A Hybrid Formal Verification System in Coq for Ensuring the Reliability and Security of Ethereum-Based Service Smart Contracts

@article{Yang2020AHF,
  title={A Hybrid Formal Verification System in Coq for Ensuring the Reliability and Security of Ethereum-Based Service Smart Contracts},
  author={Zheng Yang and Hang Lei and Weizhong Qian},
  journal={IEEE Access},
  year={2020},
  volume={8},
  pages={21411-21436}
}
This paper reports a formal symbolic process virtual machine (FSPVM) denoted as FSPVM-E for verifying the reliability and security of Ethereum-based services at the source code level of smart contracts. [] Key Method The four primary components of FSPVM-E include a general, extensible, and reusable formal memory framework, an extensible and universal formal intermediate programming language denoted as Lolisa, which is a large subset of the Solidity programming language using generalized algebraic datatypes…
View on IEEE
ieeexplore.ieee.org
13 Citations
Highly Influential Citations
1
Background Citations
3
Methods Citations
5

13 Citations

A General Formal Memory Framework for Smart Contracts Verification based on Higher-Order Logic Theorem Proving

  • Yang ZhengL. Hang
  • Computer Science
    International Journal of Performability Engineering
  • 2019
TLDR
A formal specification framework of memory architecture as the basis for the symbolic execution and theorem proving combination of smart contracts, independent and customizable, and verified in Coq.

Lolisa: Formal Syntax and Semantics for a Subset of the Solidity Programming Language

TLDR
An intermediate specification language for the formal verification of Ethereum-based smart contract in Coq, denoted as Lolisa, which adopts a stronger static type system than Solidity and is inherently generalizable and can be extended to express other programming languages.

A Survey of Smart Contract Formal Specification and Verification

TLDR
This survey investigates formal models and specifications of smart contracts presented in the literature and presents a systematic overview in order to understand the common trends and identify gaps.

Verification of smart contracts: A survey

Security Analysis Methods on Ethereum Smart Contract Vulnerabilities: A Survey

TLDR
This survey aims to identify the key vulnerabilities in smart contracts on Ethereum in the perspectives of their internal mechanisms and software security vulnerabilities by correlating 16 Ethereum vulnerabilities and 19 software security issues.

Are Smart Contracts and Blockchains Suitable for Decentralized Railway Control?

TLDR
The findings are presented of a first-of-its-kind blockchain-based prototype implementation for railway control, based on decentralization but also ensuring that the overall system state remains conflict-free and safe.

On the suitability of blockchain platforms for IoT applications: Architectures, security, privacy, and performance

Analysis of Blockchain Smart Contracts: Techniques and Insights

  • S. KimS. Ryu
  • Computer Science
    2020 IEEE Secure Development (SecDev)
  • 2020
TLDR
This paper presents the first comprehensive survey over smart contract analysis by collecting 391 papers, extracting 67 analysis-related ones, and classifying them into three dominant topics: staticAnalysis for vulnerability detection, static analysis for program correctness, and dynamic analysis.

Ethereum Smart Contract Analysis Tools: A Systematic Review

TLDR
A systematic review on Ethereum smart contracts analysis tools developed for Ethereum blockchain smart contract are presented and some challenges and future recommendations in the field ofthereum smart contracts are highlighted.

A Review on Recent Progress of Smart Contract in Blockchain

TLDR
The development process of blockchain is summarized, and the research progress of blockchain 2.0-smart contracts is focused on, highlighting the challenges and development trends of smart contracts.

References

SHOWING 1-10 OF 58 REFERENCES

Formal Process Virtual Machine for Smart Contracts Verification

TLDR
A novel formal symbolic process virtual machine (FSPVM) for verifying the reliability and security of Ethereum smart contracts, denoted as FSPVM-E, completely in Coq proof assistant, contributes to solving the problems of automation, inconsistency and reusability in higher-order logic theorem proving.

Optimization of Executable Formal Interpreters Developed in Higher-Order Logic Theorem Proving Systems

TLDR
This paper identifies three root causes of the low execution efficiency of formal interpreters, builds abstract models of these causes, and presents respective optimization schemes for rectifying the identified conditions and applies these optimization schemes to FEther, demonstrating that its execution efficiency has been improved significantly.

A general formal memory framework in Coq for verifying the properties of programs based on higher-order logic theorem proving with increased automation, consistency, and reusability

TLDR
The present work proposes a GERM framework, which simulates physical memory hardware structure, including a low-level formal memory space, and provides a set of simple, nonintrusive application programming interfaces and assistant tools using Coq that can support different formal verification specifications simultaneously.

FEther: An Extensible Definitional Interpreter for Smart-Contract Verifications in Coq

TLDR
FEther is the first definitional interpreter of the solidity language in Coq, combining symbolic execution with higher order logic theorem-proving, and the execution efficiency of FEther has far exceeded that of the interpreters that are developed in CoQ in accordance with the standard tutorial.

Lolisa: Formal Syntax and Semantics for a Subset of the Solidity Programming Language

TLDR
An intermediate specification language for the formal verification of Ethereum-based smart contract in Coq, denoted as Lolisa, which adopts a stronger static type system than Solidity and is inherently generalizable and can be extended to express other programming languages.

Verified Software Toolchain

  • A. Appel
  • Computer Science
    NASA Formal Methods
  • 2012
TLDR
The Verified Software Toolchain verifies with machine-checked proofs that the assertions claimed at the top of the toolchain really hold in the machine-language program, running in the operating-system context, on a weakly-consistent-shared-memory machine.

Formal Verification of Smart Contracts: Short Paper

TLDR
This paper outlines a framework to analyze and verify both the runtime safety and the functional correctness of Ethereum contracts by translation to F*, a functional programming language aimed at program verification.

A Semantic Framework for the Security Analysis of Ethereum smart contracts

TLDR
The first complete small-step semantics of EVM bytecode is presented, which is formalized in the F* proof assistant, obtaining executable code that is successfully validate against the official Ethereum test suite.

seL4: formal verification of an OS kernel

TLDR
To the knowledge, this is the first formal proof of functional correctness of a complete, general-purpose operating-system kernel.

Scilla: a Smart Contract Intermediate-Level LAnguage

TLDR
The automata-based model of Scilla is described, its programming component is presented and it is shown how contract definitions in terms of automata streamline the process of mechanised verification of their safety and temporal properties.
...