Abstract
This paper reports a formal symbolic process virtual machine (FSPVM) denoted as FSPVM-E for verifying the reliability and security of Ethereum-based services at the source code level of smart contracts. A Coq proof assistant is employed for programming the system and for proving its correctness. The current version of FSPVM-E adopts execution-verification isomorphism, which is an application extension of Curry-Howard isomorphism, as its fundamental theoretical framework to combine symbolic execution and higher-order logic theorem proving. The four primary components of FSPVM-E include a general, extensible, and reusable formal memory framework, an extensible and universal formal intermediate programming language denoted as Lolisa, which is a large subset of the Solidity programming language using generalized algebraic datatypes, the corresponding formally verified interpreter of Lolisa, denoted as FEther, and assistant tools and libraries. The self-correctness of all components is certified in Coq. FSPVM-E supports the ERC20 token standard, and can automatically and symbolically execute Ethereum-based smart contracts, scan their standard vulnerabilities, and verify their reliability and security properties with Hoare-style logic in Coq.
Highlights
Blockchain [1] is one of the emerging technologies developed to address a wide range of disparate problems, such as those associated with cryptocurrency [2] and distributed storage [3]
This paper addresses the above issues by developing a formal symbolic process virtual machine (FSPVM) denoted as FSPVM-E for verifying the reliability and security of Ethereum-based services at the source code level of smart contracts
The proposed system combines the advantages of virtual machine platforms, static vulnerability scanning, higher-order logic theorem proving, and symbolic execution technology based on an extension of Curry-Howard isomorphism (CHI) [34], denoted as execution-verification isomorphism (EVI) [11], and avoids their respective disadvantages, to symbolically execute real-world programs and automatically verify the smart contracts of Ethereum-based services
Summary
The operational semantics of JavaScript have been investigated [27], which is of particular interest in the present work because Solidity is similar to JavaScript Most of these studies focused on specific domains and programming languages, and cannot be readily extended for the verification of blockchain smart contracts. This paper addresses the above issues by developing a formal symbolic process virtual machine (FSPVM) denoted as FSPVM-E for verifying the reliability and security of Ethereum-based services at the source code level of smart contracts. The proposed system combines the advantages of virtual machine platforms, static vulnerability scanning, higher-order logic theorem proving, and symbolic execution technology based on an extension of Curry-Howard isomorphism (CHI) [34], denoted as execution-verification isomorphism (EVI) [11], and avoids their respective disadvantages, to symbolically execute real-world programs and automatically verify the smart contracts of Ethereum-based services.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
