A Concurrent Perspective on Smart Contracts Ilya Sergey Aquinas - - PowerPoint PPT Presentation

a concurrent perspective on smart contracts
SMART_READER_LITE
LIVE PREVIEW

A Concurrent Perspective on Smart Contracts Ilya Sergey Aquinas - - PowerPoint PPT Presentation

Jan 28, 2024 392 likes •611 views

A Concurrent Perspective on Smart Contracts Ilya Sergey Aquinas Hobor 1st Workshop on Trusted Smart Contracts 7 April 2017 class ConcurrentQueue <E> { public synchronized void enqueue(E elem) {} public synchronized E dequeue()

slide-1
SLIDE 1

A Concurrent Perspective 


  • n Smart Contracts

Ilya Sergey Aquinas Hobor

7 April 2017

1st Workshop on Trusted Smart Contracts

slide-2
SLIDE 2

class ConcurrentQueue <E> { public synchronized void enqueue(E elem) {…} public synchronized E dequeue() {…} }

slide-3
SLIDE 3

class ConcurrentQueue <E> { public synchronized void enqueue(E elem) {…} public synchronized E dequeue() {…} } class MyQClient { public void foo (ConcurrentQueue<Integer> q) { … q.enqueue(1); q.enqueue(2); doStuff(); Integer i = q.dequeue(); assert (i == 1); q.dequeue(); } }

slide-4
SLIDE 4

Queue q = new ConcurentQueue<Integer>(); MyQClient c1 = new MyQClient(); MyQClient c2 = new MyQClient(); c1.foo(q) c2.foo(q)

||

class MyQClient { public void foo (ConcurrentQueue<Integer> q) { … q.enqueue(1); q.enqueue(2); doStuff(); Integer i = q.dequeue(); assert (i == 1); q.dequeue(); } }

slide-5
SLIDE 5

c1.foo(q) c2.foo(q)

class MyQClient { public void foo (ConcurrentQueue<Integer> q) { … q.enqueue(1); q.enqueue(2); doStuff(); Integer i = q.dequeue(); assert (i == 1); q.dequeue(); } }

enq(1) enq(2) enq(1) enq(2) deq()=1 deq()=1 deq()=2

assert fails

slide-6
SLIDE 6

contract MyQContract { Queue q = QueueContract(0x1d11e5fbe221); function foo() { … q.enqueue(addr1); q.enqueue(addr2); someAddr.call.value(…); address i = q.dequeue(); // Assuming i == addr1 i.send(reward); q.dequeue(); } }

slide-7
SLIDE 7

contract MyQContract { Queue q = QueueContract(0x1d11e5fbe221); function foo() { … q.enqueue(addr1); q.enqueue(addr2); someAddr.call.value(…); address i = q.dequeue(); // Assuming i == addr1 i.send(reward); q.dequeue(); } }

mqc.foo():

enq(addr1) enq(addr2) Any manipulation with q

someAddr():

Transaction

deq() = ?

slide-8
SLIDE 8

Accounts using smart contracts in a blockchain 
 are like threads using concurrent objects in shared memory.

slide-9
SLIDE 9

Accounts using smart contracts in a blockchain 
 are like threads using concurrent objects in shared memory.

Reentrancy (Un)cooperative multitasking call/send context switching contract state

  • bject state

— — —

slide-10
SLIDE 10

Reentrancy and multitasking

1010

// Burn DAO Tokens

1011

Transfer(msg.sender, 0, balances[msg.sender]);

1012

withdrawRewardFor(msg.sender); // be nice, and get his rewards

1013

totalSupply -= balances[msg.sender];

1014

balances[msg.sender] = 0;

1015

paidOut[msg.sender] = 0;

1016

return true;

1017

}

slide-11
SLIDE 11

Reentrancy and multitasking

DAO:

withdrawRewardFor() Manipulation with DAO

_recipient.call.value(…):

balances[msg.sender] = 0

1010

// Burn DAO Tokens

1011

Transfer(msg.sender, 0, balances[msg.sender]);

1012

withdrawRewardFor(msg.sender); // be nice, and get his rewards

1013

totalSupply -= balances[msg.sender];

1014

balances[msg.sender] = 0;

1015

paidOut[msg.sender] = 0;

1016

return true;

1017

}

slide-12
SLIDE 12

DAO:

withdrawRewardFor() Manipulation with DAO

_recipient.call.value(…):

Inv(contract.state, balance)

c.atomicMethod()

Environment

c.atomicMethod() c.atomicMethod()

Environment

Inv Inv Inv Inv Inv Inv

Inv

balances[msg.sender] = 0

slide-13
SLIDE 13

Accounts using smart contracts in a blockchain 
 are like threads using concurrent objects in shared memory.

Reentrancy (Un)cooperative multitasking call/send context switching contract state

  • bject state

— — — Invariants Atomicity —

slide-14
SLIDE 14

Querying an Oracle

Transaction 1

c.prepareRequest()

  • .raiseEvent()
  • .respond()

c.__callback(data)

Transaction 2

slide-15
SLIDE 15

Querying an Oracle

Transaction 1

c.prepareRequest()

  • .raiseEvent()
  • .respond()

c.__callback(data)

Transaction 2

Block N Block N+M

slide-16
SLIDE 16

function enter() { if (msg.value < 50 finney) { msg.sender.send(msg.value); return; } warrior = msg.sender; warriorGold = msg.value; warriorBlock = block.number; bytes32 myid =

  • raclize_query(0,”WolframAlpha","random number between 1 and 9");

}

BlockKing via Oraclize

function __callback(bytes32 myid, string result) { if (msg.sender != oraclize_cbAddress()) throw; randomNumber = uint(bytes(result)[0]) - 48; process_payment(); }

slide-17
SLIDE 17

Accounts using smart contracts in a blockchain 
 are like threads using concurrent objects in shared memory.

Reentrancy (Un)cooperative multitasking call/send context switching contract state

  • bject state

— — — Invariants Atomicity — Non-determinism data races —

slide-18
SLIDE 18

Reasoning about 
 High-level Behavior of Contracts
 (as of Concurrent Objects)

slide-19
SLIDE 19

Temporal Properties

Q since P ≝ ∀ s s′, s →c* s′, P(s) ⇒ Q(s, s′)

  • “Token price only goes up”;
  • “No payments accepted after the quorum is reached”;
  • “No changes can be made after locking”;
  • “Consensus results are irrevocable”;
  • etc.
slide-20
SLIDE 20

Work in Progress

  • A Coq-based DSL for formally defining high-level

contract behavior as of a “concurrent object”;

  • Definitions of generic semantic contract properties;
  • Formal proofs for several case studies (in Coq);
  • Reasoning about contract/object composition;
  • A verified compiler from the DSL to EVM;
  • A compiler from Solidity to the DSL;
slide-21
SLIDE 21

To take away

Accounts using smart contracts in a blockchain 
 are like threads using concurrent objects in shared memory.

  • Understanding intra- and inter-transactional behavior;
  • Detecting atomicity violations and data races;
  • Repurposing existing verification ideas;

Thanks!