Typing Fallback Functions: A Semantic Approach to Type Safe Smart Contracts

TL;DR

This paper introduces a semantic typing framework for smart contracts that ensures type safety of fallback functions through proof-carrying code, enhancing security and correctness in blockchain environments.

Contribution

It presents a novel semantic typing approach for fallback functions in smart contracts, enabling formal proofs of type safety and security properties like non-interference.

Findings

Semantic typing ensures type safety of fallback functions.

Proof-carrying code approach fits blockchain's immutable nature.

Successfully rejects a known security attack on smart contracts.

Abstract

This paper develops semantic typing in a smart-contract setting to ensure type safety of code that uses statically untypable language constructs, such as the fallback function. The idea is that the creator of a contract on the blockchain equips code containing such constructs with a formal proof of its type safety, given in terms of the semantics of types. Then, a user of the contract only needs to check the validity of the provided 'proof certificate' of type safety. This is a form of proof-carrying code, which naturally fits with the immutable nature of the blockchain environment. As a concrete application of our approach, we focus on ensuring information flow control and non-interference for TinySol, a distilled version of the Solidity language, through security types. We provide the semantics of types in terms of a typed operational semantics of TinySol and we express the proofs of safety as coinductively-defined typing interpretations, which can be represented compactly via up-to techniques, similar to those used for bisimilarity. We also show how our machinery can be used to type the typical pointer-to-implementation pattern based on the fallback function and to reject a distilled version of the infamous Parity Multisig Wallet Attack.