A Solidity-to-CPN Approach Towards Formal Verification of Smart Contracts

Garfatta, Ikram; Klaï, Kaïs; Graiet, Mohamed; Gaaloul, Walid

doi:10.1109/wetice53228.2021.00024

Cited by 4 publications

(2 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Thereafter, ref. [43] continued to extend their work with respect to two aspects. One is taking the concept of function calls in the transformation into consideration.…”

Section: Formal Verification Of Smart Contractmentioning

confidence: 99%

Formal Analysis of Reentrancy Vulnerabilities in Smart Contract Based on CPN

Dong

et al. 2023

Electronics

View full text Add to dashboard Cite

A smart contract is a special form of computer program that runs on a blockchain and provides a new way to implement financial and business transactions in a conflict-free and transparent environment. In blockchain systems such as Ethereum, smart contracts can handle and autonomously transfer assets of considerable value to other parties. Hence, it is particularly important to ensure that smart contracts function as intended since bugs or vulnerabilities may lead, and indeed have led, to substantial economic losses and erosion of trust for blockchain. While a number of approaches and tools have been developed to find vulnerabilities, formal methods present the highest level of confidence in the security of smart contracts. In this paper, we propose a formal solution to model a smart contract based on colored Petri nets (CPNs). Herein, we focus on the most common type of security bugs in smart contract, i.e., reentrancy bugs, which led to a serious financial loss of around USD 34 million for the Cream Finance project in 2021. We present a hierarchical CPN modelling method to analyze potential security vulnerabilities at the contract’s source code level. Then, modeling analysis methods such as correlation matrix, state space report and state space graph generated via CPN Tools simulation are exploited for formal analysis of smart contracts. The example shows the full state space and wrong path in accordance with our expected results. Finally, the conclusion was verified on the Ethereum network based on the Remix platform.

show abstract

“…Thereafter, ref. [43] continued to extend their work with respect to two aspects. One is taking the concept of function calls in the transformation into consideration.…”

Section: Formal Verification Of Smart Contractmentioning

confidence: 99%

Formal Analysis of Reentrancy Vulnerabilities in Smart Contract Based on CPN

Dong

et al. 2023

Electronics

View full text Add to dashboard Cite

show abstract

“…DuoW et al[Duo, 2020] introduced a formal analysis method of Ethereum smart contract based on CPN, which improved the existing bytecode program logic, de ned more complete Hoare pre-and post-conditions, thereby making it suitable for the CPN modelling. Garfatta et al(Garfatta, 2021) proposed a CPN-based formal veri cation method for Solidity smart contract. The main idea behind this approach is to transform the Solidity smart contracts to CPN.…”

mentioning

confidence: 99%

Formal verification of Reentrancy Vulnerability Based on CPN

Dong

et al. 2022

Preprint

View full text Add to dashboard Cite

A smart contract is a special form of computer program running on a blockchain, which provides a new way to implement financial and business transactions in a free-of-conflicts and transparent environment. In blockchain systems, such as Ethereum, smart contracts can handle and autonomously transfer assets of considerable value to other parties. Hence, it is particularly important to ensure that smart contracts function as intended since bugs or vulnerabilities may lead and indeed have led, to substantial economic losses and erosion of trust for blockchain. While a number of approaches and tools have been developed to find vulnerabilities, formal method presents the highest level of confidence about the security of smart contracts. In this paper, we propose a formal solution to model smart contract based on Colored Petri Net (CPN). Herein we focus on the most common type of security bugs in smart contract, i.e., reentrancy bug, which led to a serious financial loss of around $60 million in 2016. We present a hierarchical CPN modelling method to analyze potential security vulnerabilities at the contract’s source code level. Then modeling analysis methods such as correlation matrix, state space report and state space graph generated by CPN Tools simulation were exploited for formal analysis of smart contracts. The example shows the full state space and wrong path in accordance with our expected results. Finally, the conclusion was verified in the Ethereum network based on Remix platform.

show abstract