-
Pre-deployment Analysis of Smart Contracts -- A Survey
Authors:
Sundas Munir,
Walid Taha
Abstract:
Smart contracts are programs that execute transactions involving independent parties and cryptocurrencies. As programs, smart contracts are susceptible to a wide range of errors and vulnerabilities. Such vulnerabilities can result in significant losses. Furthermore, by design, smart contract transactions are irreversible. This creates a need for methods to ensure the correctness and security of co…
▽ More
Smart contracts are programs that execute transactions involving independent parties and cryptocurrencies. As programs, smart contracts are susceptible to a wide range of errors and vulnerabilities. Such vulnerabilities can result in significant losses. Furthermore, by design, smart contract transactions are irreversible. This creates a need for methods to ensure the correctness and security of contracts pre-deployment. Recently there has been substantial research into such methods. The sheer volume of this research makes articulating state-of-the-art a substantial undertaking. To address this challenge, we present a systematic review of the literature. A key feature of our presentation is to factor out the relationship between vulnerabilities and methods through properties. Specifically, we enumerate and classify smart contract vulnerabilities and methods by the properties they address. The methods considered include static analysis as well as dynamic analysis methods and machine learning algorithms that analyze smart contracts before deployment. Several patterns about the strengths of different methods emerge through this classification process.
△ Less
Submitted 30 June, 2023; v1 submitted 15 January, 2023;
originally announced January 2023.
-
Safe & Robust Reachability Analysis of Hybrid Systems
Authors:
Eugenio Moggi,
Amin Farjudian,
Adam Duracz,
Walid Taha
Abstract:
Hybrid systems - more precisely, their mathematical models - can exhibit behaviors, like Zeno behaviors, that are absent in purely discrete or purely continuous systems. First, we observe that, in this context, the usual definition of reachability - namely, the reflexive and transitive closure of a transition relation - can be unsafe, ie, it may compute a proper subset of the set of states reachab…
▽ More
Hybrid systems - more precisely, their mathematical models - can exhibit behaviors, like Zeno behaviors, that are absent in purely discrete or purely continuous systems. First, we observe that, in this context, the usual definition of reachability - namely, the reflexive and transitive closure of a transition relation - can be unsafe, ie, it may compute a proper subset of the set of states reachable in finite time from a set of initial states. Therefore, we propose safe reachability, which always computes a superset of the set of reachable states. Second, in safety analysis of hybrid and continuous systems, it is important to ensure that a reachability analysis is also robust wrt small perturbations to the set of initial states and to the system itself, since discrepancies between a system and its mathematical models are unavoidable. We show that, under certain conditions, the best Scott continuous approximation of an analysis A is also its best robust approximation. Finally, we exemplify the gap between the set of reachable states and the supersets computed by safe reachability and its best robust approximation.
△ Less
Submitted 17 September, 2017;
originally announced September 2017.
-
Compile-Time Extensions to Hybrid ODEs
Authors:
Yingfu Zeng,
Ferenc Bartha,
Walid Taha
Abstract:
Reachability analysis for hybrid systems is an active area of development and has resulted in many promising prototype tools. Most of these tools allow users to express hybrid system as automata with a set of ordinary differential equations (ODEs) associated with each state, as well as rules for transitions between states. Significant effort goes into developing and verifying and correctly impleme…
▽ More
Reachability analysis for hybrid systems is an active area of development and has resulted in many promising prototype tools. Most of these tools allow users to express hybrid system as automata with a set of ordinary differential equations (ODEs) associated with each state, as well as rules for transitions between states. Significant effort goes into developing and verifying and correctly implementing those tools. As such, it is desirable to expand the scope of applicability tools of such as far as possible. With this goal, we show how compile-time transformations can be used to extend the basic hybrid ODE formalism traditionally supported in hybrid reachability tools such as SpaceEx or Flow*. The extension supports certain types of partial derivatives and equational constraints. These extensions allow users to express, among other things, the Euler-Lagrangian equation, and to capture practically relevant constraints that arise naturally in mechanical systems. Achieving this level of expressiveness requires using a binding time-analysis (BTA), program differentiation, symbolic Gaussian elimination, and abstract interpretation using interval analysis. Except for BTA, the other components are either readily available or can be easily added to most reachability tools. The paper therefore focuses on presenting both the declarative and algorithmic specifications for the BTA phase, and establishes the soundness of the algorithmic specifications with respect to the declarative one.
△ Less
Submitted 10 April, 2017;
originally announced April 2017.
-
Modeling Basic Aspects of Cyber-Physical Systems, Part II
Authors:
Yingfu Zeng,
Chad Rose,
Paul Brauner,
Walid Taha,
Jawad Masood,
Roland Philippsen,
Marcia O. Malley,
Robert Cartwright
Abstract:
We continue to consider the question of what language features are needed to effectively model cyber-physical systems (CPS). In previous work, we proposed using a core language as a way to study this question, and showed how several basic aspects of CPS can be modeled clearly in a language with a small set of constructs. This paper reports on the result of our analysis of two, more complex, case s…
▽ More
We continue to consider the question of what language features are needed to effectively model cyber-physical systems (CPS). In previous work, we proposed using a core language as a way to study this question, and showed how several basic aspects of CPS can be modeled clearly in a language with a small set of constructs. This paper reports on the result of our analysis of two, more complex, case studies from the domain of rigid body dynamics. The first one, a quadcopter, illustrates that previously proposed core language can support larger, more interesting systems than previously shown. The second one, a serial robot, provides a concrete example of why we should add language support for static partial derivatives, namely that it would significantly improve the way models of rigid body dynamics can be expressed.
△ Less
Submitted 5 August, 2014;
originally announced August 2014.
-
Modeling Basic Aspects of Cyber-Physical Systems
Authors:
Walid Taha,
Roland Philippsen
Abstract:
Designing novel cyber-physical systems entails significant, costly physical experimentation. Simulation tools can enable the virtualization of experiments. Unfortunately, current tools have shortcomings that limit their utility for virtual experimentation. Language research can be especially helpful in addressing many of these problems. As a first step in this direction, we consider the question o…
▽ More
Designing novel cyber-physical systems entails significant, costly physical experimentation. Simulation tools can enable the virtualization of experiments. Unfortunately, current tools have shortcomings that limit their utility for virtual experimentation. Language research can be especially helpful in addressing many of these problems. As a first step in this direction, we consider the question of determining what language features are needed to model cyber-physical systems. Using a series of elementary examples of cyber-physical systems, we reflect on the extent to which a small, experimental domain-specific formalism called Acumen suffices for this purpose.
△ Less
Submitted 12 March, 2013;
originally announced March 2013.
-
Accurate Programming: Thinking about programs in terms of properties
Authors:
Walid Taha,
Veronica Gaspes,
Rex Page
Abstract:
Accurate programming is a practical approach to producing high quality programs. It combines ideas from test-automation, test-driven development, agile programming, and other state of the art software development methods. In addition to building on approaches that have proven effective in practice, it emphasizes concepts that help programmers sharpen their understanding of both the problems they…
▽ More
Accurate programming is a practical approach to producing high quality programs. It combines ideas from test-automation, test-driven development, agile programming, and other state of the art software development methods. In addition to building on approaches that have proven effective in practice, it emphasizes concepts that help programmers sharpen their understanding of both the problems they are solving and the solutions they come up with. This is achieved by encouraging programmers to think about programs in terms of properties.
△ Less
Submitted 4 September, 2011;
originally announced September 2011.