Debugging Smart Contract’s Business Logic Using Symbolic Model Checking

Blockchain smart contracts formalization: Approaches and challenges to address vulnerabilities

Smart contracts on the blockchain – A bibliometric analysis and review

As blockchain technology advances, so has the deployment of smart contracts on blockchain platforms, making it exceedingly challenging for users to explicitly identify application services. Unlike traditional contracts, smart contracts are not written in a natural language, making it difficult to determine their provenance. Automatic classification of smart contracts offers blockchain users keyword-based contract queries and a streamlined effective management of smart contracts. In addition, the advancement in smart contracts is accompanied by security challenges, which are generally caused by domain-specific security breaches in smart contract implementation. The development of secure and reliable smart contracts can be extremely challenging due to domain-specific vulnerabilities and constraints associated with various business logics. Accordingly, contract classification based on the application domain and the transaction context offers greater insight into the syntactic and semantic properties of that class. However, despite initial attempts at classifying Ethereum smart contracts, there has been no research on the identification of smart contracts deployed in transactive energy systems for energy exchange purposes. In this article, in response to the widely recognized prospects of blockchain-enabled smart contracts towards an economical and transparent energy sector, we propose a methodology for the detection and analysis of energy smart contracts. First, smart contracts are parsed by transforming code elements into vectors that encapsulate the semantic and syntactic characteristics of each term. This generates a corpus of annotated text as a balanced, representative collection of terms in energy contracts. The use of a domain corpus builder as an embedding layer to annotate energy smart contracts in conjunction with machine learning models results in a classification accuracy of 98.34%. Subsequently, a source code analysis scheme is applied to identified energy contracts to uncover patterns in code segment distribution, predominant adoption of certain functions, and recurring contracts across the Ethereum network.

The post-deployment challenges in developing and upgrading blockchain smart contracts necessitate a high level of accuracy in their development and business logic. However, current methodologies for verifying the business logic of smart contracts frequently fail to address their alignment with end-user business requirements. This paper introduces a two-step language transformation process to bridge this gap. Initially, we establish a transformation rule from the Business Process Model and Notation (BPMN) to Prolog, enabling the translation of business processes into a Prolog representation. This step not only validates the business process logic but also ensures it meets user specifications. Subsequently, we introduce a transformation rule from the BPMN to Go, which facilitates the transformation of the BPMN model, once validated, into a Go language smart contract. To enhance usability, we have engineered a dedicated tool that streamlines this transformation process. We present a case study involving a banking loan process to exemplify the utility of our tool in creating BPMN diagrams, conducting requirement and syntax validations, and effecting the transformation to Go smart contracts. The case study and empirical results suggest that our methodology and the accompanying tool mitigate the complexities inherent in smart contract development. They also ensure the fidelity of business logic to user demands, thereby promoting the broader adoption of blockchain smart contract technology.

Fabric is currently the most popular consortium chain platform with a modular architecture that provides high security, elasticity, flexibility and scalability. Smart contracts realize the automatic execution of transactions and the operation of reconciliation data. The Fabric platform supports general programming languages ​​to write smart contracts. However, in the development process of smart contracts, due to insufficient understanding of the underlying operating logic of smart contracts, developers are prone to introduce some risky operations, resulting in a mismatch between the execution logic of smart contracts and business logic, resulting in a lot of losses. The read-after-write risk is a relatively complex and common security risk in smart contracts. Currently, many detection tools cannot detect this risk. There is an urgent need for a solution that can quickly and accurately detect the read-after-write risk in smart contracts. This paper proposes a static analysis smart contract read-after-write risk detection method based on key methods and call chains. The scheme extracts key method patterns on the abstract syntax tree, identifies and locates key methods with risks, greatly reduces the interference of useless nodes on detection, and realizes rapid detection. By constructing the key method call chain, the real call scene is restored according to the call type and attribute of the key method. After experimental verification, compared with the current popular smart contract risk detection tool Revive^CC, the tool proposed in this paper has higher detection accuracy and can more accurately locate the read-after-write risk in smart contracts.

The recent growth of the blockchain technology market puts its main cryptocurrencies in the spotlight. Among them, Ethereum stands out due to its virtual machine (EVM) supporting smart contracts, i.e., distributed programs that control the flow of the digital currency Ether. Being written in a Turing complete language, Ethereum smart contracts allow for expressing a broad spectrum of financial applications. The price for this expressiveness, however, is a significant semantic complexity, which increases the risk of programming errors. Recent attacks exploiting bugs in smart contract implementations call for the design of formal verification techniques for smart contracts. This, however, requires rigorous semantic foundations, a formal characterization of the expected security properties, and dedicated abstraction techniques tailored to the specific EVM semantics. This work will overview the state-of-the-art in smart contract verification, covering formal semantics, security definitions, and verification tools. We will then focus on EtherTrust [1], a framework for the static analysis of Ethereum smart contracts which includes the first complete small-step semantics of EVM bytecode, the first formal characterization of a large class of security properties for smart contracts, and the first static analysis for EVM bytecode that comes with a proof of soundness.

This paper centers on open-secret vulnerabilities (OSVs), a kind of smart contract vulnerability that allows attackers to exploit the natural transparency feature of blockchains to gain illegal monetary profits from problematic smart contracts. Attackers can easily launch OSV attacks by leveraging publicly visible information from a smart contract to issue a profitable transaction without violating its business logic. This poses significant challenges in detecting OSVs. Despite the severe impacts of OSVs, there is no prior research work that systematically discusses OSVs (to the best of our knowledge). To fill this knowledge gap, this paper presents a formal definition of OSVs, and OSVHunter, the first-ever tool aiming to detect OSVs in smart contracts. The detection results show that OSVs are prevalent in real-world smart contracts. Some of these vulnerabilities are even concealed within highly popular Ethereum contracts, with individual contract valuations exceeding five hundred thousand U.S. dollars. These vulnerabilities appear in finance, gaming, gambling, etc. We hope this paper can arouse our community’s attention to the significance of OSVs and lay the technical foundation for future research.

The purpose of the present article is to gain an understanding of the opportunities and difficulties created by the introduction and development of the practice of network (smart) contracts. Our research methodology is based on a holistic set of principles and methods of scholarly analysis employed by modern legal science. It uses a dialectical method involving both general approaches (structural system method, formal logical method, analysis and synthesis of individual elements, individual features of concepts, abstraction, generalization, etc.) and particular methods (legal technical, systematic, comparative, historical, and grammatical methods, method of the unity of theory and practice, etc.). We analyze the views of lawyers and other specialists from Russia and abroad, legislative innovations in the field of digital technologies, the practice of blockchain-based smart contracts, and the main risks (whether legal, technological, operational, or criminogenic) of smart contracts for economic activities with a study of their causes. In the present-day situation, it is necessary to move from the legal definition of the smart contract and its legal and technological characteristics, advantages and disadvantages to the implementation of startups in a wide range of areas, especially business, public regulation, and social relations. Scholarly and information support for such processes will contribute to the development of industry, public administration and digital technology applications to improve the life of individual citizens and society as a whole. The introduction of smart contracts does not require the adoption of new laws or regulations. Instead, one should adapt and, possibly, modify existing legal principles at the legislative and judicial levels to pave the way for the use of smart contracts and other new technologies. The system of contract law provides a sufficient framework for regulating transactions without the introduction of any new legal categories. We propose approaches to the legal definition of the smart contract and identify a set of problems that must be solved at the legislative and technical legal levels in order to implement smart contracts effectively in different spheres of life.

Smart contracts are widely popularized to transfer an asset securely from one device to another. Smart contracts contain the blockchain’s business logic that revolutionized the concept of self-enforcing contracts without the need for a middle man. Many use cases thus are being generated day by day. Smart contracts allow us to build decentralized applications through blockchains. The transactions in the smart contract are interrelated; they define the overall flow of the application. To maintain integrity between the transactions, the execution of the smart contracts is sequential and has no conflicts. These contracts’ execution is slow and time-consuming. Thus, we cannot leverage the current systems’ complete resource utilization. To overcome this, we propose a safer multi-threading model using fine-grain locking and thread executor service mechanism to concurrently execute the smart contract which also provides integrity among the transactions. Our results prove the faster and safer execution of smart contracts.KeywordsBlockchainFine-grain lockingSmart contractThread executor service

Blockchain has become particularly popular due to its promise to support business-critical services in very different domains (e.g., retail, healthcare). Blockchain systems rely on complex middleware, like Ethereum or Hyperledger Fabric, that allow running smart contracts, which specify business logic in cooperative applications. The presence of software defects in these contracts has notably caused failures, including severe security problems. In this article, we use software-implemented fault injection (SWIFI) to assess the behavior of permissioned blockchain systems in the presence of faulty smart contracts. We emulate the occurrence of general software faults and also blockchain-specific software faults (e.g., missing require on transaction sender) in smart contracts code and observe the impact on the overall system dependability in terms of reliability and integrity. We also analyze the effectiveness of formal verification and runtime protection mechanisms in detecting the injected faults. Results indicate that formal verification and runtime protections have to complement built-in platform checks to guarantee proper dependability of blockchain systems. The work presented in this article allows smart contract developers to become aware of possible faults in smart contracts and to understand the impact of their presence. It also provides valuable information for middleware developers to improve the overall fault tolerance of their systems.

Blockchain technology has attracted more and more attention from academia and industry recently. Ethereum, which uses blockchain technology, is a distributed computing platform and operating system. Smart contracts are small programs deployed to the Ethereum blockchain for execution. Errors in smart contracts will lead to huge losses. Formal verification can provide a reliable guarantee for the security of blockchain smart contracts. In this paper, the formal method is applied to inspect the security issues of smart contracts. We summarize five kinds of security issues in smart contracts and present formal verification methods for these issues, thus establishing a formal verification framework that can effectively verify the security vulnerabilities of smart contracts. Furthermore, we present a complete formal verification of the Binance Coin (BNB) contract. It shows how to formally verify the above security issues based on the formal verification framework in a specific smart contract. All the proofs are checked formally using the Coq proof assistant in which contract model and specification are formalized. The formal work of this paper has a variety of essential applications, such as the verification of blockchain smart contracts, program verification, and the formal establishment of mathematical and computer theoretical foundations.

A smart contract is the algorithmic description of a contractual transaction protocol that is automatically executed together with the information provided by its parties. It is written in a simplified programming language that is specific to a particular domain. Not only correctness and unambiguity are its essential formal properties, but also conformance to any legislation governing the matter of the transaction. Finally, and importantly, the trustworthiness, safety and security of the platform executing the transactions are its main attributes. An emerging challenge is to define a proper engineering process to meet the demanding requirements while supporting mass production and distribution. This paper proposes the concept of smart contract engineering (SCE) to facilitate the generation of smart legal contracts, which is the combination of software engineering, formal methods and computational law. SCE aims to reduce the potential errors and improve efficiency during the contract development process, meanwhile promote the standardization of contract design methodologies. In this paper, the roadmap of an iterative refinement-based, model-driven formal design methodology is introduced, not only to validate smart contracts but also to support the whole life cycle of their engineering.

The capability of executing so-called smart contracts in a decentralised manner is one of the compelling features of modern blockchains. Smart contracts are fully fledged programs which cannot be changed once deployed to the blockchain. They typically implement the business logic of distributed apps and carry billions of dollars worth of coins. In that respect, it is imperative that smart contracts are correct and have no vulnerabilities or bugs. However, research has identified different classes of vulnerabilities in smart contracts, some of which led to prominent multi-million dollar fraud cases. In this paper we focus on vulnerabilities related to integer bugs, a class of bugs that is particularly difficult to avoid due to some characteristics of the Ethereum Virtual Machine and the Solidity programming language.

Smart Contracts are computer programs which implement and execute transactions and manage business logic on a decentralized public ledger. Smart Contracts can be written in different programming languages and for different Blockchains. Currently the most used language for Smart Contracts is Solidity and the most used platform is the Ethereum Blockchain. Assessing the quality of Smart Contract programs is an important task required to professional programmers, especially when a programming language has so powerful economic implications. It is therefore crucial to provide professional programmers with tools for the evaluation of Smart Contracts. In software engineering, software metrics has been defined and used to measure software quality and, more in general, to qualify software under the principle "You Can't Manage What You Don't Measure". For the Solidity programming language there are only a few Standalone Applications to analyse the Smart Contract metrics. The aim of this paper is first to build a tool for the practical computation of a specific set of Solidity source code metrics, so that the set will be extensible in the future according also to Solidity compiler evolution, second to fully enable a web-based usage of the tool to access the metrics of the Solidity programming language. The tool, PASO, differently from the existing application, is able to give software metrics values for Smart Contracts written in Solidity programming language just using a web browser.

A smart contract is a type of digital agreement between several parties without intermediaries. In many areas of life, the smart contract is a breakthrough technology because it can change the perception of deals. At first sight, creating a smart contract may seem like a simple thing, but to create it, should to know and use a large number of technologies. This article discusses method of creating smart contracts based on Ethereum using technologies such as the Ethereum network, the Solidity programming language, the Ethereum Virtual Machine (EVM), which takes the main role in creating and executing smart contracts and supporting instruments Ganache and Truffle. A smart contract has been implemented based on the sale of movie tickets using the previously mentioned technologies. It took 0.65 seconds to complete a transaction for the sale of 10 tickets between wallets. Once this transaction made, the smart contract cannot change, which makes it unique compared to other technologies. In general, creating smart contracts with Solidity requires a good understanding of object-oriented programming languages, but most of the functions available in the Solidity packages perform the same functionality. Ethereum's uniqueness allows blockchain-based applications to run autonomously, but this also has its drawbacks. Also presented and investigated in the article an analysis of the time trends of the Ethereum smart contract out using the R programming language and the R-Studio development environment. Data of Ethereum smart contract for analysis taken from an open source Kaggle. The dataset contains 1599 rows of data and 8 unique columns of Ethereum smart contract values. The best days and months in relation to the ROI indicator investigated. Using this methodology and tools of creating smart contract can be used for further studies. Keywords: smart contract, blockchain, Solidity, bitcoin, Ethereum, cryptocurrency.