Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts:...
Transcript of Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts:...
![Page 1: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/1.jpg)
1/70
Monitoring Smart Contracts:ContractLarva and Open Challenges
Beyond
Shaun Azzopardi, Joshua Ellul, Gordon J. Pace
Department of Computer Science, Centre for Distributed Ledger Technologies,University of Malta
November 2018
![Page 2: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/2.jpg)
2/70
CONTRACTLARVA
![Page 3: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/3.jpg)
3/70
Motivation for analysis of Smart Contracts
I Smart contracts deal with money and have been thesubject of many high-profile vulnerabilities.
I Smart contracts are not contracts: they specify thehow not what should or can happen.
I Analysis to point out potential misuse of thelanguage.
I Analysis for checking compliance to a contract.
![Page 4: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/4.jpg)
3/70
Motivation for analysis of Smart Contracts
I Smart contracts deal with money and have been thesubject of many high-profile vulnerabilities.
I Smart contracts are not contracts: they specify thehow not what should or can happen.
I Analysis to point out potential misuse of thelanguage.
I Analysis for checking compliance to a contract.
![Page 5: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/5.jpg)
3/70
Motivation for analysis of Smart Contracts
I Smart contracts deal with money and have been thesubject of many high-profile vulnerabilities.
I Smart contracts are not contracts: they specify thehow not what should or can happen.
I Analysis to point out potential misuse of thelanguage.
I Analysis for checking compliance to a contract.
![Page 6: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/6.jpg)
3/70
Motivation for analysis of Smart Contracts
I Smart contracts deal with money and have been thesubject of many high-profile vulnerabilities.
I Smart contracts are not contracts: they specify thehow not what should or can happen.
I Analysis to point out potential misuse of thelanguage.
I Analysis for checking compliance to a contract.
![Page 7: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/7.jpg)
4/70
What is the context for analysis?
The smart contract concrete code.
![Page 8: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/8.jpg)
5/70
What is the context for analysis?
ActorThe smart contract concrete code + the interaction of theuser.
![Page 9: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/9.jpg)
6/70
What is the context for analysis?
Actor ......
Blockchain Address SpaceThe smart contract concrete code + the interaction of theuser + the rest of the blockchain.
![Page 10: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/10.jpg)
7/70
What kind of analysis is ideal?
I Pre-deployment: Ideal, certifies correctness withrespect to specification.
But difficult e.g.state-explosion problems.
I Post-deployment: Costs gas, but precise.
![Page 11: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/11.jpg)
7/70
What kind of analysis is ideal?
I Pre-deployment: Ideal, certifies correctness withrespect to specification.But difficult e.g.state-explosion problems.
I Post-deployment: Costs gas, but precise.
![Page 12: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/12.jpg)
8/70
State of pre-deployment analysis forEthereum
I In its infancy.I Many code analysis tools with false positives and
false negatives, but also promising tools (e.g. KEVM).
I Our judgement:I Static analysis can be useful, but imprecision means
we are not currently able to prove business logicproperties fully.
I Offline verification is hard, even with fully developedtools analyses will not be able to prove someproperties for some programs.
I Our solution: RV.
![Page 13: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/13.jpg)
8/70
State of pre-deployment analysis forEthereum
I In its infancy.I Many code analysis tools with false positives and
false negatives, but also promising tools (e.g. KEVM).I Our judgement:
I Static analysis can be useful, but imprecision meanswe are not currently able to prove business logicproperties fully.
I Offline verification is hard, even with fully developedtools analyses will not be able to prove someproperties for some programs.
I Our solution: RV.
![Page 14: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/14.jpg)
8/70
State of pre-deployment analysis forEthereum
I In its infancy.I Many code analysis tools with false positives and
false negatives, but also promising tools (e.g. KEVM).I Our judgement:
I Static analysis can be useful, but imprecision meanswe are not currently able to prove business logicproperties fully.
I Offline verification is hard, even with fully developedtools analyses will not be able to prove someproperties for some programs.
I Our solution: RV.
![Page 15: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/15.jpg)
8/70
State of pre-deployment analysis forEthereum
I In its infancy.I Many code analysis tools with false positives and
false negatives, but also promising tools (e.g. KEVM).I Our judgement:
I Static analysis can be useful, but imprecision meanswe are not currently able to prove business logicproperties fully.
I Offline verification is hard, even with fully developedtools analyses will not be able to prove someproperties for some programs.
I Our solution: RV.
![Page 16: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/16.jpg)
9/70
The CONTRACTLARVA approach
I Runtime verification as a lightweight approach toanalysis.
I At the level of Solidity code.I Specification language: Symbolic automata.
![Page 17: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/17.jpg)
10/70
Workflow
Figure: Workflow using CONTRACTLARVA
CONTRACTLARVA can be used to:I Check properties at runtime;I Prevent bad behaviour at runtime; andI Orchestrate the behaviour between different parties.
![Page 18: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/18.jpg)
10/70
Workflow
Figure: Workflow using CONTRACTLARVA
CONTRACTLARVA can be used to:I Check properties at runtime;I Prevent bad behaviour at runtime; andI Orchestrate the behaviour between different parties.
![Page 19: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/19.jpg)
11/70
Runtime Points of Interest
I Control-flow triggersI before: functionName(param)
1 modifier beforeEvent(uint param)2 <transition-logic>3 _; //function continues here4
1 function functionName(uint param)2 ...3
![Page 20: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/20.jpg)
11/70
Runtime Points of Interest
I Control-flow triggersI before: functionName(param)
1 modifier beforeEvent(uint param)2 <transition-logic>3 _; //function continues here4
1 function functionName(uint param)2 ...3
![Page 21: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/21.jpg)
11/70
Runtime Points of Interest
I Control-flow triggersI before: functionName(param)
1 modifier beforeEvent(uint param)2 <transition-logic>3 _; //function continues here4
1 function functionName(uint param)2 ...3
![Page 22: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/22.jpg)
12/70
Runtime Points of Interest
I Control-flow triggersI before: functionName(param)
1 modifier beforeEvent(uint param)2 <transition-logic>3 _; //function continues here4
1 function functionName(uint param)beforeEvent(param)
2 ...3
![Page 23: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/23.jpg)
12/70
Runtime Points of Interest
I Control-flow triggersI before: functionName(param)
1 modifier beforeEvent(uint param)2 <transition-logic>3 _; //function continues here4
1 function functionName(uint param)beforeEvent(param)
2 ...3
![Page 24: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/24.jpg)
12/70
Runtime Points of Interest
I Control-flow triggersI before: functionName(param)
1 modifier beforeEvent(uint param)2 <transition-logic>3 _; //function continues here4
1 function functionName(uint param)beforeEvent(param)
2 ...3
![Page 25: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/25.jpg)
13/70
Runtime Points of Interest
I Control-flow triggersI before: functionName(param)
1 modifier beforeEvent(uint param)2 <transition-logic>3 _; //function continues here4
I after: functionName(param)
1 modifier afterEvent(uint param)2 _; //function continues here3 <transition-logic>4
![Page 26: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/26.jpg)
13/70
Runtime Points of Interest
I Control-flow triggersI before: functionName(param)
1 modifier beforeEvent(uint param)2 <transition-logic>3 _; //function continues here4
I after: functionName(param)
1 modifier afterEvent(uint param)2 _; //function continues here3 <transition-logic>4
![Page 27: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/27.jpg)
14/70
Runtime Points of Interest
I Data-flow triggersI globalVar@(condition)
, e.g. event value@(value >4) triggers upon the global variable value beingchanged and value > 4 holding.
1 uint value;23 function f()4 ...5 value++;6
![Page 28: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/28.jpg)
14/70
Runtime Points of Interest
I Data-flow triggersI globalVar@(condition), e.g. event value@(value >
4) triggers upon the global variable value beingchanged and value > 4 holding.
1 uint value;23 function f()4 ...5 value++;6
![Page 29: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/29.jpg)
14/70
Runtime Points of Interest
I Data-flow triggersI globalVar@(condition), e.g. event value@(value >
4) triggers upon the global variable value beingchanged and value > 4 holding.
1 uint value;23 function f()4 ...5 value++;6
![Page 30: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/30.jpg)
15/70
Runtime Points of Interest
I Data-flow triggersI globalVar@(condition), e.g. event value@(value >
4) triggers upon the global variable value beingchanged and value > 4 holding.
1 uint value;23 function f()4 ...5 value++;6 if(value > 4) valueChangeEvent();7 89 function valueChangeEvent()10 <transition-logic>11
![Page 31: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/31.jpg)
16/70
Dynamic Event Automata
![Page 32: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/32.jpg)
17/70
Dynamic Event Automata
DEA = 〈QQ − Explicit Monitoring States
status@(status==ContractStatus.Closed) |payment <
min(minimumItems, delivered)*costPerItem
after:addr.transfer( amount) |addr==seller &&
payment+ amount >= minimum*costPerItem;
after:deliveryMade( orderId) 7→delivered += orders[ orderId].orderSize;
after:addr.transfer( amount) |addr==seller 7→ payment += amount;
![Page 33: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/33.jpg)
18/70
Dynamic Event Automata
DEA = 〈Q,q0
q0 ∈ Q − Initial Explicit Monitoring States
start
status@(status==ContractStatus.Closed) |payment <
min(minimumItems, delivered)*costPerItem
after:addr.transfer( amount) |addr==seller &&
payment+ amount >= minimum*costPerItem;
after:deliveryMade( orderId) 7→delivered += orders[ orderId].orderSize;
after:addr.transfer( amount) |addr==seller 7→ payment += amount;
![Page 34: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/34.jpg)
19/70
Dynamic Event Automata
DEA = 〈Q,q0,B
B ⊆ Q − Bad States
start
status@(status==ContractStatus.Closed) |payment <
min(minimumItems, delivered)*costPerItem
after:addr.transfer( amount) |addr==seller &&
payment+ amount >= minimum*costPerItem;
after:deliveryMade( orderId) 7→delivered += orders[ orderId].orderSize;
after:addr.transfer( amount) |addr==seller 7→ payment += amount;
![Page 35: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/35.jpg)
20/70
Dynamic Event Automata
DEA = 〈Q,q0,B,A
A ⊆ Q − Accepting States
start
X
status@(status==ContractStatus.Closed) |payment <
min(minimumItems, delivered)*costPerItem
after:addr.transfer( amount) |addr==seller &&
payment+ amount >= minimum*costPerItem;
after:deliveryMade( orderId) 7→delivered += orders[ orderId].orderSize;
after:addr.transfer( amount) |addr==seller 7→ payment += amount;
![Page 36: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/36.jpg)
21/70
Dynamic Event Automata
DEA = 〈Q,q0,B,A, θ0
Θ - Symbolic Monitoring Statesθ0 ∈ Θ− Initial Symbolic Monitoring State
uint delivered = 0;
start
X
status@(status==ContractStatus.Closed) |payment <
min(minimumItems, delivered)*costPerItem
after:addr.transfer( amount) |addr==seller &&
payment+ amount >= minimum*costPerItem;
after:deliveryMade( orderId) 7→delivered += orders[ orderId].orderSize;
after:addr.transfer( amount) |addr==seller 7→ payment += amount;
![Page 37: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/37.jpg)
22/70
Dynamic Event AutomataDEA = 〈Q,q0,B,A, θ0, t〉Ω - Symbolic Smart Contract Statet ∈ Q × Σ× (Θ× Ω 7→ Bool)× (Θ× Ω 7→ Θ)×Q - Transitions
Condition Action
uint delivered = 0;
start
X
status@(status==ContractStatus.Closed) |payment <
min(minimumItems, delivered)*costPerItem
after:addr.transfer( amount) |addr==seller &&
payment+ amount >= minimum*costPerItem;
after:deliveryMade( orderId) 7→delivered += orders[ orderId].orderSize;
after:addr.transfer( amount)| addr==seller
7→ payment += amount;
![Page 38: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/38.jpg)
23/70
Dynamic Event AutomataDEA = 〈Q,q0,B,A, θ0, t〉Ω - Symbolic Smart Contract Statet ∈ Q × Σ× (Θ× Ω 7→ Bool)× (Θ× Ω 7→ Θ)×Q - Transitions
Condition Action
uint delivered = 0;
start
X
status@(status==ContractStatus.Closed) |payment <
min(minimumItems, delivered)*costPerItem
after:addr.transfer( amount) |addr==seller &&
payment+ amount >= minimum*costPerItem;
after:deliveryMade( orderId) 7→delivered += orders[ orderId].orderSize;
after:addr.transfer( amount) |addr==seller 7→ payment += amount;
![Page 39: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/39.jpg)
24/70
Operational Semantics
Configurations: Q ×Θ (Explicit and Symbolic MonitorState)
Transition Label: Σ× Ω (Event and Smart Contract StateSnapshot)
(q,e, c,a,q′) ∈ t c(θ, ω)
(q, θ)e,ω−−→ (q′,a(θ))
q /∈ A ∪ B
(q, θ) 6e,ω−−→
(q, θ)e,ω−−→ (q, θ)
q ∈ A ∪ B
(q, θ)e,ω−−→ (q, θ)
![Page 40: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/40.jpg)
24/70
Operational Semantics
Configurations: Q ×Θ (Explicit and Symbolic MonitorState)
Transition Label: Σ× Ω (Event and Smart Contract StateSnapshot)
(q,e, c,a,q′) ∈ t c(θ, ω)
(q, θ)e,ω−−→ (q′,a(θ))
q /∈ A ∪ B
(q, θ) 6e,ω−−→
(q, θ)e,ω−−→ (q, θ)
q ∈ A ∪ B
(q, θ)e,ω−−→ (q, θ)
![Page 41: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/41.jpg)
24/70
Operational Semantics
Configurations: Q ×Θ (Explicit and Symbolic MonitorState)
Transition Label: Σ× Ω (Event and Smart Contract StateSnapshot)
(q,e, c,a,q′) ∈ t c(θ, ω)
(q, θ)e,ω−−→ (q′,a(θ))
q /∈ A ∪ B
(q, θ) 6e,ω−−→
(q, θ)e,ω−−→ (q, θ)
q ∈ A ∪ B
(q, θ)e,ω−−→ (q, θ)
![Page 42: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/42.jpg)
24/70
Operational Semantics
Configurations: Q ×Θ (Explicit and Symbolic MonitorState)
Transition Label: Σ× Ω (Event and Smart Contract StateSnapshot)
(q,e, c,a,q′) ∈ t c(θ, ω)
(q, θ)e,ω−−→ (q′,a(θ))
q /∈ A ∪ B
(q, θ) 6e,ω−−→
(q, θ)e,ω−−→ (q, θ)
q ∈ A ∪ B
(q, θ)e,ω−−→ (q, θ)
![Page 43: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/43.jpg)
24/70
Operational Semantics
Configurations: Q ×Θ (Explicit and Symbolic MonitorState)
Transition Label: Σ× Ω (Event and Smart Contract StateSnapshot)
(q,e, c,a,q′) ∈ t c(θ, ω)
(q, θ)e,ω−−→ (q′,a(θ))
q /∈ A ∪ B
(q, θ) 6e,ω−−→
(q, θ)e,ω−−→ (q, θ)
q ∈ A ∪ B
(q, θ)e,ω−−→ (q, θ)
![Page 44: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/44.jpg)
25/70
Example Procurement ContractThe interface of a smart contract regulating procurementin Solidity.
1 contract ProcurementContract 2 enum Cont rac tSta tus Open , Closed3 Cont rac tSta tus public s ta tus ;4 mapping ( uint16 => Order ) public orders ;5 . . .67 function ProcurementContract ( uint endDate , uint pr ice , uint
minimumItems ,8 uint maximumItems ) public . . . 910 function acceptProcurementContract ( ) public . . . 1112 function placeOrder ( uint16 orderNumber , uint i temsOrdered ,13 uint t imeOfDe l i ve ry ) public . . . 1415 function del iveryMade ( uint16 orderNumber ) public byBuyer . . .
1617 function te rm ina teCont rac t ( ) public . . . 18
![Page 45: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/45.jpg)
26/70
Example Procurement Contract1. This contract is between 〈buyer-name〉, henceforth referred to as ‘the buyer’ and
〈seller-name〉, henceforth referred to as ‘the seller’. The contract will hold untileither party requests its termination.
2. The buyer is obliged to order at least 〈minimum-items〉, but no more than〈maximum-items〉 items for a fixed price 〈price〉 before the termination of thiscontract.
3. Notwithstanding clause 1, no request for termination will be accepted before〈contract-end-date〉. Furthermore, the seller may not terminate the contract aslong as there are pending orders.
4. Upon enactment of this contract, the buyer is obliged to place the cost of theminimum number of items to be ordered in escrow.
5. Upon placing an order, the buyer is obliged to ensure that there is enoughmoney in escrow to cover payment of all pending orders.
6. Upon termination of the contract, the seller is guaranteed to have receivedpayment covering the cost of the minimum number of items to be ordered unlessless than this amount is delivered, in which case the cost of the undelivereditems is not guaranteed.
7. Upon termination of the contract, any undelivered orders are automaticallycancelled, and the seller loses the right to receive payment for these orders.
Figure: A legal contract regulating a procurement process.
![Page 46: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/46.jpg)
27/70
Example Procurement Contract1. This contract is between 〈buyer-name〉, henceforth referred to as ‘the buyer’ and
〈seller-name〉, henceforth referred to as ‘the seller’. The contract will hold untileither party requests its termination.
2. The buyer is obliged to order at least 〈minimum-items〉, but no more than〈maximum-items〉 items for a fixed price 〈price〉 before the termination of thiscontract.
3. Notwithstanding clause 1, no request for termination will be accepted before〈contract-end-date〉. Furthermore, the seller may not terminate the contract aslong as there are pending orders.
4. Upon enactment of this contract, the buyer is obliged to place the cost ofthe minimum number of items to be ordered in escrow.
5. Upon placing an order, the buyer is obliged to ensure that there is enoughmoney in escrow to cover payment of all pending orders.
6. Upon termination of the contract, the seller is guaranteed to have receivedpayment covering the cost of the minimum number of items to be orderedunless less than this amount is delivered, in which case the cost of theundelivered items is not guaranteed.
7. Upon termination of the contract, any undelivered orders are automaticallycancelled, and the seller loses the right to receive payment for these orders.
Figure: A legal contract regulating a procurement process.
![Page 47: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/47.jpg)
28/70
Example Procurement Contract
Upon enactment of this contract, the buyer is obliged toplace the cost of the minimum number of items to beordered in escrow.
start
X
addr.acceptContract() |addr == buyer
msg.value < minimumItems*costPerItem
addr.acceptContract() |addr == buyer
msg.value >= minimumItems*costPerItem
![Page 48: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/48.jpg)
28/70
Example Procurement Contract
Upon enactment of this contract, the buyer is obliged toplace the cost of the minimum number of items to beordered in escrow.
start
X
addr.acceptContract() |addr == buyer
msg.value < minimumItems*costPerItem
addr.acceptContract() |addr == buyer
msg.value >= minimumItems*costPerItem
![Page 49: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/49.jpg)
29/70
Example Procurement Contract
Upon termination of the contract, the seller is guaranteedto have received payment covering the cost of theminimum number of items to be ordered, unless less thanthis amount is delivered, in which case the cost of theundelivered items is not guaranteed.
![Page 50: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/50.jpg)
30/70
Example Procurement Contract
Upon termination of the contract, the seller is guaranteedto have received payment covering the cost of theminimum number of items to be ordered, unless lessthan this amount is delivered, in which case the cost ofthe undelivered items is not guaranteed.
start
after:deliveryMade( orderId) 7→delivered += orders[ orderId].orderSize;
after:addr.transfer( amount) |addr==seller 7→ payment += amount;
![Page 51: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/51.jpg)
30/70
Example Procurement Contract
Upon termination of the contract, the seller is guaranteedto have received payment covering the cost of theminimum number of items to be ordered, unless lessthan this amount is delivered, in which case the cost ofthe undelivered items is not guaranteed.
start
after:deliveryMade( orderId) 7→delivered += orders[ orderId].orderSize;
after:addr.transfer( amount) |addr==seller 7→ payment += amount;
![Page 52: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/52.jpg)
31/70
Example Procurement Contract
Upon termination of the contract, the seller is guaranteedto have received payment covering the cost of theminimum number of items to be ordered, unless lessthan this amount is delivered, in which case the cost ofthe undelivered items is not guaranteed.
start
X
status@(status==ContractStatus.Closed) |payment <
min(minimumItems, delivered)*costPerItem
after:addr.transfer( amount) |addr==seller &&
payment+ amount >= minimum*costPerItem;
after:deliveryMade( orderId) 7→delivered += orders[ orderId].orderSize;
after:addr.transfer( amount) |addr==seller 7→ payment += amount;
![Page 53: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/53.jpg)
32/70
Handling Violation
I Finding code error at runtime is too late, givenimmutability.
I Choice 1: Re-deploy a corrected smart contract toanother address.I But bad behaviour still happened..
I We want DEAs to be a failsafe.I Choice 2: Enforce a reparation strategy.
![Page 54: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/54.jpg)
32/70
Handling Violation
I Finding code error at runtime is too late, givenimmutability.
I Choice 1: Re-deploy a corrected smart contract toanother address.
I But bad behaviour still happened..I We want DEAs to be a failsafe.I Choice 2: Enforce a reparation strategy.
![Page 55: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/55.jpg)
32/70
Handling Violation
I Finding code error at runtime is too late, givenimmutability.
I Choice 1: Re-deploy a corrected smart contract toanother address.I But bad behaviour still happened..
I We want DEAs to be a failsafe.
I Choice 2: Enforce a reparation strategy.
![Page 56: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/56.jpg)
32/70
Handling Violation
I Finding code error at runtime is too late, givenimmutability.
I Choice 1: Re-deploy a corrected smart contract toanother address.I But bad behaviour still happened..
I We want DEAs to be a failsafe.I Choice 2: Enforce a reparation strategy.
![Page 57: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/57.jpg)
33/70
Reparation Strategies - Reverting
1 violation 2 revert();3
A bad state is then never reached by any of thetransactions written to the blockchain.
![Page 58: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/58.jpg)
34/70
Yet Another DAO Bug Solution
1 function withdraw(uint _val)2 if(balance[msg.sender] >= _val)3 msg.sender.call()(_val);4 balance[msg.sender] -= _val;5 6
1 uint noOfCalls = 0;2 function () payable3 if(noOfCalls < 2)4 noOfCalls++;5 msg.sender.withdraw(50);6 7
![Page 59: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/59.jpg)
34/70
Yet Another DAO Bug Solution
1 function withdraw(uint _val)2 if(balance[msg.sender] >= _val)3 msg.sender.call()(_val);4 balance[msg.sender] -= _val;5 6
1 uint noOfCalls = 0;2 function () payable3 if(noOfCalls < 2)4 noOfCalls++;5 msg.sender.withdraw(50);6 7
![Page 60: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/60.jpg)
35/70
Yet Another DAO Bug Solution
1 function withdraw(uint _val) //_val = 502 if(balance[msg.sender] >= _val) // balance[msg.
sender] = 503 msg.sender.call()(_val);4 balance[msg.sender] -= _val;5 6
1 uint noOfCalls = 0;2 function () payable3 if(noOfCalls < 2)4 noOfCalls++;5 msg.sender.withdraw(50);6 7
![Page 61: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/61.jpg)
36/70
Yet Another DAO Bug Solution
1 function withdraw(uint _val) //_val = 502 if(balance[msg.sender] >= _val) // balance[msg.
sender] = 503 msg.sender.call()(_val);4 balance[msg.sender] -= _val;5 6
1 uint noOfCalls = 0;2 function () payable3 if(noOfCalls < 2)4 noOfCalls++;5 msg.sender.withdraw(50);6 //this.balance = msg.value + 50;7 8
![Page 62: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/62.jpg)
37/70
Yet Another DAO Bug Solution
1 function withdraw(uint _val)2 if(balance[msg.sender] >= _val)3 msg.sender.call()(_val);4 balance[msg.sender] -= _val;5 6
start
X
after: withdraw( vall)
before: withdraw( val)balance := this.balance
after: withdraw( val) |this.balance != balance - val
after: withdraw( val) |this.balance == balance - val
![Page 63: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/63.jpg)
38/70
Yet Another DAO Bug Solution
1 function withdraw(uint _val)2 if(balance[msg.sender] >= _val)3 msg.sender.call()(_val);4 balance[msg.sender] -= _val;5 6
Program state: this.balance = 60;
Monitor state: balance = 0; val = 0
start
X
after: withdraw( vall)
before: withdraw( val)balance := this.balance
after: withdraw( val) |this.balance != balance - val
after: withdraw( val) |this.balance == balance - val
![Page 64: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/64.jpg)
39/70
Yet Another DAO Bug Solution
1 function withdraw(uint val)2 if(balance[msg.sender] >= _val)3 msg.sender.call()(_val);4 balance[msg.sender] -= _val;5 6
Program state: this.balance = 60; Event: withdraw(20)
Monitor state: balance = 60; val = 20
start
X
after: withdraw( vall)
before: withdraw( val)balance := this.balance
after: withdraw( val) |this.balance != balance - val
after: withdraw( val) |this.balance == balance - val
![Page 65: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/65.jpg)
40/70
Yet Another DAO Bug Solution
1 function withdraw(uint _val)2 if(balance[msg.sender] >= val)3 msg.sender.call()(_val);4 balance[msg.sender] -= _val;5 6
Program state: this.balance = 60;
Monitor state: balance = 60; val = 20;
start
X
after: withdraw( vall)
before: withdraw( val)balance := this.balance
after: withdraw( val) |this.balance != balance - val
after: withdraw( val) |this.balance == balance - val
![Page 66: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/66.jpg)
41/70
Yet Another DAO Bug Solution
1 function withdraw(uint _val)2 if(balance[msg.sender] >= _val)3 msg.sender.call()( val);4 balance[msg.sender] -= _val;5 6
Program state: this.balance = 60;
Monitor state: balance = 60; val = 20;
start
X
after: withdraw( vall)
before: withdraw( val)balance := this.balance
after: withdraw( val) |this.balance != balance - val
after: withdraw( val) |this.balance == balance - val
![Page 67: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/67.jpg)
42/70
Yet Another DAO Bug Solution
1 function withdraw(uint val)2 if(balance[msg.sender] >= _val)3 msg.sender.call()(_val);4 balance[msg.sender] -= _val;5 6
Program state: this.balance = 60; Event: withdraw(50)
Monitor state: balance = 60; val = 20;
start
X
after: withdraw( vall)
before: withdraw( val)balance := this.balance
after: withdraw( val) |this.balance != balance - val
after: withdraw( val) |this.balance == balance - val
![Page 68: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/68.jpg)
43/70
Yet Another DAO Bug Solution
1 function withdraw(uint \_val)2 if(balance[msg.sender] >= _val)3 msg.sender.call()( val);4 balance[msg.sender] -= _val;5 6
Program state: this.balance = 60;
Monitor state: balance = 60; val = 20;
start
X
after: withdraw( vall)
before: withdraw( val)balance := this.balance
after: withdraw( val) |this.balance != balance - val
after: withdraw( val) |this.balance == balance - val
![Page 69: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/69.jpg)
44/70
Yet Another DAO Bug Solution
1 function withdraw(uint \_val)2 if(balance[msg.sender] >= _val)3 msg.sender.call()(_val);4 balance[msg.sender] -= val;5 6
Program state: this.balance = 40;
Monitor state: balance = 60; val = 20;
start
X
after: withdraw( vall)
before: withdraw( val)balance := this.balance
after: withdraw( val) |this.balance != balance - val
after: withdraw( val) |this.balance == balance - val
![Page 70: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/70.jpg)
45/70
Yet Another DAO Bug Solution
1 function withdraw(uint \_val)2 if(balance[msg.sender] >= _val)3 msg.sender.call()(_val);4 balance[msg.sender] -= val;5 6
Program state: this.balance = 40;
Monitor state: balance = 60; val = 20;
start
X
after: withdraw( vall)
before: withdraw( val)balance := this.balance
after: withdraw( val) |this.balance != balance - val
after: withdraw( val) |this.balance == balance - val
![Page 71: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/71.jpg)
46/70
Reparation Strategies - Legal ContractReparations
Upon a violation by the seller, the funds in escrow arereleased to the buyer:
1 violation 2 selfdestruct(partyB);3
We can do this also for accepting states, e.g. distributing the escrow funds to both the
buyer and seller.
![Page 72: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/72.jpg)
47/70
Handling Violation
I Finding code error at runtime is too late, givenimmutability.
I Choice 1: Re-deploy a corrected smart contract toanother address.I But bad behaviour still happened..
I We want DEAs to be a failsafe.I Choice 2: Enforce a reparation strategy.
I But code errors should ideally be repaired..I Choice 3: Allow mutability.
![Page 73: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/73.jpg)
47/70
Handling Violation
I Finding code error at runtime is too late, givenimmutability.
I Choice 1: Re-deploy a corrected smart contract toanother address.
I But bad behaviour still happened..I We want DEAs to be a failsafe.I Choice 2: Enforce a reparation strategy.
I But code errors should ideally be repaired..I Choice 3: Allow mutability.
![Page 74: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/74.jpg)
47/70
Handling Violation
I Finding code error at runtime is too late, givenimmutability.
I Choice 1: Re-deploy a corrected smart contract toanother address.I But bad behaviour still happened..
I We want DEAs to be a failsafe.
I Choice 2: Enforce a reparation strategy.I But code errors should ideally be repaired..
I Choice 3: Allow mutability.
![Page 75: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/75.jpg)
47/70
Handling Violation
I Finding code error at runtime is too late, givenimmutability.
I Choice 1: Re-deploy a corrected smart contract toanother address.I But bad behaviour still happened..
I We want DEAs to be a failsafe.I Choice 2: Enforce a reparation strategy.
I But code errors should ideally be repaired..I Choice 3: Allow mutability.
![Page 76: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/76.jpg)
47/70
Handling Violation
I Finding code error at runtime is too late, givenimmutability.
I Choice 1: Re-deploy a corrected smart contract toanother address.I But bad behaviour still happened..
I We want DEAs to be a failsafe.I Choice 2: Enforce a reparation strategy.
I But code errors should ideally be repaired..I Choice 3: Allow mutability.
![Page 77: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/77.jpg)
48/70
Safely Mutable Smart Contracts
![Page 78: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/78.jpg)
49/70
Mutable Smart Contracts
I The community has found a way around immutability..
![Page 79: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/79.jpg)
50/70
Hub-Spoke / Proxy Pattern
v1
![Page 80: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/80.jpg)
51/70
Hub-Spoke / Proxy Pattern
msg v1
Proxymsg
![Page 81: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/81.jpg)
52/70
Hub-Spoke / Proxy Pattern
msg v1
Proxymsg
v2
![Page 82: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/82.jpg)
53/70
Hub-Spoke / Proxy Pattern
v1
Proxymsg
v2
![Page 83: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/83.jpg)
54/70
Hub-Spoke / Proxy Pattern
msgv1
Proxymsg
v2
![Page 84: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/84.jpg)
55/70
Hub-Spoke / Proxy Pattern
msgProxy
msg
v2
![Page 85: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/85.jpg)
56/70
Secured Hub-Spoke / Proxy Pattern
Monitor
msgProxy
msg
v2
![Page 86: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/86.jpg)
57/70
Advantages and Disadvantages
I AdvantagesI Keeping the same address.
I Misbehaviour can be dealt with by disconnection.I Maintainability.I Certification.
I Disadvantages + LimitationsI Extra gas to deploy interface/proxy.I Extra gas for each transaction.I Only safety properties.
![Page 87: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/87.jpg)
57/70
Advantages and Disadvantages
I AdvantagesI Keeping the same address.I Misbehaviour can be dealt with by disconnection.
I Maintainability.I Certification.
I Disadvantages + LimitationsI Extra gas to deploy interface/proxy.I Extra gas for each transaction.I Only safety properties.
![Page 88: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/88.jpg)
57/70
Advantages and Disadvantages
I AdvantagesI Keeping the same address.I Misbehaviour can be dealt with by disconnection.I Maintainability.
I Certification.I Disadvantages + Limitations
I Extra gas to deploy interface/proxy.I Extra gas for each transaction.I Only safety properties.
![Page 89: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/89.jpg)
57/70
Advantages and Disadvantages
I AdvantagesI Keeping the same address.I Misbehaviour can be dealt with by disconnection.I Maintainability.I Certification.
I Disadvantages + LimitationsI Extra gas to deploy interface/proxy.I Extra gas for each transaction.I Only safety properties.
![Page 90: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/90.jpg)
57/70
Advantages and Disadvantages
I AdvantagesI Keeping the same address.I Misbehaviour can be dealt with by disconnection.I Maintainability.I Certification.
I Disadvantages + LimitationsI Extra gas to deploy interface/proxy.I Extra gas for each transaction.I Only safety properties.
![Page 91: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/91.jpg)
57/70
Advantages and Disadvantages
I AdvantagesI Keeping the same address.I Misbehaviour can be dealt with by disconnection.I Maintainability.I Certification.
I Disadvantages + LimitationsI Extra gas to deploy interface/proxy.
I Extra gas for each transaction.I Only safety properties.
![Page 92: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/92.jpg)
57/70
Advantages and Disadvantages
I AdvantagesI Keeping the same address.I Misbehaviour can be dealt with by disconnection.I Maintainability.I Certification.
I Disadvantages + LimitationsI Extra gas to deploy interface/proxy.I Extra gas for each transaction.
I Only safety properties.
![Page 93: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/93.jpg)
57/70
Advantages and Disadvantages
I AdvantagesI Keeping the same address.I Misbehaviour can be dealt with by disconnection.I Maintainability.I Certification.
I Disadvantages + LimitationsI Extra gas to deploy interface/proxy.I Extra gas for each transaction.I Only safety properties.
![Page 94: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/94.jpg)
58/70
Case Study - ERC20 Token Standard
I Used by more than 100,000 smart contractsI Many other similar token standards, where our
approach is applicable with a few modifications.
![Page 95: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/95.jpg)
59/70
Case Study - ERC20 Interface
1 in ter face ERC20 2 function t o t a lSupp l y ( ) public constant returns ( uint ) ;34 function balanceOf ( address tokenOwner ) public constant returns
( uint balance ) ;56 function al lowance ( address tokenOwner , address spender ) public
constant returns ( uint remaining ) ;78 function t r a n s f e r ( address to , uint tokens ) public returns (
bool success ) ;910 function approve ( address spender , uint tokens ) public returns
( bool success ) ;1112 function t ransferFrom ( address from , address to , uint tokens )
public returns ( bool success ) ;13
![Page 96: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/96.jpg)
60/70
Case Study - ERC20 - AddingMutability/Maintainability
1 ERC20 implementation;23 function totalSupply() constant returns (uint)4 return implementation.totalSupply();5
1 address owner;23 function updateImplementation(address
newImplementation) public 4 require(msg.sender == owner);5 implementation = ERC20(newImplementation);6
![Page 97: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/97.jpg)
60/70
Case Study - ERC20 - AddingMutability/Maintainability
1 ERC20 implementation;23 function totalSupply() constant returns (uint)4 return implementation.totalSupply();5
1 address owner;23 function updateImplementation(address
newImplementation) public 4 require(msg.sender == owner);5 implementation = ERC20(newImplementation);6
![Page 98: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/98.jpg)
61/70
Case Study - ERC20 - Securing Versioningwith DEAs
start
before: transfer(to, tokens) 7→preFrom = balanceOf(msg.sender);preTo = balanceOf(to);
after: transfer(to, tokens) |preFrom >= tokens &&
(balanceOf(msg.sender)!= preFrom - tokens ||
balanceOf(to) != preTo - tokens)
after: transfer(to, tokens) | *
after: transfer(to, tokens) |preFrom < tokens &&
(balanceOf(msg.sender) != preFrom ||balanceOf(to) != preTo)
Calling transfer (i) moves the amount requested if there are enough funds; but (ii)has no effect otherwise.
Assume balanceOf(1) == 0 and that 0.transfer(1, val) means address 0 transfers valto 1, then:
I 0.transfer(1, 100); 1.transfer(2, 101); is violatingI 0.transfer(1, 100); 1.transfer(2, 100); is satisfying
(This property and the transferFrom property are vulnerable to re-entrancy, and thusre-entrancy to transfer and transferFrom must be disallowed at the middle state.This can be avoided if we match a function before and after to the same function call.)
![Page 99: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/99.jpg)
61/70
Case Study - ERC20 - Securing Versioningwith DEAs
start
before: transfer(to, tokens) 7→preFrom = balanceOf(msg.sender);preTo = balanceOf(to);
after: transfer(to, tokens) |preFrom >= tokens &&
(balanceOf(msg.sender)!= preFrom - tokens ||
balanceOf(to) != preTo - tokens)
after: transfer(to, tokens) | *
after: transfer(to, tokens) |preFrom < tokens &&
(balanceOf(msg.sender) != preFrom ||balanceOf(to) != preTo)
Calling transfer (i) moves the amount requested if there are enough funds; but (ii)has no effect otherwise.Assume balanceOf(1) == 0 and that 0.transfer(1, val) means address 0 transfers valto 1, then:
I 0.transfer(1, 100); 1.transfer(2, 101); is violatingI 0.transfer(1, 100); 1.transfer(2, 100); is satisfying
(This property and the transferFrom property are vulnerable to re-entrancy, and thusre-entrancy to transfer and transferFrom must be disallowed at the middle state.This can be avoided if we match a function before and after to the same function call.)
![Page 100: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/100.jpg)
61/70
Case Study - ERC20 - Securing Versioningwith DEAs
start
before: transfer(to, tokens) 7→preFrom = balanceOf(msg.sender);preTo = balanceOf(to);
after: transfer(to, tokens) |preFrom >= tokens &&
(balanceOf(msg.sender)!= preFrom - tokens ||
balanceOf(to) != preTo - tokens)
after: transfer(to, tokens) | *
after: transfer(to, tokens) |preFrom < tokens &&
(balanceOf(msg.sender) != preFrom ||balanceOf(to) != preTo)
Calling transfer (i) moves the amount requested if there are enough funds; but (ii)has no effect otherwise.Assume balanceOf(1) == 0 and that 0.transfer(1, val) means address 0 transfers valto 1, then:
I 0.transfer(1, 100); 1.transfer(2, 101); is violating
I 0.transfer(1, 100); 1.transfer(2, 100); is satisfying
(This property and the transferFrom property are vulnerable to re-entrancy, and thusre-entrancy to transfer and transferFrom must be disallowed at the middle state.This can be avoided if we match a function before and after to the same function call.)
![Page 101: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/101.jpg)
61/70
Case Study - ERC20 - Securing Versioningwith DEAs
start
before: transfer(to, tokens) 7→preFrom = balanceOf(msg.sender);preTo = balanceOf(to);
after: transfer(to, tokens) |preFrom >= tokens &&
(balanceOf(msg.sender)!= preFrom - tokens ||
balanceOf(to) != preTo - tokens)
after: transfer(to, tokens) | *
after: transfer(to, tokens) |preFrom < tokens &&
(balanceOf(msg.sender) != preFrom ||balanceOf(to) != preTo)
Calling transfer (i) moves the amount requested if there are enough funds; but (ii)has no effect otherwise.Assume balanceOf(1) == 0 and that 0.transfer(1, val) means address 0 transfers valto 1, then:
I 0.transfer(1, 100); 1.transfer(2, 101); is violatingI 0.transfer(1, 100); 1.transfer(2, 100); is satisfying
(This property and the transferFrom property are vulnerable to re-entrancy, and thusre-entrancy to transfer and transferFrom must be disallowed at the middle state.This can be avoided if we match a function before and after to the same function call.)
![Page 102: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/102.jpg)
62/70
Case Study - ERC20 - Securing Versioningwith DEAs
start
before: approve(spender, tokens)
after: approve(spender, tokens) |allowance(msg.sender, spender) != tokens
after: approve(spender, tokens) |allowance(msg.sender, spender) == tokens
Calling approve changes the allowance to the specified amount.
![Page 103: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/103.jpg)
63/70
Case Study - ERC20 - Securing Versioningwith DEAs
start
before:transferFrom(from, to, tokens) 7→
preFrom = balanceOf(from);preTo = balanceOf(to);preAllowance = allowance(msg.sender, from);
after: transferFrom(from, to, tokens) |(preFrom >= tokens &&preAllowance >= tokens) &&
(balanceOf(from) != preFrom - tokens ||balanceOf(to) != preTo - tokens ||allowance(msg.sender, from)
!= preAllowance - tokens))
after: transferFrom(from, to, tokens) | *
after: transferFrom(from, to, tokens) |(preFrom < tokens ||
preAllowance < tokens) &&(balanceOf(from) != preFrom ||balanceOf(to) != preTo ||allowance(msg.sender, from) != preAllowance))
Calling the transferFrom (i) moves the amount requested and reduces theallowance if there are enough funds and the caller has enough of an allowance; but (ii)has no effect otherwise.Assume balanceOf(1) == 0 and that 0.transfer(1, val) means address 0 transfers valto 1, then:
I 0.approve(1, 100); 1.transferFrom(0, 1, 50); is satisfyingI but 0.approve(1, 100); 1.transferFrom(0, 1, 50); 1.transferFrom(0, 1, 51); is
violating
![Page 104: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/104.jpg)
63/70
Case Study - ERC20 - Securing Versioningwith DEAs
start
before:transferFrom(from, to, tokens) 7→
preFrom = balanceOf(from);preTo = balanceOf(to);preAllowance = allowance(msg.sender, from);
after: transferFrom(from, to, tokens) |(preFrom >= tokens &&preAllowance >= tokens) &&
(balanceOf(from) != preFrom - tokens ||balanceOf(to) != preTo - tokens ||allowance(msg.sender, from)
!= preAllowance - tokens))
after: transferFrom(from, to, tokens) | *
after: transferFrom(from, to, tokens) |(preFrom < tokens ||
preAllowance < tokens) &&(balanceOf(from) != preFrom ||balanceOf(to) != preTo ||allowance(msg.sender, from) != preAllowance))
Calling the transferFrom (i) moves the amount requested and reduces theallowance if there are enough funds and the caller has enough of an allowance; but (ii)has no effect otherwise.Assume balanceOf(1) == 0 and that 0.transfer(1, val) means address 0 transfers valto 1, then:
I 0.approve(1, 100); 1.transferFrom(0, 1, 50); is satisfying
I but 0.approve(1, 100); 1.transferFrom(0, 1, 50); 1.transferFrom(0, 1, 51); isviolating
![Page 105: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/105.jpg)
63/70
Case Study - ERC20 - Securing Versioningwith DEAs
start
before:transferFrom(from, to, tokens) 7→
preFrom = balanceOf(from);preTo = balanceOf(to);preAllowance = allowance(msg.sender, from);
after: transferFrom(from, to, tokens) |(preFrom >= tokens &&preAllowance >= tokens) &&
(balanceOf(from) != preFrom - tokens ||balanceOf(to) != preTo - tokens ||allowance(msg.sender, from)
!= preAllowance - tokens))
after: transferFrom(from, to, tokens) | *
after: transferFrom(from, to, tokens) |(preFrom < tokens ||
preAllowance < tokens) &&(balanceOf(from) != preFrom ||balanceOf(to) != preTo ||allowance(msg.sender, from) != preAllowance))
Calling the transferFrom (i) moves the amount requested and reduces theallowance if there are enough funds and the caller has enough of an allowance; but (ii)has no effect otherwise.Assume balanceOf(1) == 0 and that 0.transfer(1, val) means address 0 transfers valto 1, then:
I 0.approve(1, 100); 1.transferFrom(0, 1, 50); is satisfyingI but 0.approve(1, 100); 1.transferFrom(0, 1, 50); 1.transferFrom(0, 1, 51); is
violating
![Page 106: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/106.jpg)
64/70
Measuring Overheads
Overheads when adding Overheads when adding Totalonly versioning behavioural contracts
Transactions Gas Units Percentage Gas Units Percentage Gas Units PercentageSetting up 1711984 65.11% 973794 37.03% 2685778 102.14%totalSupply 4186 18.24% 734 3.2% 4920 21.44%balanceOf 4494 18.71% 734 3.06% 5228 21.77%allowance 4678 18.00% 756 2.91% 5434 20.91%transferFrom 5324 5.78% 93320 101.34% 98644 107.12%transfer 35362 71.47% 76152 153.92% 111514 225.39%approve 5668 8.39% 43462 64.31% 49130 72.70%
![Page 107: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/107.jpg)
65/70
Issues with Storage State
I Behavioural contracts only check/control behaviour atthe start and end of function call.
I Owner of implementation can still change the state inbetween function calls.
I Solutions1 Keep storage in separate smart contract, only
allowing it to be called as part of a function call fromthe proxy.
2 Keep track of state using DEAs.
![Page 108: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/108.jpg)
65/70
Issues with Storage State
I Behavioural contracts only check/control behaviour atthe start and end of function call.
I Owner of implementation can still change the state inbetween function calls.
I Solutions1 Keep storage in separate smart contract, only
allowing it to be called as part of a function call fromthe proxy.
2 Keep track of state using DEAs.
![Page 109: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/109.jpg)
65/70
Issues with Storage State
I Behavioural contracts only check/control behaviour atthe start and end of function call.
I Owner of implementation can still change the state inbetween function calls.
I Solutions1 Keep storage in separate smart contract, only
allowing it to be called as part of a function call fromthe proxy.
2 Keep track of state using DEAs.
![Page 110: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/110.jpg)
65/70
Issues with Storage State
I Behavioural contracts only check/control behaviour atthe start and end of function call.
I Owner of implementation can still change the state inbetween function calls.
I Solutions1 Keep storage in separate smart contract, only
allowing it to be called as part of a function call fromthe proxy.
2 Keep track of state using DEAs.
![Page 111: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/111.jpg)
66/70
Open Challenges
![Page 112: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/112.jpg)
67/70
Failure
I It would be interesting to write properties about eventfailures
I e.g. if I have a (legal) permission to perform an actionthen the action failing (because of another party)means by permission has been violated.
I We are experimenting with this, and developed adeontic logic that handles these failed attempts at anaction (see paper in Jurix 2018).
![Page 113: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/113.jpg)
67/70
Failure
I It would be interesting to write properties about eventfailures
I e.g. if I have a (legal) permission to perform an actionthen the action failing (because of another party)means by permission has been violated.
I We are experimenting with this, and developed adeontic logic that handles these failed attempts at anaction (see paper in Jurix 2018).
![Page 114: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/114.jpg)
68/70
Overheads
I Overheads are substantial proportionally withmonitoring..
I Low cost of gas makes monitoring viable, but thevalue of ether can be variable.
I Possible solution: Combining static analysis to proveas much as possible of a property beforeinstrumentation.
![Page 115: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/115.jpg)
68/70
Overheads
I Overheads are substantial proportionally withmonitoring..
I Low cost of gas makes monitoring viable, but thevalue of ether can be variable.
I Possible solution: Combining static analysis to proveas much as possible of a property beforeinstrumentation.
![Page 116: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/116.jpg)
68/70
Overheads
I Overheads are substantial proportionally withmonitoring..
I Low cost of gas makes monitoring viable, but thevalue of ether can be variable.
I Possible solution: Combining static analysis to proveas much as possible of a property beforeinstrumentation.
![Page 117: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/117.jpg)
69/70
Monitorability and Observability
I Variable change events can be hidden by delegatecalls.
I CONTRACTLARVA instruments one smart contract,but we may interested in observing the behaviour ofothers.
1 We can create a monitor smart contract that receivesevents from multiple smart contracts
2 Add analysis to EVM execution, allowing a block to bewritten only if it respects a certain property.
![Page 118: Monitoring Smart Contracts: ContractLarva and Open ......1/70 Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond Shaun Azzopardi, Joshua Ellul, Gordon J. Pace Department](https://reader033.fdocuments.net/reader033/viewer/2022050404/5f81e02eb360241e1f620440/html5/thumbnails/118.jpg)
70/70
Conclusions
I We have presented CONTRACTLARVA, a tool formonitoring smart contracts on the Ethereumblockchain.
I www.github.com/gordonpace/contractlarva
I Allows us to verify program properties, andorchestrate user behaviour.
I Future Work: Applications to IoT, observing failure,parametrized monitors (too expensive?), monitorsover different smart contracts, and combinations withstatic analysis.