Finding smart contract vulnerabilities with ConCert's property-based testing framework
AI-generated Key Points
- The paper presents an approach to testing and verifying smart contracts using the ConCert Coq framework.
- The authors provide three case studies of vulnerabilities in smart contracts that could have led to millions of dollars stolen or frozen.
- Property-based testing would have found these vulnerabilities and also discovered new bugs.
- The approach is not limited to specific examples but can be applied more broadly to real-world contracts, including reference implementations of popular token standards like ERC-20 and FA2 Token Standards used across multiple blockchains.
- By combining auditing, testing, and verification techniques, they provide a toolchain for producing executable code for smart contracts that are tested and verified.
- The ConCert framework provides a general executable model/specification of smart contract execution in the Coq proof assistant.
- ConCert contracts can be used to generate verified smart contracts in Tezos' LIGO and Concordium's Rust language.
- Formal verification and property-based testing of smart contracts is starting to be recognized by the industry as important for improving security in blockchain technology.
Authors: Mikkel Milo, Eske Hoy Nielsen, Danil Annenkov, Bas Spitters
Abstract: We provide three detailed case studies of vulnerabilities in smart contracts, and show how property-based testing would have found them: 1. the Dexter1 token exchange; 2. the iToken; 3. the ICO of Brave's BAT token. The last example is, in fact, new, and was missed in the auditing process. We have implemented this testing in ConCert, a general executable model/specification of smart contract execution in the Coq proof assistant. ConCert contracts can be used to generate verified smart contracts in Tezos' LIGO and Concordium's rust language. We thus show the effectiveness of combining formal verification and property-based testing of smart contracts.
Ask questions about this paper to our AI assistant
You can also chat with multiple papers at once here.
Assess the quality of the AI-generated content by voting
Score: 0
Why do we need votes?
Votes are used to determine whether we need to re-run our summarizing tools. If the count reaches -10, our tools can be restarted.
The previous summary was created more than a year ago and can be re-run (if necessary) by clicking on the Run button below.
Similar papers summarized with our AI tools
Navigate through even more similar papers through a
tree representationLook for similar papers (in beta version)
By clicking on the button above, our algorithm will scan all papers in our database to find the closest based on the contents of the full papers and not just on metadata. Please note that it only works for papers that we have generated summaries for and you can rerun it from time to time to get a more accurate result while our database grows.
Disclaimer: The AI-based summarization tool and virtual assistant provided on this website may not always provide accurate and complete summaries or responses. We encourage you to carefully review and evaluate the generated content to ensure its quality and relevance to your needs.