TL;DR
This paper develops a formal, executable semantics for Ethereum's EVM bytecode in F*, enabling rigorous security analysis of smart contracts and identifying flaws in existing verification tools.
Contribution
It introduces the first complete small-step semantics of EVM bytecode in F*, formalizes key security properties, and highlights issues in current semantics and tools.
Findings
Validated semantics against Ethereum test suite
Formalized security properties like call integrity and atomicity
Discovered errors in existing verification tools
Abstract
Smart contracts are programs running on cryptocurrency (e.g., Ethereum) blockchains, whose popularity stem from the possibility to perform financial transactions, such as payments and auctions, in a distributed environment without need for any trusted third party. Given their financial nature, bugs or vulnerabilities in these programs may lead to catastrophic consequences, as witnessed by recent attacks. Unfortunately, programming smart contracts is a delicate task that requires strong expertise: Ethereum smart contracts are written in Solidity, a dedicated language resembling JavaScript, and shipped over the blockchain in the EVM bytecode format. In order to rigorously verify the security of smart contracts, it is of paramount importance to formalize their semantics as well as the security properties of interest, in particular at the level of the bytecode being executed. In this…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
