Volume

OASIcs, Volume 105

4th International Workshop on Formal Methods for Blockchains (FMBC 2022)

Thumbnail PDF

Event

FMBC 2022, August 11, 2022, Haifa, Israel

Editors

Zaynah Dargaye
  • Nomadic Labs, Paris, France
Clara Schneidewind
  • MPI-SP, Bochum, Germany

Publication Details

  • published at: 2022-10-06
  • Publisher: Schloss Dagstuhl – Leibniz-Zentrum für Informatik
  • ISBN: 978-3-95977-250-1
  • DBLP: db/conf/cav/fmbc2022

Access Numbers

Documents

No documents found matching your filter selection.
Document
Complete Volume
DOI: 10.4230/OASIcs.FMBC.2022
OASIcs, Volume 105, FMBC 2022, Complete Volume

Authors: Zaynah Dargaye and Clara Schneidewind

Abstract
OASIcs, Volume 105, FMBC 2022, Complete Volume
Cite as

4th International Workshop on Formal Methods for Blockchains (FMBC 2022). Open Access Series in Informatics (OASIcs), Volume 105, pp. 1-74, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2022)

Copy BibTex To Clipboard

@Proceedings{dargaye_et_al:OASIcs.FMBC.2022,
  title =	{{OASIcs, Volume 105, FMBC 2022, Complete Volume}},
  booktitle =	{4th International Workshop on Formal Methods for Blockchains (FMBC 2022)},
  pages =	{1--74},
  series =	{Open Access Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-250-1},
  ISSN =	{2190-6807},
  year =	{2022},
  volume =	{105},
  editor =	{Dargaye, Zaynah and Schneidewind, Clara},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/OASIcs.FMBC.2022},
  URN =		{urn:nbn:de:0030-drops-171802},
  doi =		{10.4230/OASIcs.FMBC.2022},
  annote =	{Keywords: OASIcs, Volume 105, FMBC 2022, Complete Volume}
}
Document
Front Matter
DOI: 10.4230/OASIcs.FMBC.2022.0
Front Matter, Table of Contents, Preface, Conference Organization

Authors: Zaynah Dargaye and Clara Schneidewind

Abstract
Front Matter, Table of Contents, Preface, Conference Organization
Cite as

4th International Workshop on Formal Methods for Blockchains (FMBC 2022). Open Access Series in Informatics (OASIcs), Volume 105, pp. 0:i-0:xii, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2022)

Copy BibTex To Clipboard

@InProceedings{dargaye_et_al:OASIcs.FMBC.2022.0,
  author =	{Dargaye, Zaynah and Schneidewind, Clara},
  title =	{{Front Matter, Table of Contents, Preface, Conference Organization}},
  booktitle =	{4th International Workshop on Formal Methods for Blockchains (FMBC 2022)},
  pages =	{0:i--0:xii},
  series =	{Open Access Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-250-1},
  ISSN =	{2190-6807},
  year =	{2022},
  volume =	{105},
  editor =	{Dargaye, Zaynah and Schneidewind, Clara},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/OASIcs.FMBC.2022.0},
  URN =		{urn:nbn:de:0030-drops-171813},
  doi =		{10.4230/OASIcs.FMBC.2022.0},
  annote =	{Keywords: Front Matter, Table of Contents, Preface, Conference Organization}
}
Document
Invited Talk
DOI: 10.4230/OASIcs.FMBC.2022.1
MEV-Freedom, in DeFi and Beyond (Invited Talk)

Authors: Massimo Bartoletti

Abstract
Maximal Extractable Value (MEV) refers to a class of recent attacks on public blockchains, where adversaries with the power to reorder, drop or insert transactions in a block can "extract" value from user transactions in the mempool. Empirical research has shown that mainstream DeFi protocols, like e.g. Automated Market Makers and Lending Pools, are massively targeted by MEV attacks. This has detrimental effects on their users, on transaction fees, and on the congestion of blockchain networks. Despite the growing knowledge on MEV attacks on blockchain protocols, an exact definition is still missing. Indeed, formally defining these attacks is an essential prerequisite to the design of provably secure, MEV-free blockchain protocols. In this talk, we propose a formal definition of MEV, based on a general, abstract model of blockchains and smart contracts. We then introduce MEV-freedom, a property enjoyed by contracts resistant to MEV attacks. We validate this notion by rigorously proving that Automated Market Makers and Lending Pools are not MEV-free. We finally discuss how to design MEV-free contracts.
Cite as

Massimo Bartoletti. MEV-Freedom, in DeFi and Beyond (Invited Talk). In 4th International Workshop on Formal Methods for Blockchains (FMBC 2022). Open Access Series in Informatics (OASIcs), Volume 105, p. 1:1, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2022)

Copy BibTex To Clipboard

@InProceedings{bartoletti:OASIcs.FMBC.2022.1,
  author =	{Bartoletti, Massimo},
  title =	{{MEV-Freedom, in DeFi and Beyond}},
  booktitle =	{4th International Workshop on Formal Methods for Blockchains (FMBC 2022)},
  pages =	{1:1--1:1},
  series =	{Open Access Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-250-1},
  ISSN =	{2190-6807},
  year =	{2022},
  volume =	{105},
  editor =	{Dargaye, Zaynah and Schneidewind, Clara},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/OASIcs.FMBC.2022.1},
  URN =		{urn:nbn:de:0030-drops-171827},
  doi =		{10.4230/OASIcs.FMBC.2022.1},
  annote =	{Keywords: Blockchain, Smart Contracts, Formal Security Notion}
}
Document
DOI: 10.4230/OASIcs.FMBC.2022.2
Finding Smart Contract Vulnerabilities with ConCert’s Property-Based Testing Framework

Authors: Mikkel Milo, Eske Hoy Nielsen, Danil Annenkov, and Bas Spitters

Abstract
We provide three detailed case studies of vulnerabilities in smart contracts, and show how property based testing would have found them: 1. the Dexter1 token exchange; 2. the iToken; 3. the ICO of Brave’s BAT token. The last example is, in fact, new, and was missed in the auditing process. We have implemented this testing in ConCert, a general executable model/specification of smart contract execution in the Coq proof assistant. ConCert contracts can be used to generate verified smart contracts in Tezos' LIGO and Concordium’s rust language. We thus show the effectiveness of combining formal verification and property-based testing of smart contracts.
Cite as

Mikkel Milo, Eske Hoy Nielsen, Danil Annenkov, and Bas Spitters. Finding Smart Contract Vulnerabilities with ConCert’s Property-Based Testing Framework. In 4th International Workshop on Formal Methods for Blockchains (FMBC 2022). Open Access Series in Informatics (OASIcs), Volume 105, pp. 2:1-2:13, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2022)

Copy BibTex To Clipboard

@InProceedings{milo_et_al:OASIcs.FMBC.2022.2,
  author =	{Milo, Mikkel and Nielsen, Eske Hoy and Annenkov, Danil and Spitters, Bas},
  title =	{{Finding Smart Contract Vulnerabilities with ConCert’s Property-Based Testing Framework}},
  booktitle =	{4th International Workshop on Formal Methods for Blockchains (FMBC 2022)},
  pages =	{2:1--2:13},
  series =	{Open Access Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-250-1},
  ISSN =	{2190-6807},
  year =	{2022},
  volume =	{105},
  editor =	{Dargaye, Zaynah and Schneidewind, Clara},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/OASIcs.FMBC.2022.2},
  URN =		{urn:nbn:de:0030-drops-171834},
  doi =		{10.4230/OASIcs.FMBC.2022.2},
  annote =	{Keywords: Smart Contracts, Formal Verification, Property-Based Testing, Coq}
}
Document
DOI: 10.4230/OASIcs.FMBC.2022.3
Automatic Generation of Attacker Contracts in Solidity

Authors: Ignacio Ballesteros, Clara Benac-Earle, Luis Eduardo Bueso de Barrio, Lars-Åke Fredlund, Ángel Herranz, and Julio Mariño

Abstract
Smart contracts on the Ethereum blockchain continue to suffer from well-published problems. A particular example is the well-known smart contract reentrancy vulnerability, which continues to be exploited. In this article, we present preliminary work on a method which, given a smart contract that may be vulnerable to such a reentrancy attack, proceeds to attempt to automatically derive an "attacker" contract which can be used to successfully attack the vulnerable contract. The method uses property-based testing to generate, semi-randomly, large numbers of potential attacker contracts, and then proceeds to check whether any of them is a successful attacker. The method is illustrated using a case study where an attack is derived for a vulnerable contract.
Cite as

Ignacio Ballesteros, Clara Benac-Earle, Luis Eduardo Bueso de Barrio, Lars-Åke Fredlund, Ángel Herranz, and Julio Mariño. Automatic Generation of Attacker Contracts in Solidity. In 4th International Workshop on Formal Methods for Blockchains (FMBC 2022). Open Access Series in Informatics (OASIcs), Volume 105, pp. 3:1-3:14, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2022)

Copy BibTex To Clipboard

@InProceedings{ballesteros_et_al:OASIcs.FMBC.2022.3,
  author =	{Ballesteros, Ignacio and Benac-Earle, Clara and de Barrio, Luis Eduardo Bueso and Fredlund, Lars-\r{A}ke and Herranz, \'{A}ngel and Mari\~{n}o, Julio},
  title =	{{Automatic Generation of Attacker Contracts in Solidity}},
  booktitle =	{4th International Workshop on Formal Methods for Blockchains (FMBC 2022)},
  pages =	{3:1--3:14},
  series =	{Open Access Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-250-1},
  ISSN =	{2190-6807},
  year =	{2022},
  volume =	{105},
  editor =	{Dargaye, Zaynah and Schneidewind, Clara},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/OASIcs.FMBC.2022.3},
  URN =		{urn:nbn:de:0030-drops-171840},
  doi =		{10.4230/OASIcs.FMBC.2022.3},
  annote =	{Keywords: Property-Based Testing, Smart Contracts, Reentrancy Attack}
}
Document
DOI: 10.4230/OASIcs.FMBC.2022.4
Proofgold: Blockchain for Formal Methods

Authors: Chad E. Brown, Cezary Kaliszyk, Thibault Gauthier, and Josef Urban

Abstract
Proofgold is a peer to peer cryptocurrency making use of formal logic. Users can publish theories and then develop a theory by publishing documents with definitions, conjectures and proofs. The blockchain records the theories and their state of development (e.g., which theorems have been proven and when). Two of the main theories are a form of classical set theory (for formalizing mathematics) and an intuitionistic theory of higher-order abstract syntax (for reasoning about syntax with binders). We have also significantly modified the open source Proofgold Core client software to create a faster, more stable and more efficient client, Proofgold Lava. Two important changes are the cryptography code and the database code, and we discuss these improvements. We also discuss how the Proofgold network can be used to support large formalization efforts.
Cite as

Chad E. Brown, Cezary Kaliszyk, Thibault Gauthier, and Josef Urban. Proofgold: Blockchain for Formal Methods. In 4th International Workshop on Formal Methods for Blockchains (FMBC 2022). Open Access Series in Informatics (OASIcs), Volume 105, pp. 4:1-4:15, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2022)

Copy BibTex To Clipboard

@InProceedings{brown_et_al:OASIcs.FMBC.2022.4,
  author =	{Brown, Chad E. and Kaliszyk, Cezary and Gauthier, Thibault and Urban, Josef},
  title =	{{Proofgold: Blockchain for Formal Methods}},
  booktitle =	{4th International Workshop on Formal Methods for Blockchains (FMBC 2022)},
  pages =	{4:1--4:15},
  series =	{Open Access Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-250-1},
  ISSN =	{2190-6807},
  year =	{2022},
  volume =	{105},
  editor =	{Dargaye, Zaynah and Schneidewind, Clara},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/OASIcs.FMBC.2022.4},
  URN =		{urn:nbn:de:0030-drops-171851},
  doi =		{10.4230/OASIcs.FMBC.2022.4},
  annote =	{Keywords: Formal logic, Blockchain, Proofgold}
}
Document
DOI: 10.4230/OASIcs.FMBC.2022.5
Multi: A Formal Playground for Multi-Smart Contract Interaction

Authors: Martín Ceresa and César Sánchez

Abstract
Blockchains are maintained by a network of participants, miner nodes, that run algorithms designed to maintain collectively a distributed machine tolerant to Byzantine attacks. From the point of view of users, blockchains provide the illusion of centralized computers that perform trustable verifiable computations, where all computations are deterministic and the results cannot be manipulated or undone. Every blockchain is equipped with a crypto-currency. Programs running on blockchains are called smart-contracts and are written in a special-purpose programming language with deterministic semantics. Each transaction begins with an invocation from an external user to a smart contract. Smart contracts have local storage and can call other contracts, and more importantly, they store, send and receive cryptocurrency. Once installed in a blockchain, the code of the smart-contract cannot be modified. Therefore, it is very important to guarantee that contracts are correct before deployment. However, the resulting ecosystem makes it very difficult to reason about program correctness, since smart-contracts can be executed by malicious users or malicious smart-contracts can be designed to exploit other contracts that call them. Many attacks and bugs are caused by unexpected interactions between multiple contracts, the attacked contract and unknown code that performs the exploit. Moreover, there is a very aggressive competition between different blockchains to expand their user base. Ideas are implemented fast and blockchains compete to offer and adopt new features quickly. In this paper, we propose a formal playground that allows reasoning about multi-contract interactions and is extensible to incorporate new features, study their behaviour and ultimately prove properties before features are incorporated into the real blockchain. We implemented a model of computation that models the execution platform, abstracts the internal code of each individual contract and focuses on contract interactions. Even though our Coq implementation is still a work in progress, we show how many features, existing or proposed, can be used to reason about multi-contract interactions.
Cite as

Martín Ceresa and César Sánchez. Multi: A Formal Playground for Multi-Smart Contract Interaction. In 4th International Workshop on Formal Methods for Blockchains (FMBC 2022). Open Access Series in Informatics (OASIcs), Volume 105, pp. 5:1-5:16, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2022)

Copy BibTex To Clipboard

@InProceedings{ceresa_et_al:OASIcs.FMBC.2022.5,
  author =	{Ceresa, Mart{\'\i}n and S\'{a}nchez, C\'{e}sar},
  title =	{{Multi: A Formal Playground for Multi-Smart Contract Interaction}},
  booktitle =	{4th International Workshop on Formal Methods for Blockchains (FMBC 2022)},
  pages =	{5:1--5:16},
  series =	{Open Access Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-250-1},
  ISSN =	{2190-6807},
  year =	{2022},
  volume =	{105},
  editor =	{Dargaye, Zaynah and Schneidewind, Clara},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/OASIcs.FMBC.2022.5},
  URN =		{urn:nbn:de:0030-drops-171868},
  doi =		{10.4230/OASIcs.FMBC.2022.5},
  annote =	{Keywords: blockchain, formal methods, theorem prover, smart-contracts}
}

Filters

  • Authors
  • A
  • Annenkov, Danil
  • B
  • Ballesteros, Ignacio
  • Bartoletti, Massimo
  • Benac-Earle, Clara
  • Brown, Chad E.
  • C
  • Ceresa, Martín
  • D
  • Dargaye, Zaynah
  • de Barrio, Luis Eduardo Bueso
  • F
  • Fredlund, Lars-Åke
  • G
  • Gauthier, Thibault
  • H
  • Herranz, Ángel
  • K
  • Kaliszyk, Cezary
  • M
  • Mariño, Julio
  • Milo, Mikkel
  • N
  • Nielsen, Eske Hoy
  • S
  • Sánchez, César
  • Schneidewind, Clara
  • Spitters, Bas
  • U
  • Urban, Josef

  • Subjects
  • Computer systems organization
  • Computer systems organization → Peer-to-peer architectures
  • Security and privacy
  • Security and privacy → Distributed systems security
  • Security and privacy → Formal methods and theory of security
  • Security and privacy → Logic and verification
  • Software and its engineering
  • Software and its engineering → Dynamic analysis
  • Software and its engineering → Empirical software validation
  • Software and its engineering → Formal methods
  • Software and its engineering → Formal software verification
  • Software and its engineering → Software testing and debugging
  • Software and its engineering → Software verification and validation
  • Theory of computation
  • Theory of computation → Abstract machines
  • Theory of computation → Automated reasoning
  • Theory of computation → Program constructs
  • Theory of computation → Program reasoning
  • Theory of computation → Program verification
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail
© 2023-2024 Schloss Dagstuhl – LZI GmbH Imprint Privacy Contact