These smart contract vulnerabilities may affect the security of your account!

Abstract: Consortium Chain Smart Contract Formal Verification Revealed, explaining why we need to perform formal verification of smart contracts on the blockchain, as well as the classification of formal verification and the form introduced by the industry for each category Finally, the author described the problems faced by various methods of formal verification and the prospects for the development of technology in this field.

This article is shared from the Huawei Cloud Community " These smart contract vulnerabilities may affect your account security! , author: Ophiopogon.

What is formal verification?

Wikipedia’s interpretation of formal verification is as follows: In the design process of computer hardware (especially integrated circuits) and software systems, the meaning of formal verification is to use mathematics according to some or some formal specifications or attributes. Method to prove its correctness or incorrectness. Traditionally, it is commonly used in the field of hardware design. The main reason is that the hardware design cycle is long and the cost is high. Once it is produced, it is difficult to change. For example, if a CPU design has already produced a chip, then a problem is a major issue. Formal verification can be divided into three categories: Abstract Interpretation, Formal Model Checking (also known as Characteristic Checking), and Theory Prover.

Why do blockchain smart contracts need formal verification?

Programs that can be programmed and run automatically in the blockchain system are called smart contracts. Smart contracts were first applied on the Ethereum blockchain platform. For example, Solidity is a smart contract programming language to enable traditional application developers to write smart contracts. At the beginning, there were only a few hundred people in the world who knew the Solidity language. Later, with the popularity of Ethereum and blockchain, the number of people participating in Solidity smart contracts began to increase, but compared with the entire IT market, people who can write smart contracts Still too few, a large number of IT practitioners can only learn Solidity if they want to develop smart contracts. In order to allow more IT practitioners to participate in the writing of smart contracts and the realization of business rules, the smart contract platform has expanded its support for more mainstream languages and even high-level languages on the basis of the original Solidity, so that more ordinary IT practitioners can be employed. People also have the possibility to write smart contracts. A large number of developers who are familiar with Java, Go, Php and other technical programming can participate in the development of smart contracts.

However, because blockchain transactions are immutable, errors in the smart contract code can have devastating consequences and undermine the trust in the underlying blockchain technology. For example, the infamous TheDAO vulnerability resulted in the loss of nearly US$60 million in ether, and the parity wallet vulnerability caused the US$169 million in ether to be locked up forever. The only remedy to resolve these incidents is to hard fork the blockchain and restore one of the forks to the state before the incident. However, this remedy itself is devastating because it destroys the core values of blockchain, such as immutability and decentralized trust. However, the purpose of writing smart contracts is for industry applications. Once applied in practice, the security of smart contracts must be considered. In order for smart contracts to achieve machine credibility, it is necessary to exclude the destruction of smart contracts due to human factors. The formal verification of smart contracts provides a provable security verification mechanism. The concepts, judgments, and reasoning in the contract are transformed into smart contract models through formal language, which can eliminate the ambiguity and non-universality of natural language, and then adopt formal Chemical tools model, analyze, and verify smart contracts, conduct consistency tests, and finally automatically generate verified contract codes to form a credible full life cycle of smart contract production. The security risks that have appeared in the market can be investigated and audited. The security of the audited smart contract code is naturally enhanced. At the same time, the formal verification of smart contracts is also the most reliable measure to ensure the security of smart contracts. Industry applications of blockchain and smart contracts require formal verification of smart contracts to eliminate potential safety hazards.

Classification of formal verification methods for smart contracts

The industry usually has some general methods for formal verification of smart contracts, which are roughly divided into the following general methods, each of which is supported by some tools and frameworks.

1. Proof of Theorem

Theorem proof is a formal method that uses deductive reasoning to provide proof in symbolic logic. In this method, each step of the proof will introduce an axiom or a premise, and provide a statement, use predicate logic to derive it, and finally get the result you want to verify. In the process of proving that the system meets the key expectations, a theorem prover is generally used to do auxiliary verification work, because this needs to turn the manual proof process into a series of symbolic calculus that can be run on a computer, and the correctness can be checked.

The advantage is that this method uses mathematical methods and derives through axioms or premises to ensure the rigor of verification. The disadvantage is that different types of source codes need to be converted into verification codes of related frameworks before mathematical verification, but there is no good way to ensure the consistency of the conversion between source code and verification code, which is costly and has a high level of automation. Low, the correctness is also difficult to guarantee. In the field of blockchain smart contracts, strong demands for high privacy, security, functionality, and semantic consistency are generally guaranteed by this method.

The industry has realized the ability to support the theorem by many tools and frameworks. Basically, there are the following tools:

Solidity and EVM , the framework uses the functional language F analyze and verify the correctness of the Solidity smart contract runtime. F is a functional programming language used to formally verify the correctness of the program.

Corral is an analysis tool for Boogie language. By default, Corral will perform a bounded search until the recursion depth and fixed number reach a certain limit. Boogie is an intermediate verification language designed to build an intermediate layer of verification programs in other languages.

Coq is an interactive theorem proving assistant, which provides a formal language to write mathematical definitions, executable algorithms and theorems

Isabelle/HOL is a general interactive theorem prover based on high-order logic.

Raziel is a programming framework used to verify the security of multi-party calculations of smart contracts and provide protection for the privacy of smart contracts.

2. Symbolic execution

Symbolic execution (English: symbolic execution) is a program analysis technology in the field of computer science, which uses abstract symbols instead of precise values as program input variables to obtain abstract output results for each path. This technology has a certain application in hardware and low-level program testing, and can effectively find loopholes in the program. The advantage of this method is that the symbol value is used as input. With the help of corresponding tools, specific test cases can be obtained, and the code coverage rate is very high. This method is essentially a test. It cannot be 100% proved that the smart contract is no problem, because it is difficult to cover all scenarios with 100% based on the test. Generally, this method is recommended for the security of the contract. Functional verification will recommend this method. .

Some well-known architectures based on symbolic execution in the industry are as follows:

• SASC, this tool is used to discover potential logical risks. It is a static analysis tool and can generate a topology map of the call relationship.
• MAIAN, this tool is used to search for vulnerabilities and is designed to use symbolic analysis and specific validators to track attributes in smart contracts.
• Securify, this tool is used for security vulnerability analysis, it is a tool specifically for Ethereum smart contracts.
• Mythril, this tool is used for code security analysis, is a tool for symbolic execution of smart contracts on Ethereum.
• Verx is a validator that can automatically verify the functionality of Ethereum smart contracts. Ethereum-related issues can be used in combination with the above three tools to increase coverage.
• Oyente, this tool is used to detect potential security vulnerabilities in contract code. It is a testing tool based on symbolic execution technology.

3. Model checking

Model checking (model checking) is an important automatic verification and analysis technology, proposed by Clarke and Emerson and Quelle and Sifakis, mainly through explicit state search or implicit fixed point calculation to verify the model of the finite state concurrent system State/propositional nature. The basic idea is that it is much easier to test whether a structure satisfies a formula than to prove that the formula is satisfied under all structures, and then a new form of verification to test the satisfiability of the formula on the finite state model is created for concurrent systems. The method is also used to verify the correctness of the smart contract.

Its advantage is that it can use the existing model checking tools on the market, and it supports automated verification and reduces human involvement. However, it cannot guarantee the completeness and correctness of the model checking tools used. Excessive contract complexity will cause the state space to explode, which will result in the inability to complete the verification ability. Under normal circumstances, the security of the contract needs to be guaranteed, and the functionality will use this method.

There are many tools and architectures of this type in the industry as follows:

• NuSMV, this tool is used for industrial design verification, has extremely high reliability, and is designed as an open architecture for model checking. It is a re-implementation and extension of SMV tools, and SMV is the first BDD-based model checker.
• BIP, this framework includes a complete set of tools that support modeling, model conversion, simulation, verification, and code generation. It also supports hierarchical structure and is designed as a general system-level formal modeling framework.
• Prism, this tool is only for systems that exhibit random or probabilistic behaviors. It is designed as a probabilistic model checker to formally model and analyze probabilistic behaviors.
• SMC, this tool is designed as a model checker to check the safety and liveness of concurrent programs under different fairness assumptions.

4. Formal Modeling

The relationship between different components can be defined through accurate mathematical statements and model components, and the ambiguity in the system can be eliminated. This technique for designing a system is formal modeling. The simulation results of the system based on this method are reproducible, and there will be no incidents. The advantage of this method is to use precise mathematical statements or model components to design the system to ensure that the simulation results can be reproduced. However, this method mostly uses existing modeling frameworks on the market, and the completeness and correctness of the framework cannot be guaranteed. Based on the privacy, security and functionality of smart contracts, this method can be used to verify. Hydra is a framework based on formal modeling. The framework encourages developers and users to honestly disclose errors and vulnerabilities in smart contracts. Its design is based on the bug bounty model and NNVP programming.

5. Finite State Machine

The finite state machine is a tool used to model the behavior of an object. Its function is mainly to describe the state sequence that the object experiences during its life cycle and how to respond to various events from the outside world. The execution of smart contracts can also be seen as the transition from one state to the next.

The advantages of this method are simple thinking-oriented, the abstract conversion of smart contracts into the form of state machines, easy operation, and a graphical interface. However, the quality of the state definition has a strong correlation with the difficulty of verifying the smart contract, and the high complexity of the contract will also cause the state space to explode. For the security of smart contracts, semantic consistency checks generally use this method.

The general tools in the industry are introduced as follows:

• Contract Larva, this tool can verify the security status of the smart contract when it is running, it currently only supports Ethereum's Solidity.
• VeriSol, this tool supports formal testing of the consistency of smart contract semantics. The specific principle is to use access control policies to check the state machine workflow.
• FSolidM, this tool can automatically generate Ethereum smart contract code, and has a graphical interface. The interface supports the design and verification of smart contracts in the form of a finite state machine.
• SPIN, this tool can detect whether a finite state system satisfies the PLTL formula and other properties, including whether it has loops or reachability. It is an explicit model checking tool.

6. Colored Petri Net

Petri nets were invented by Carl Adam Petri in the 1960s and are suitable for describing asynchronous and concurrent system models. The so-called colored Petri net is based on the original Petri net by adding elements such as color set and model declaration, which can express more complex type information. The advantage of this method is that it is based on the existing Petri net model, carries out formal verification, has a good semantic description and has a graphical interface. However, when the smart contract logic is more complicated, it may cause a series of problems such as increased difficulty in generating reachability graphs and explosion of state space. For the security of smart contracts, functional verification can choose this method.

Problems and Prospects of Current Technology Application

Although there have been some achievements and progress in the formal verification of smart contracts, this field has only just begun, and there is still a long way to go before it is fully developed. The following problems may still exist in the commercial process:

• Usability issues, formal verification usually requires personnel with professional knowledge to participate in debugging, usually those involved in writing smart contracts cannot master this technology to verify the correctness of the contract, it takes a lot of money to find professionals to spend a long time to complete Detection. Automated formal verification of smart contracts also has related limitations. In general, the more automated the methods and frameworks, the more limited the nature of verification of smart contracts. It is a problem that needs to be solved urgently to expand the universality of the automated formal verification method, and to support the use of non-professionals, so that it can stand on the widespread application of the formal smart contract method.
• There are problems with the time and memory of the computer performing the verification. Formal verification discovers the possibility of errors and security issues by exploring as many execution states as possible. In this case, the upper limit of the memory and execution time of the computer while it is running becomes the basic limitation of complex programs and protocols. In commercial scenarios, it is impossible for users to implement detection results, and long waiting and analysis will also affect the relevant experience.
• The issue of correctness, when we use formal verification tools, we convert the code, security objectives, and operating environment between different models through the tool, and convert the high-level language into a language supported by the formal verification tool. The execution result of the tool determines the accuracy of the formalization. However, we do not have a good tool to check the accuracy of language conversion or model conversion, and the lack of semantic consistency between the source code and the target language requires rigorous proof. For any formal system, we need to check the correctness by looking at the human formal code, so this limits the general applicability of formal verification.
• The issue of trust, the current methods of formal verification of smart contracts are increasing. How to judge the accuracy of this method, the necessity of verification, and the efficiency of verifying the contract depends on the developer's experience. Is this method compatible? There is no difference in testing without formal verification. And when the cost of solving the problem exceeds the problem itself, we also question whether it makes sense to solve the problem.

We believe that with the legalization of smart contract applications and the development of blockchain technology, formal verification methods will play an increasingly important role in the full life cycle of smart contracts and be more commonly used. Based on the above problems and existing methods, Huawei's blockchain service has also created its own formal verification tool, giving the correctness and necessity of its proof content, and improving its verification efficiency, which is also an automated formalization for the industry. The verification method gives a path of exploration and thinking.

1. Luu, L.; Chu, D.H.; Olickel, H.; Saxena, P.; Hobor, A. Making smart contracts smarter. In Proceedings of the ACM SIGSAC Conf. Comput. Commun. Securit, New York, NY, USA, 24–28 October 2016; pp. 254–269.
2. Atzei, N.; Bartoletti, M.; Cimoli, T. A Survey of Attacks on Ethereum Smart Contracts (SoK). In Proceedings of the Int. Conf. Princ. Secur. Trust, Uppsala, Sweden, 22–29 April 2017; pp. 164–186. 3. The DAO Attacked: Code Issue Leads to $60 Million Ether Theft. Available online: https://www.coindesk. com/dao-attacked-code-issue-leads-60-million-ether-theft/ (accessed on 17 June 2017).
3. Liu, J.; Liu, Z.T. A Survey on Security Verification of Blockchain Smart Contracts. IEEE Access 2019, 7, 77894–77904. [CrossRef]
4. Wang Puwei, Yang Hangtian, Meng Ji, etc. The formal definition and reference implementation of contract-oriented smart contracts [J]. Journal of Software, 2019, 30(9): 2608-2619.
5. Hu Kai, Bai Xiaomin, etc. Formal verification method of smart contract [J]. Information Security Research, 2016, 2(12): 1080-1089.

Click to follow and learn about Huawei Cloud's fresh technology for the first time~