Nikolaj S. BjørnerMicrosoft Research, Ashley J. ChenNew York University Shanghai, Shuo ChenMicrosoft Research, Yang ChenMicrosoft Research, Zhongxin GuoMicrosoft Research, Tzu-Han HsuMichigan State University, Peng LiuPennsylvania State University, Nanqing LuoPennsylvania State University
{"title":"Theorem-Carrying-Transaction: Runtime Certification to Ensure Safety for Smart Contract Transactions","authors":"Nikolaj S. BjørnerMicrosoft Research, Ashley J. ChenNew York University Shanghai, Shuo ChenMicrosoft Research, Yang ChenMicrosoft Research, Zhongxin GuoMicrosoft Research, Tzu-Han HsuMichigan State University, Peng LiuPennsylvania State University, Nanqing LuoPennsylvania State University","doi":"arxiv-2408.06478","DOIUrl":null,"url":null,"abstract":"Security bugs and trapdoors in smart contracts have been impacting the\nEthereum community since its inception. Conceptually, the 1.45-million\nEthereum's contracts form a single \"gigantic program\" whose behaviors are\ndetermined by the complex reference-topology between the contracts. Can the\nEthereum community be assured that this gigantic program conforms to its\ndesign-level safety properties, despite unforeseeable code-level intricacies?\nStatic code verification is inadequate due to the program's gigantic scale and\nhigh polymorphism. In this paper, we present a viable technological roadmap for\nthe community toward this ambitious goal. Our technology, called\nTheorem-Carrying-Transaction (TCT), combines the benefits of concrete execution\nand symbolic proofs. Under the TCT protocol, every transaction carries a\ntheorem that proves its adherence to the specified properties in the invoked\ncontracts, and the runtime system checks the theorem before executing the\ntransaction. Once a property is specified in a contract, it can be treated\nconfidently as an unconditional guarantee made by the contract. As case\nstudies, we demonstrate that TCT secures token contracts without foreseeing\ncode-level intricacies like integer overflow and reentrancy. TCT is also\nsuccessfully applied to a Uniswap codebase, showcasing a complex decentralized\nfinance (DeFi) scenario. Our prototype incurs a negligible runtime overhead,\ntwo orders of magnitude lower than a state-of-the-art approach.","PeriodicalId":501197,"journal":{"name":"arXiv - CS - Programming Languages","volume":"3 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Programming Languages","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2408.06478","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Security bugs and trapdoors in smart contracts have been impacting the
Ethereum community since its inception. Conceptually, the 1.45-million
Ethereum's contracts form a single "gigantic program" whose behaviors are
determined by the complex reference-topology between the contracts. Can the
Ethereum community be assured that this gigantic program conforms to its
design-level safety properties, despite unforeseeable code-level intricacies?
Static code verification is inadequate due to the program's gigantic scale and
high polymorphism. In this paper, we present a viable technological roadmap for
the community toward this ambitious goal. Our technology, called
Theorem-Carrying-Transaction (TCT), combines the benefits of concrete execution
and symbolic proofs. Under the TCT protocol, every transaction carries a
theorem that proves its adherence to the specified properties in the invoked
contracts, and the runtime system checks the theorem before executing the
transaction. Once a property is specified in a contract, it can be treated
confidently as an unconditional guarantee made by the contract. As case
studies, we demonstrate that TCT secures token contracts without foreseeing
code-level intricacies like integer overflow and reentrancy. TCT is also
successfully applied to a Uniswap codebase, showcasing a complex decentralized
finance (DeFi) scenario. Our prototype incurs a negligible runtime overhead,
two orders of magnitude lower than a state-of-the-art approach.