Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Formal Verification of Solidity Contracts. Q&A ...

Formal Verification of Solidity Contracts. Q&A session

Exactpro

April 19, 2022
Tweet

More Decks by Exactpro

Other Decks in Technology

Transcript

  1. Rostislav Yavorskiy VERIFICATION OF SMART CONTRACTS ON THE ETHEREUM BLOCKCHAIN

    Q&A session #3 Formal verification of Solidity contracts 19 April 2022
  2. ❏ CFGBuilder: Builds a Control Flow Graph (CFG) of the

    bytecode ❏ Explorer: simulates the behaviour of EVM instructions and makes use of Z3 to decide on path conditions ❏ CoreAnalysis: it comprises 4 components to detect the 4 types of bugs, which work by checking specific conditions when analyzing the symbolic traces ❏ Validator: this step is added to reduce the rate of false positives Oyente components 3
  3. ❏ CFGBuilder: Builds a Control Flow Graph (CFG) of the

    bytecode ❏ Explorer: simulates the behaviour of EVM instructions and makes use of Z3 to decide on path conditions ❏ CoreAnalysis: it comprises 4 components to detect the 4 types of bugs, which work by checking specific conditions when analyzing the symbolic traces ❏ Validator: this step is added to reduce the rate of false positives Oyente components 4
  4. ❏ CFGBuilder: Builds a Control Flow Graph (CFG) of the

    bytecode ❏ Explorer: simulates the behaviour of EVM instructions and makes use of Z3 to decide on path conditions ❏ CoreAnalysis: it comprises 4 components to detect the 4 types of bugs, which work by checking specific conditions when analyzing the symbolic traces ❏ Validator: this step is added to reduce the rate of false positives Oyente components 5
  5. 6 Symbolic execution tree Ciortea, Liviu & Zamfir, Cristian &

    Bucur, Stefan & Chipounov, Vitaly & Candea, George. (2009). Cloud9: A Software Testing Service. Operating Systems Review. 43. 5-10.
  6. References • Garfatta, Ikram, Kais Klai, Walid Gaaloul, and Mohamed

    Graiet. "A survey on formal verification for solidity smart contracts." In 2021 Australasian Computer Science Week Multiconference, pp. 1-10. 2021. • Bhargavan, Karthikeyan, Antoine Delignat-Lavaud, Cédric Fournet, Anitha Gollamudi, Georges Gonthier, Nadim Kobeissi, Natalia Kulatova et al. "Formal verification of smart contracts: Short paper." In Proceedings of the 2016 ACM workshop on programming languages and analysis for security, pp. 91-96. 2016. • Luu, Loi, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. "Making smart contracts smarter." In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, pp. 254-269. 2016. • Torres, Christof Ferreira, Julian Schütte, and Radu State. "Osiris: Hunting for integer bugs in ethereum smart contracts." In Proceedings of the 34th Annual Computer Security Applications Conference, pp. 664-676. 2018. 7