A Hybrid Formal Verification System in Coq for Ensuring the Reliability and Security of Ethereum-Based Service Smart Contracts

@article{Yang2020AHF,
  title={A Hybrid Formal Verification System in Coq for Ensuring the Reliability and Security of Ethereum-Based Service Smart Contracts},
  author={Zheng Yang and Hang Lei and Weizhong Qian},
  journal={IEEE Access},
  year={2020},
  volume={8},
  pages={21411-21436}
}
This paper reports a formal symbolic process virtual machine (FSPVM) denoted as FSPVM-E for verifying the reliability and security of Ethereum-based services at the source code level of smart contracts. [] Key Method The four primary components of FSPVM-E include a general, extensible, and reusable formal memory framework, an extensible and universal formal intermediate programming language denoted as Lolisa, which is a large subset of the Solidity programming language using generalized algebraic datatypes…
View on IEEE
ieeexplore.ieee.org
11 Citations
Background Citations
3
Methods Citations
4

11 Citations

A General Formal Memory Framework for Smart Contracts Verification based on Higher-Order Logic Theorem Proving
  • Yang ZhengL. Hang
  • Computer Science
    International Journal of Performability Engineering
  • 2019
TLDR
A formal specification framework of memory architecture as the basis for the symbolic execution and theorem proving combination of smart contracts, independent and customizable, and verified in Coq.
A Survey of Smart Contract Formal Specification and Verification
TLDR
This survey investigates formal models and specifications of smart contracts presented in the literature and presents a systematic overview in order to understand the common trends and identify gaps.
Verification of smart contracts: A survey
Security Analysis Methods on Ethereum Smart Contract Vulnerabilities: A Survey
TLDR
This survey aims to identify the key vulnerabilities in smart contracts on Ethereum in the perspectives of their internal mechanisms and software security vulnerabilities by correlating 16 Ethereum vulnerabilities and 19 software security issues.
Are Smart Contracts and Blockchains Suitable for Decentralized Railway Control?
TLDR
The findings are presented of a first-of-its-kind blockchain-based prototype implementation for railway control, based on decentralization but also ensuring that the overall system state remains conflict-free and safe.
On the suitability of blockchain platforms for IoT applications: Architectures, security, privacy, and performance
A Formal Process Virtual Machine for EOS-Based Smart Contract Security Verification
Blockchain technology's applications and challenges: An overview
TFFV: Translator from EOS Smart Contracts to Formal Verification Language
Analysis of Blockchain Smart Contracts: Techniques and Insights
  • S. KimS. Ryu
  • Computer Science
    2020 IEEE Secure Development (SecDev)
  • 2020
TLDR
This paper presents the first comprehensive survey over smart contract analysis by collecting 391 papers, extracting 67 analysis-related ones, and classifying them into three dominant topics: staticAnalysis for vulnerability detection, static analysis for program correctness, and dynamic analysis.
...
...

References

SHOWING 1-10 OF 57 REFERENCES
Formal Process Virtual Machine for Smart Contracts Verification
TLDR
A novel formal symbolic process virtual machine (FSPVM) for verifying the reliability and security of Ethereum smart contracts, denoted as FSPVM-E, completely in Coq proof assistant, contributes to solving the problems of automation, inconsistency and reusability in higher-order logic theorem proving.
Optimization of Executable Formal Interpreters Developed in Higher-Order Logic Theorem Proving Systems
TLDR
This paper identifies three root causes of the low execution efficiency of formal interpreters, builds abstract models of these causes, and presents respective optimization schemes for rectifying the identified conditions and applies these optimization schemes to FEther, demonstrating that its execution efficiency has been improved significantly.
A general formal memory framework in Coq for verifying the properties of programs based on higher-order logic theorem proving with increased automation, consistency, and reusability
TLDR
The present work proposes a GERM framework, which simulates physical memory hardware structure, including a low-level formal memory space, and provides a set of simple, nonintrusive application programming interfaces and assistant tools using Coq that can support different formal verification specifications simultaneously.
FEther: An Extensible Definitional Interpreter for Smart-Contract Verifications in Coq
TLDR
FEther is the first definitional interpreter of the solidity language in Coq, combining symbolic execution with higher order logic theorem-proving, and the execution efficiency of FEther has far exceeded that of the interpreters that are developed in CoQ in accordance with the standard tutorial.
Verified Software Toolchain
  • A. Appel
  • Computer Science
    NASA Formal Methods
  • 2012
TLDR
The Verified Software Toolchain verifies with machine-checked proofs that the assertions claimed at the top of the toolchain really hold in the machine-language program, running in the operating-system context, on a weakly-consistent-shared-memory machine.
Formal Verification of Smart Contracts: Short Paper
TLDR
This paper outlines a framework to analyze and verify both the runtime safety and the functional correctness of Ethereum contracts by translation to F*, a functional programming language aimed at program verification.
A Semantic Framework for the Security Analysis of Ethereum smart contracts
TLDR
The first complete small-step semantics of EVM bytecode is presented, which is formalized in the F* proof assistant, obtaining executable code that is successfully validate against the official Ethereum test suite.
seL4: formal verification of an OS kernel
TLDR
To the knowledge, this is the first formal proof of functional correctness of a complete, general-purpose operating-system kernel.
Scilla: a Smart Contract Intermediate-Level LAnguage
TLDR
The automata-based model of Scilla is described, its programming component is presented and it is shown how contract definitions in terms of automata streamline the process of mechanised verification of their safety and temporal properties.
Towards verifying ethereum smart contract bytecode in Isabelle/HOL
TLDR
This paper extends an existing EVM formalisation in Isabelle/HOL by a sound program logic at the level of bytecode that structure bytecode sequences into blocks of straight-line code and create a program logic to reason about these.
...
...