-
Foundational Verification of Smart Contracts through Verified Compilation
Authors:
Vilhelm Sjöberg,
Kinnari Dave,
Daniel Britten,
Maria A Schett,
Xinyuan Sun,
Qinshi Wang,
Sean Noble Anderson,
Steve Reeves,
Zhong Shao
Abstract:
Programs executed on a blockchain - smart contracts - have high financial stakes; their correctness is crucial. We argue, that this correctness needs to be foundational: correctness needs to be based on the operational semantics of their execution environment. In this work we present a foundational system - the DeepSEA system - targeting the Ethereum blockchain as the largest smart contract platfo…
▽ More
Programs executed on a blockchain - smart contracts - have high financial stakes; their correctness is crucial. We argue, that this correctness needs to be foundational: correctness needs to be based on the operational semantics of their execution environment. In this work we present a foundational system - the DeepSEA system - targeting the Ethereum blockchain as the largest smart contract platform. The DeepSEA system has a small but sufficiently rich programming language amenable for verification, the DeepSEA language, and a verified DeepSEA compiler. Together they enable true end-to-end verification for smart contracts. We demonstrate usability through two case studies: a realistic contract for Decentralized Finance and contract for crowdfunding.
△ Less
Submitted 14 May, 2024;
originally announced May 2024.
-
Embedding a Deterministic BFT Protocol in a Block DAG
Authors:
Maria A Schett,
George Danezis
Abstract:
This work formalizes the structure and protocols underlying recent distributed systems leveraging block DAGs, which are essentially encoding Lamport's happened-before relations between blocks, as their core network primitives. We then present an embedding of any deterministic Byzantine fault tolerant protocol $\mathcal{P}$ to employ a block DAG for interpreting interactions between servers. Our ma…
▽ More
This work formalizes the structure and protocols underlying recent distributed systems leveraging block DAGs, which are essentially encoding Lamport's happened-before relations between blocks, as their core network primitives. We then present an embedding of any deterministic Byzantine fault tolerant protocol $\mathcal{P}$ to employ a block DAG for interpreting interactions between servers. Our main theorem proves that this embedding maintains all safety and liveness properties of $\mathcal{P}$. Technically, our theorem is based on the insight that a block DAG merely acts as an efficient reliable point-to-point channel between instances of P while also using $\mathcal{P}$ for efficient message compression.
△ Less
Submitted 6 June, 2021; v1 submitted 18 February, 2021;
originally announced February 2021.
-
Blockchain Superoptimizer
Authors:
Julian Nagele,
Maria A Schett
Abstract:
In the blockchain-based, distributed computing platform Ethereum, programs called smart contracts are compiled to bytecode and executed on the Ethereum Virtual Machine (EVM). Executing EVM bytecode is subject to monetary fees---a clear optimization target. Our aim is to superoptimize EVM bytecode by encoding the operational semantics of EVM instructions as SMT formulas and leveraging a constraint…
▽ More
In the blockchain-based, distributed computing platform Ethereum, programs called smart contracts are compiled to bytecode and executed on the Ethereum Virtual Machine (EVM). Executing EVM bytecode is subject to monetary fees---a clear optimization target. Our aim is to superoptimize EVM bytecode by encoding the operational semantics of EVM instructions as SMT formulas and leveraging a constraint solver to automatically find cheaper bytecode. We implement this approach in our EVM Bytecode SuperOptimizer ebso and perform two large scale evaluations on real-world data sets.
△ Less
Submitted 12 May, 2020;
originally announced May 2020.
-
Deconstructing Stellar Consensus (Extended Version)
Authors:
Álvaro García-Pérez,
Maria A. Schett
Abstract:
Some of the recent blockchain proposals, such as Stellar and Ripple, allow for open membership while using quorum-like structures typical for classical Byzantine consensus with closed membership. This is achieved by constructing quorums in a decentralised way: each participant independently chooses whom to trust, and quorums arise from these individual decisions. Unfortunately, the consensus proto…
▽ More
Some of the recent blockchain proposals, such as Stellar and Ripple, allow for open membership while using quorum-like structures typical for classical Byzantine consensus with closed membership. This is achieved by constructing quorums in a decentralised way: each participant independently chooses whom to trust, and quorums arise from these individual decisions. Unfortunately, the consensus protocols underlying such blockchains are poorly understood, and their correctness has not been rigorously investigated. In this paper we rigorously prove correct the Stellar Consensus Protocol (SCP), with our proof giving insights into the protocol structure and its use of lower-level abstractions. To this end, we first propose an abstract version of SCP that uses as a black box Stellar's federated voting primitive (analogous to reliable Byzantine broadcast), previously investigated by García-Pérez and Gotsman. The abstract consensus protocol highlights a modular structure in Stellar and can be proved correct by reusing the previous results on federated voting. However, it is unsuited for realistic implementations, since its processes maintain infinite state. We thus establish a refinement between the abstract protocol and the concrete SCP that uses only finite state, thereby carrying over the result about the correctness of former to the latter. Our results help establish the theoretical foundations of decentralised blockchains like Stellar and gain confidence in their correctness.
△ Less
Submitted 13 December, 2019; v1 submitted 12 November, 2019;
originally announced November 2019.
-
Kruskal's Tree Theorem for Acyclic Term Graphs
Authors:
Georg Moser,
Maria A. Schett
Abstract:
In this paper we study termination of term graph rewriting, where we restrict our attention to acyclic term graphs. Motivated by earlier work by Plump we aim at a definition of the notion of simplification order for acyclic term graphs. For this we adapt the homeomorphic embedding relation to term graphs. In contrast to earlier extensions, our notion is inspired by morphisms. Based on this, we est…
▽ More
In this paper we study termination of term graph rewriting, where we restrict our attention to acyclic term graphs. Motivated by earlier work by Plump we aim at a definition of the notion of simplification order for acyclic term graphs. For this we adapt the homeomorphic embedding relation to term graphs. In contrast to earlier extensions, our notion is inspired by morphisms. Based on this, we establish a variant of Kruskal's Tree Theorem formulated for acyclic term graphs. In proof, we rely on the new notion of embedding and follow Nash-Williams' minimal bad sequence argument. Finally, we propose a variant of the lexicographic path order for acyclic term graphs.
△ Less
Submitted 12 September, 2016;
originally announced September 2016.