applied to all smart contracts with properties called in our approach “standard properties” that represent the generic ones, while the second type considers the context-dependent properties that we called “specific properties” varying from one smart contract to another. Finally, we express all properties using computation tree logic formulae and we use the nuXmv symbolic model checker to verify the model against all properties. This approach is validated using a different set of solidity smart contracts.