Abstract
Blockchain is a decentralized cryptocurrency framework which has gained considerable attention in research and many industries. Ethereum is an implementation based on blockchain technology. Ethereum blockchain offers smart contracts, a piece of program codes which can execute and record the transactions in blockchain. Users can use smart contracts to create their own tokens based on ERC-20 standard, and token smart contracts have been used to manage and transfer tokens, carrying millions dollars worth of virtual currencies. However, keeping token smart contracts secure can be difficult. When smart contracts are deployed on Ethereum successfully, they cannot be changed. Due to the openness of Ethereum, both users and attackers can invoke contracts. So errors in smart contracts have led and will lead to a loss. For example, the DAO bug led to a 60 million US dollar loss in June 2016. Therefore, the researches on security of smart contracts are urgently important. In this paper, we use a formal approach to verify smart contracts. We apply formal verification on a concrete smart contract example, BNB contract, which is one of the most popular token contracts. We analyze the contract and discover the two attributes in the contract, one is transfer attribute involving the functions of transferring tokens operations, and the other is owner attribute which involves the authority of contract owner. We verify these two attributes respectively. We model the contract using SAPIC, the applied pi calculus and then verify by Tamarin prover. We specify the processes of modeling and verifying. The results show we cannot find an attack path. The research method reduces the complexity of verifying smart contracts and can be used to analyze complex contracts.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have