Aron Laszka, Anastasia Mavridou, Scott Eisele, Emmanouela Statchtiari, Abhishek Dubey
First International Summer School on Security and Privacy for Blockchains and Distributed Ledger Technologies, BDLT 2019, Vienna, Austria 2019
Smart contract vulnerabilities present serious security risks, particularly in energy trading platforms where financial consequences of errors are severe. VeriSolid is innovative because it provides a correct-by-design approach that integrates formal verification at specification time rather than attempting to patch vulnerabilities post-deployment. The framework makes formal methods accessible to developers through automated code generation and natural-language templates.
This paper presents VeriSolid, a framework for formal verification of Ethereum smart contracts used in energy trading platforms. The framework provides a design and verification workflow combining transition-system based models with a Solidifier code generator for correct-by-design smart contracts. The approach enables automated verification of safety properties while providing high-level feedback to developers about contract correctness.
VeriSolid successfully detected critical bugs in the TRANSAX energy trading smart contract, identifying violations of specified safety properties and generating meaningful developer feedback. The framework demonstrated the ability to formally verify desired contract behavior and ensure deadlock freedom. The approach proved effective at identifying vulnerabilities that could otherwise persist in deployed contracts.
@inproceedings{LaszkaVerisolid2019,
author = {Laszka, Aron and Mavridou, Anastasia and Eisele, Scott and Statchtiari, Emmanouela and Dubey, Abhishek},
booktitle = {First International Summer School on Security and Privacy for Blockchains and Distributed Ledger Technologies, BDLT 2019, Vienna, Austria},
title = {VeriSolid for TRANSAX: Correct-by-Design Ethereum Smart Contracts for Energy Trading},
year = {2019},
month = {sep},
abstract = {The adoption of blockchain based platforms is rising rapidly. Their popularity is explained by their ability to maintain a distributed public ledger, providing reliability, integrity, and auditability with- out a trusted entity. Recent platforms, e.g., Ethereum, also act as distributed computing platforms and enable the creation of smart contracts, i.e., software code that runs on the platform and automatically executes and enforces the terms of a contract. Since smart contracts can perform any computation, they allow the develop- ment of decentralized applications, whose execution is safeguarded by the security properties of the underlying platform. Due to their unique advantages, blockchain based platforms are envisioned to have a wide range of applications, ranging from financial to the Internet-of-Things. However, the trustworthiness of the platform guarantees only that a smart contract is executed correctly, not that the code of the contract is correct. In fact, a large number of contracts deployed in practice suffer from software vulnerabilities, which are often introduced due to the semantic gap between the assumptions that contract writers make about the underlying execution semantics and the actual semantics of smart contracts. A recent automated analysis of 19,336 smart contracts deployed in practice found that 8,333 of them suffered from at least one security issue. Although this study was based on smart contracts deployed on the public Ethereum blockchain, the analyzed security issues were largely plat- form agnostic. Security vulnerabilities in smart contracts present a serious issue for two main reasons. Firstly, smart-contract bugs cannot be patched. By design, once a contract is deployed, its func- tionality cannot be altered even by its creator. Secondly, once a faulty or malicious transaction is recorded, it cannot be removed from the blockchain ({\textquotedblleft}code is law{\textquotedblright} principle). The only way to roll back a transaction is by performing a hard fork of the blockchain, which requires consensus among the stakeholders and undermines the trustworthiness of the platform. In light of this, it is crucial to ensure that a smart contract is se- cure before deploying it and trusting it with significant amounts of cryptocurrency. To this end, we present the VeriSolid framework for the formal verification and generation of contracts that are specified using a transition-system based model with rigorous operational semantics. VeriSolid provides an end-to-end design framework, which combined with a Solidity code generator, allows the correct- by-design development of Ethereum smart contracts. To the best of our knowledge, VeriSolid is the first framework to promote a model- based, correctness-by-design approach for blockchain-based smart contracts. Properties established at any step of the VeriSolid design flow are preserved in the resulting smart contracts, guaranteeing their correctness. VeriSolid fully automates the process of verifica- tion and code generation, while enhancing usability by providing easy-to-use graphical editors for the specification of transition sys- tems and natural-like language templates for the specification of formal properties. By performing verification early at design time, VeriSolid provides a cost-effective approach since fixing bugs later in the development process can be very expensive. Our verification approach can detect typical vulnerabilities, but it may also detect any violation of required properties. Since our tool applies verifi- cation at a high-level, it can provide meaningful feedback to the developer when a property is not satisfied, which would be much harder to do at bytecode level. We present the application of VeriSolid on smart contracts used in Smart Energy Systems such as transactive energy platforms. In particular, we used VeriSolid to design and generate the smart contract that serves as the core of the TRANSAX blockchain-based platform for trading energy futures. The designed smart contract allows energy producers and consumers to post offers for selling and buying energy. Since optimally matching selling offers with buying offers can be very expensive computationally, the contract relies on external solvers to compute and submit solutions to the matching problem, which are then checked by the contract. Using VeriSolid, we defined a set of safety properties and we were able to detect bugs after performing analysis with the NuSMV model checker.},
category = {workshop},
contribution = {colab},
file = {:LaszkaVerisolid2019Poster.pdf:PDF},
keywords = {smart contracts, formal verification, energy trading, blockchain, correct-by-design, Ethereum},
project = {cps-blockchains,transactive-energy},
tag = {platform,decentralization,power},
month_numeric = {9}
}