Formal Verification of Solidity Contracts. Q&A session

Slide 1

Slide 1 text

Rostislav Yavorskiy VERIFICATION OF SMART CONTRACTS ON THE ETHEREUM BLOCKCHAIN Q&A session #3 Formal verification of Solidity contracts 19 April 2022

Slide 2

Slide 2 text

No content

Slide 3

Slide 3 text

❏ CFGBuilder: Builds a Control Flow Graph (CFG) of the bytecode ❏ Explorer: simulates the behaviour of EVM instructions and makes use of Z3 to decide on path conditions ❏ CoreAnalysis: it comprises 4 components to detect the 4 types of bugs, which work by checking specific conditions when analyzing the symbolic traces ❏ Validator: this step is added to reduce the rate of false positives Oyente components 3

Slide 4

Slide 4 text

Slide 5

Slide 5 text

Slide 6

Slide 6 text

6 Symbolic execution tree Ciortea, Liviu & Zamfir, Cristian & Bucur, Stefan & Chipounov, Vitaly & Candea, George. (2009). Cloud9: A Software Testing Service. Operating Systems Review. 43. 5-10.

Slide 7

Slide 7 text

References ● Garfatta, Ikram, Kais Klai, Walid Gaaloul, and Mohamed Graiet. "A survey on formal verification for solidity smart contracts." In 2021 Australasian Computer Science Week Multiconference, pp. 1-10. 2021. ● Bhargavan, Karthikeyan, Antoine Delignat-Lavaud, Cédric Fournet, Anitha Gollamudi, Georges Gonthier, Nadim Kobeissi, Natalia Kulatova et al. "Formal verification of smart contracts: Short paper." In Proceedings of the 2016 ACM workshop on programming languages and analysis for security, pp. 91-96. 2016. ● Luu, Loi, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. "Making smart contracts smarter." In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, pp. 254-269. 2016. ● Torres, Christof Ferreira, Julian Schütte, and Radu State. "Osiris: Hunting for integer bugs in ethereum smart contracts." In Proceedings of the 34th Annual Computer Security Applications Conference, pp. 664-676. 2018. 7