Is Solidity Solid Enough?

Crafa, Silvia; Di Pirro, Matteo; Zucca, Elena

doi:10.1007/978-3-030-43725-1_11

Silvia Crafa¹³,
Matteo Di Pirro¹³ &
Elena Zucca¹⁴

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11599))

Included in the following conference series:

International Conference on Financial Cryptography and Data Security

1052 Accesses
14 Citations

Abstract

We introduce Featherweight Solidity, a calculus formalizing the core features of the Solidity language, thus providing a fundamental step to reason about safety properties of smart contracts’ source code. The formalization includes a static type system that represents the foundation of the Solidity compiler. We show that it prevents some errors whereas many others, such as accesses to a non existing function or state variable, are only detected at runtime and cause interruption and rolling-back of transactions. We then propose a refinement of the type system that is retro-compatible with original Solidity code, and statically captures more errors, such as unsafe casts and unsafe call-back expressions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
In the examples, we use additional constructs, such as loops, booleans and key-value mappings (for the standard formalization see [6]).
2.
In some cases Solidity tries to convert values from the provided to the expected type, but no documentation about the precise behavior is available.

References

Solidity. https://solidity.readthedocs.io/en/develop/index.html. Release 0.4.25
Alt, L., Reitwiessner, C.: SMT-based verification of solidity smart contracts. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11247, pp. 376–388. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03427-6_28
Chapter Google Scholar
Amani, S., Bégel, M., Bortin, M., Staples, M.: Towards verifying Ethereum smart contract bytecode in Isabelle/HOL. In: Certified Programs and Proofs, pp. 66–77. ACM (2018)
Google Scholar
Bhargavan, K., et al.: Formal verification of smart contracts: short paper. In: ACM Workshop on Programming Languages and Analysis for Security, pp. 91–96. ACM (2016)
Google Scholar
Buterin, V.: A next-generation smart contract and decentralized application platform (white paper). Technical report (2014)
Google Scholar
Di Pirro, M.: How solid is Solidity? An in-dept study of solidity’s type safety. Master’s thesis, Università di Padova, September 2018. http://tesi.cab.unipd.it/61297/
Grishchenko, I., Maffei, M., Schneidewind, C.: A semantic framework for the security analysis of Ethereum smart contracts. In: Bauer, L., Küsters, R. (eds.) POST 2018. LNCS, vol. 10804, pp. 243–269. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89722-6_10
Chapter Google Scholar
Hildenbrandt, E., et al.: KEVM: a complete formal semantics of the Ethereum virtual machine. In: Computer Security Foundations Symposium, CSF, pp. 204–217 (2018)
Google Scholar
Igarashi, A., Pierce, B.C., Wadler, P.: Featherweight Java: a minimal core calculus for Java and GJ. ACM TOPLAS 23(3), 396–450 (2001)
Article Google Scholar
Kalra, S., Goel, S., Dhawan, M., Sharma, S.: ZEUS: analyzing safety of smart contracts. In: Network and Distributed System Security Symposium (2018)
Google Scholar
Lattner, C., Adve, V.: LLVM: a compilation framework for lifelong program analysis & transformation. In: Code generation and optimization: feedback-directed and runtime optimization, p. 75. IEEE (2004)
Google Scholar
Shishkin, E.: Debugging smart contract’s business logic using symbolic model-checking. arXiv preprint arXiv:1812.00619 (2018)
Tikhomirov, S., Voskresenskaya, E., Ivanitskiy, I., Takhaviev, R., Marchenko, E., Alexandrov, Y.: SmartCheck: static analysis of Ethereum smart contracts. In: Workshop on Emerging Trends in Software Engineering for Blockchain, pp. 9–16 (2018)
Google Scholar
Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Proj. Yellow Pap. 151, 1–32 (2014)
Google Scholar

Download references

Author information

Authors and Affiliations

University of Padova, Padua, Italy
Silvia Crafa & Matteo Di Pirro
DIBRIS, University of Genova, Genoa, Italy
Elena Zucca

Authors

Silvia Crafa
View author publications
You can also search for this author in PubMed Google Scholar
Matteo Di Pirro
View author publications
You can also search for this author in PubMed Google Scholar
Elena Zucca
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Silvia Crafa .

Editor information

Editors and Affiliations

Stirling University, Stirling, UK
Andrea Bracciali
Concordia University, Montréal, QC, Canada
Jeremy Clark
University of Oxford, Oxford, UK
Federico Pintore
University of Luxembourg, Esch-sur-Alzette, Luxembourg
Peter B. Rønne
University of Trento, Trento, Italy
Massimiliano Sala

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Crafa, S., Di Pirro, M., Zucca, E. (2020). Is Solidity Solid Enough?. In: Bracciali, A., Clark, J., Pintore, F., Rønne, P., Sala, M. (eds) Financial Cryptography and Data Security. FC 2019. Lecture Notes in Computer Science(), vol 11599. Springer, Cham. https://doi.org/10.1007/978-3-030-43725-1_11

Download citation

DOI: https://doi.org/10.1007/978-3-030-43725-1_11
Published: 13 March 2020
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-43724-4
Online ISBN: 978-3-030-43725-1
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics