Abstract
Smart contracts are computer code that runs in blockchain and expresses the rules of an agreement among parties. A bug in their code has major consequences, such as rule violations and security attacks. Smart contracts are immutable and cannot be easily replaced to patch a bug. To overcome these problems, there exist automatic static analyzers that find bugs before smart contracts are installed in blockchain. However, this off-chain verification is optional: programmers are not forced to use it. This paper defines on-chain verification instead, that occurs inside the same blockchain nodes, when the code of smart contracts is installed. It acts as a mandatory entry filter that bans code that does not abide to the verification rules, that are consequently part of the consensus rules of the blockchain. Thus, an improvement in on-chain verification entails a consensus update of the network. This paper provides an implementation of on-chain verification for smart contracts written in the Takamaka subset of Java, running as a Tendermint application. It shows that on-chain verification works, reporting actual experiments.
Work supported by FSE – Regione del Veneto: DGR N. 1463/2019, Innovazione e ricerca per un Veneto più competitivo – Assegni di ricerca anno 2019.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The response might also contain an instrumentation of the code, as it is the case for the Java subset for programming smart contracts called Takamaka, that we use in our implementation. This is irrelevant here and we refer the interested reader to [14].
- 2.
The index #0 refers to the first object created during the execution of a request. In general, a request can instantiate many objects, depending on the code that it executes. For simplicity, this example assumes that only one has been instantiated.
- 3.
- 4.
- 5.
@FromContract and, later, @Payable are Java annotations, that is, a mechanism for adding metadata information to source and compiled code. They are irrelevant for the code executor, but can be used by code analysis and instrumentation tools.
- 6.
git clone –branch wtsc21 https://github.com/Hotmoka/hotmoka.git.
- 7.
References
Antonopoulos, A.M.: Mastering Bitcoin: Unlocking Digital Cryptocurrencies, 2nd edn. O’Reilly (2017)
Antonopoulos, A.M., Wood, G.: Mastering Ethereum: Building Smart Contracts and Dapps. O’Reilly (2018)
Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on ethereum smart contracts (SoK). In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 164–186. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54455-6_8
Buterin, V.: Ethereum Whitepaper (2013). Available at https://ethereum.org/en/whitepaper/
Chen, J., Micali, S.: Algorand: a secure and efficient distributed ledger. Theor. Comput. Sci. 777, 155–183 (2019)
Feist, J., Grieco, G., Groce, A.: Slither: a static analysis framework for smart contracts. In: 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB@ICSE 2019), Montreal, QC, Canada, May 2019, pp. 8–15. IEEE/ACM (2019)
Grieco, G., Song, W., Cygan, A., Feist, J., Groce, A.: Echidna: effective, usable, and fast fuzzing for smart contracts. In: 29th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2020), USA, July 2020, pp. 557–560. ACM (2020)
Kwon, J.: Tendermint: consensus without mining. Available at https://tendermint.com/static/docs/tendermint.pdf (2014)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Available at https://bitcoin.org/bitcoin.pdf (2008)
Oliva, G.A., Hassan, A.E., Jiang, Z.M.: An exploratory study of smart contracts in the ethereum blockchain platform. Empirical Softw. Eng. 25(3), 1864–1904 (2020)
Popper, N.: A hacking of more than \$50 Million dashes hopes in the world of virtual currency. The New York Times, 18 June 2016
Sedlmeir, J., Buhl, H.U., Fridgen, G., Keller, R.: The energy consumption of blockchain technology: beyond myth. Bus. Inf. Syst. Eng. 62(6), 599–608 (2020)
Spoto, F.: The Julia static analyzer for java. In: Rival, X. (ed.) SAS 2016. LNCS, vol. 9837, pp. 39–57. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53413-7_3
Spoto, F.: A java framework for smart contracts. In: Bracciali, A., Clark, J., Pintore, F., Rønne, P.B., Sala, M. (eds.) FC 2019. LNCS, vol. 11599, pp. 122–137. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-43725-1_10
Spoto, F.: Enforcing determinism of java smart contracts. In: Bernhard, M., et al. (eds.) FC 2020. LNCS, vol. 12063, pp. 568–583. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-54455-3_40
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 International Financial Cryptography Association
About this paper
Cite this paper
Olivieri, L., Spoto, F., Tagliaferro, F. (2021). On-Chain Smart Contract Verification over Tendermint. In: Bernhard, M., et al. Financial Cryptography and Data Security. FC 2021 International Workshops. FC 2021. Lecture Notes in Computer Science(), vol 12676. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-63958-0_28
Download citation
DOI: https://doi.org/10.1007/978-3-662-63958-0_28
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-63957-3
Online ISBN: 978-3-662-63958-0
eBook Packages: Computer ScienceComputer Science (R0)