Specification is Law: Safe Creation and Upgrade of Ethereum Smart Contracts

TL;DR

This paper proposes a formal framework that enforces contract specifications for creating and upgrading Ethereum smart contracts, enhancing security and reliability beyond the traditional immutable 'code is law' approach.

Contribution

It introduces a systematic framework combining formal verification and upgrade mechanisms, centered on a trusted deployer, to enforce specifications for smart contract creation and upgrades.

Findings

Prototype implementation demonstrates practical applicability.

Framework successfully enforces specifications for ERC20 and ERC1155 standards.

Promising results indicate improved security and flexibility.

Abstract

Smart contracts are the building blocks of the "code is law" paradigm: the smart contract's code indisputably describes how its assets are to be managed - once it is created, its code is typically immutable. Faulty smart contracts present the most significant evidence against the practicality of this paradigm; they are well-documented and resulted in assets worth vast sums of money being compromised. To address this issue, the Ethereum community proposed (i) tools and processes to audit/analyse smart contracts, and (ii) design patterns implementing a mechanism to make contract code mutable. Individually, (i) and (ii) only partially address the challenges raised by the "code is law" paradigm. In this paper, we combine elements from (i) and (ii) to create a systematic framework that moves away from "code is law" and gives rise to a new "specification is law" paradigm. It allows contracts to be created and upgraded but only if they meet a corresponding formal specification. The framework is centered around \emph{a trusted deployer}: an off-chain service that formally verifies and enforces this notion of conformance. We have prototyped this framework, and investigated its applicability to contracts implementing two widely used Ethereum standards: the ERC20 Token Standard and ERC1155 Multi Token Standard, with promising results.