verifying testing and running smart contracts in concert
play

Verifying, testing and running smart contracts in ConCert Danil - PowerPoint PPT Presentation

Sep 06, 2023 •310 likes •607 views

Verifying, testing and running smart contracts in ConCert Danil Annenkov, Mikkel Milo, Jakob Botsch Nielsen and Bas Spitters Aarhus University, Concordium Blockchain Research Center The Coq Workshop 2020, July 6 #1 Danil Annenkov, Mikkel Milo,

  1. Verifying, testing and running smart contracts in ConCert Danil Annenkov, Mikkel Milo, Jakob Botsch Nielsen and Bas Spitters Aarhus University, Concordium Blockchain Research Center The Coq Workshop 2020, July 6 #1 Danil Annenkov, Mikkel Milo, Jakob Botsch Nielsen and Bas Spitters Verifying, testing and running smart contracts in ConCert

  2. What are smart contracts? Programs in a general-purpose language running “on a blockchain” Blockchain ∼ database, smart contracts ∼ stored procedures. #2 Danil Annenkov, Mikkel Milo, Jakob Botsch Nielsen and Bas Spitters Verifying, testing and running smart contracts in ConCert

  3. What are smart contracts? Programs in a general-purpose language running “on a blockchain” Blockchain ∼ database, smart contracts ∼ stored procedures. What is so special about smart contracts? They often manage money: auctions, crowdfunding campaigns, multi-signature wallets, DAOs. Once deployed, contract code cannot be changed. Code is Law. Can call other contracts containing possibly malicious code. Flaws may result in huge financial losses: The DAO ∼ $50M — hacker attack. Parity’s multi-signature wallet ∼ $280M — a bug in the library code. #2 Danil Annenkov, Mikkel Milo, Jakob Botsch Nielsen and Bas Spitters Verifying, testing and running smart contracts in ConCert

  4. Functional smart contract languages Contracts are programs in a functional language transforming the state: contract : CallCtx * Msg * State -> State * Action list But blockchains are stateful. Contracts are used as transition functions. A scheduler handles transfers and calls to other contracts in Action list . Examples of such languages: LIGO (Tezos) Liquidity (Dune) Scilla (Zilliqa) Midlang /Retlang (Concordium) . . . #3 Danil Annenkov, Mikkel Milo, Jakob Botsch Nielsen and Bas Spitters Verifying, testing and running smart contracts in ConCert

  5. ConCert: A Smart Contract Certification Framework DA, Jakob Botsch Nielsen, Bas Spitters. ConCert: A Smart Contract Certification Framework, CPP’20. Jakob Botsch Nielsen and Bas Spitters. Smart Contract Interactions in Coq. FMBC’19. Embedding of a functional smart contract language in Coq. Soundness of the embedding through MetaCoq. Execution model. Verification of a crowdfunding, congress, importing Retlang code. #4 Danil Annenkov, Mikkel Milo, Jakob Botsch Nielsen and Bas Spitters Verifying, testing and running smart contracts in ConCert

  6. Our contributions We extend ConCert: Implement extraction to functional smart contract languages. Liquidity (Dune). Midlang (Concordium) (bonus — Elm!). Verify complex smart contracts: boardroom voting. Add property-based testing (using QuickChick). #5 Danil Annenkov, Mikkel Milo, Jakob Botsch Nielsen and Bas Spitters Verifying, testing and running smart contracts in ConCert

  7. Extraction Coq supports extraction to OCaml, Haskell and Scheme. General idea: turn all parts of a program that do not contribute to computation into � (a box ). The underlying theory: Pierre Letouzey’s thesis. Not directly suitable for functional smart contract languages: syntactic and semantic differences. Current Coq extraction is not verified. MetaCoq erasure is verified! 1 1 Matthieu Sozeau, Simon Boulier, Yannick Forster, Nicolas Tabareau and Th´ eo Winterhalter. Coq Coq correct! verification of type checking and erasure for Coq, in #6 Coq Danil Annenkov, Mikkel Milo, Jakob Botsch Nielsen and Bas Spitters Verifying, testing and running smart contracts in ConCert

  8. Smart contract extraction: challenges No Obj . magic / unsafeCoerce Non-recursive data types only. Limited support for recursion (e.g. tail recursion only, or no direct access to recursion — only through primitives). #7 Danil Annenkov, Mikkel Milo, Jakob Botsch Nielsen and Bas Spitters Verifying, testing and running smart contracts in ConCert

  9. Smart contract extraction: challenges No Obj . magic / unsafeCoerce Non-recursive data types only. Limited support for recursion (e.g. tail recursion only, or no direct access to recursion — only through primitives). Consequences: Some extracted code will not be well-typed. Remapping (cf. Extract Constant ) is mandatory for some recursive definitions. #7 Danil Annenkov, Mikkel Milo, Jakob Botsch Nielsen and Bas Spitters Verifying, testing and running smart contracts in ConCert

  10. optimize CertiCoq L 2 erase translate CIC CIC □ pp Liquidity erase types ... Midlang MetaCoq verified erasure A translation from CIC (Calculus of Inductive Constructions) into CIC � . Provides a proof that the evaluation of the original and the erased terms agree. Missing bits for the practical use: No erasure for types and inductives. No optimisations (e.g. removing boxes). #8 Danil Annenkov, Mikkel Milo, Jakob Botsch Nielsen and Bas Spitters Verifying, testing and running smart contracts in ConCert

  11. MetaCoq verified erasure A translation from CIC (Calculus of Inductive Constructions) into CIC � . Provides a proof that the evaluation of the original and the erased terms agree. Missing bits for the practical use: No erasure for types and inductives. No optimisations (e.g. removing boxes). We implement the missing bits an develop pretty-printers directly in Coq. optimize CertiCoq L 2 erase translate CIC CIC □ pp Liquidity erase types ... Midlang #8 Danil Annenkov, Mikkel Milo, Jakob Botsch Nielsen and Bas Spitters Verifying, testing and running smart contracts in ConCert

  12. MetaCoq verified erasure: deboxing Definition square ( xs : list nat ) : list nat := @map nat nat ( fun x : nat ⇒ x ∗ x ) xs . Erases to (implicit type arguments become boxes): fun xs ⇒ Coq . Lists . List . map �� ( fun x ⇒ Coq . Init . Nat . mul x x ) xs We want to remove the boxes: fun xs ⇒ Coq . Lists . List . map ( fun x ⇒ Coq . Init . Nat . mul x x ) xs This removes redundant computations and makes remapping Coq . Lists . List . map to a target language map easier. #9 Danil Annenkov, Mikkel Milo, Jakob Botsch Nielsen and Bas Spitters Verifying, testing and running smart contracts in ConCert

  13. MetaCoq verified erasure: deboxing Definition square ( xs : list nat ) : list nat := @map nat nat ( fun x : nat ⇒ x ∗ x ) xs . Erases to (implicit type arguments become boxes): fun xs ⇒ Coq . Lists . List . map �� ( fun x ⇒ Coq . Init . Nat . mul x x ) xs We want to remove the boxes: fun xs ⇒ Coq . Lists . List . map ( fun x ⇒ Coq . Init . Nat . mul x x ) xs This removes redundant computations and makes remapping Coq . Lists . List . map to a target language map easier. Deboxing — a transformation that removes redundant boxes. #9 Danil Annenkov, Mikkel Milo, Jakob Botsch Nielsen and Bas Spitters Verifying, testing and running smart contracts in ConCert

  14. Deboxing as an optimisation When (and why) is it safe to remove boxes? Boils down to: ( fun x ⇒ t ) v ∼ t , if x does not occur free in t Deboxing is a special case: ( fun A x ⇒ t ) � ∼ ( fun x ⇒ t ). From erasure, we know that A does not occur free in t . We remove boxes from applications of constants (e.g. map ) and constructors. Boxes coming from any “logical” parts (types or propositions) can be removed in the same way. #10 Danil Annenkov, Mikkel Milo, Jakob Botsch Nielsen and Bas Spitters Verifying, testing and running smart contracts in ConCert

  15. Deboxing as an optimisation When (and why) is it safe to remove boxes? Boils down to: ( fun x ⇒ t ) v ∼ t , if x does not occur free in t Deboxing is a special case: ( fun A x ⇒ t ) � ∼ ( fun x ⇒ t ). From erasure, we know that A does not occur free in t . We remove boxes from applications of constants (e.g. map ) and constructors. Boxes coming from any “logical” parts (types or propositions) can be removed in the same way. Caveats Partial applications might require eta-expansion. With eta-expansion, it might not be an optimisation. #10 Danil Annenkov, Mikkel Milo, Jakob Botsch Nielsen and Bas Spitters Verifying, testing and running smart contracts in ConCert

  16. Deboxing as an optimisation When (and why) is it safe to remove boxes? Boils down to: ( fun x ⇒ t ) v ∼ t , if x does not occur free in t Deboxing is a special case: ( fun A x ⇒ t ) � ∼ ( fun x ⇒ t ). From erasure, we know that A does not occur free in t . We remove boxes from applications of constants (e.g. map ) and constructors. Boxes coming from any “logical” parts (types or propositions) can be removed in the same way. Caveats Partial applications might require eta-expansion. With eta-expansion, it might not be an optimisation. We implement the general case: eta-expand, remove arguments and abstractions that do no occur. #10 Danil Annenkov, Mikkel Milo, Jakob Botsch Nielsen and Bas Spitters Verifying, testing and running smart contracts in ConCert

  17. A counter contract Definition storage := Z . Definition pos := { z : Z | 0 < ? z } . Inductive msg := Inc ( _ : Z ) | Dec ( _ : Z ). Program Definition inc_counter ( st : storage ) ( inc : pos ) : { new_st : storage | st < ? new_st } := st + proj1_sig inc . Next Obligation . (* proof omitted *) Qed . ... Definition counter ( msg : msg ) ( st : storage ) : option ( list SimpleActionBody ∗ storage ) := match msg with | Inc i ⇒ match ( bool_dec (0 < ? i ) true ) with | left h ⇒ Some ([], proj1_sig ( inc_counter st ( exist i h ))) | right _ ⇒ None end | Dec i ⇒ ... end . #11 Danil Annenkov, Mikkel Milo, Jakob Botsch Nielsen and Bas Spitters Verifying, testing and running smart contracts in ConCert

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Smart Contract Security Assessing Solidity smart contracts About Me Evangelos Deirmentzoglou

Smart Contract Security Assessing Solidity smart contracts About Me Evangelos Deirmentzoglou

Smart Contract Security Assessing Solidity smart contracts About Me Evangelos Deirmentzoglou Security Consultant Smart contract audits Nmap/Ncrack contributor Certs: OSCE, OSCP, OSWP Blockchain Basics Front Running

642 views • 30 slides
Writing Smart Contracts Dionysis Zindros Smart Contracts Day Athens, March 2017 We talked all

Writing Smart Contracts Dionysis Zindros Smart Contracts Day Athens, March 2017 We talked all

Writing Smart Contracts Dionysis Zindros Smart Contracts Day Athens, March 2017 We talked all about what smart contracts are... ...but what does a real smart contract look like? Lets talk about writing actual Smart Contracts with code

809 views • 50 slides
Quantitative Analysis of Smart Contracts Krishnendu Chatterjee 1 Amir Goharshady 1 Yaron Velner 2 1

Quantitative Analysis of Smart Contracts Krishnendu Chatterjee 1 Amir Goharshady 1 Yaron Velner 2 1

Quantitative Analysis of Smart Contracts Krishnendu Chatterjee 1 Amir Goharshady 1 Yaron Velner 2 1 IST Austria 2 Hebrew University of Jerusalem ESOP 2018 Outline Smart Contracts Bugs in Smart Contracts Language Design Games and Abstraction

1.06k views • 73 slides
Smart Contracts Jrgen Modin The two building blocks of smart contracts Digital signatures

Smart Contracts Jrgen Modin The two building blocks of smart contracts Digital signatures

Smart Contracts Jrgen Modin The two building blocks of smart contracts Digital signatures The blockchain What does the blockchain do? One timestamp, and one context for each signature You can detect if someone is promising

289 views • 7 slides
Smart Contracts and Ethereum Winter School on Cryptocurrency Loi Luu and Blockchain Technologies

Smart Contracts and Ethereum Winter School on Cryptocurrency Loi Luu and Blockchain Technologies

Smart Contracts and Ethereum Winter School on Cryptocurrency Loi Luu and Blockchain Technologies National University of Singapore Shanghai, Jan. 15-17 2017 Some slides are courtesy of Vitalik Buterin 1 Agenda Smart contracts and

1.12k views • 79 slides
Verifying Concurrent Programs using Contracts Ricardo J. Dias, Carla Ferreira, Jan Fiedor, Jo

Verifying Concurrent Programs using Contracts Ricardo J. Dias, Carla Ferreira, Jan Fiedor, Jo

Verifying Concurrent Programs using Contracts Ricardo J. Dias, Carla Ferreira, Jan Fiedor, Jo ao M. Lourenc o, Ale s Smr cka, Diogo G. Sousa, Tom a s Vojnar Brno University of Technology (BUT) Universidade Nova de Lisboa (UNL)

1.54k views • 125 slides
Bitcoin Smart Contracts Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Bitcoin Smart Contracts Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Bitcoin Smart Contracts Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay August 26, 2019 1 / 17 Smart Contracts Computer protocols which help execution/enforcement of

288 views • 17 slides
1 Conventionally, software testing has aimed at verifying functionality but the testing paradigm

1 Conventionally, software testing has aimed at verifying functionality but the testing paradigm

1 Conventionally, software testing has aimed at verifying functionality but the testing paradigm has changed for software services. Developing a full-featured and functioning software service is necessary; however service real time availability

606 views • 19 slides
Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach Anastasia

Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach Anastasia

Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach Anastasia Mavridou 1 and Aron Laszka 2 1 Vanderbilt University 2 University of Houston 2 Smart Contract Insecurity Smart contracts are riddled with bugs and

575 views • 21 slides
A Concurrent Perspective on Smart Contracts Ilya Sergey Aquinas Hobor 1st Workshop on

A Concurrent Perspective on Smart Contracts Ilya Sergey Aquinas Hobor 1st Workshop on

A Concurrent Perspective on Smart Contracts Ilya Sergey Aquinas Hobor 1st Workshop on Trusted Smart Contracts 7 April 2017 class ConcurrentQueue &lt;E&gt; { public synchronized void enqueue(E elem) {} public synchronized E dequeue()

605 views • 21 slides
Blockchain and Smart Contracts in the Energy Industry: A European Perspective Dr. Matthias Lang

Blockchain and Smart Contracts in the Energy Industry: A European Perspective Dr. Matthias Lang

Blockchain and Smart Contracts in the Energy Industry: A European Perspective Dr. Matthias Lang Bird &amp; Bird LLP, Dsseldorf, Germany April 11, 2019 Table of contents I. Introduction II. Blockchain and Smart Contracts in a Nutshell

787 views • 41 slides
Verification of blockchains and smart contracts Formal Methods Update, 2018 BITS Pilani Goa

Verification of blockchains and smart contracts Formal Methods Update, 2018 BITS Pilani Goa

Verification of blockchains and smart contracts Formal Methods Update, 2018 BITS Pilani Goa Madhavan Mukund Chennai Mathematical Institute http:/ /www.cmi.ac.in/~madhavan Outline Introduction to blockchains Smart contracts

859 views • 37 slides
Ethereum Smart Contracts Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Ethereum Smart Contracts Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Ethereum Smart Contracts Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay September 4, 2018 1 / 14 Ethereum Contracts Contract = Collection of functions and state at a

179 views • 14 slides
ConCert: A Smart Contract Certification Framework in Coq Danil Annenkov, Jakob Botsch Nielsen and

ConCert: A Smart Contract Certification Framework in Coq Danil Annenkov, Jakob Botsch Nielsen and

ConCert: A Smart Contract Certification Framework in Coq Danil Annenkov, Jakob Botsch Nielsen and Bas Spitters Aarhus University, Concordium Blockchain Research Center CPP2020, January 21, 2020 #1 Danil Annenkov, Jakob Botsch Nielsen and Bas

181 views • 14 slides
EVE: verifying correct execution of cloud-hosted web applications Suman Jana Vitaly Shmatikov

EVE: verifying correct execution of cloud-hosted web applications Suman Jana Vitaly Shmatikov

EVE: verifying correct execution of cloud-hosted web applications Suman Jana Vitaly Shmatikov The University of Texas at Austin Running interactive web-apps in the cloud Running interactive web-apps in the cloud Running interactive web-apps

442 views • 31 slides
Welcome! I Can... Explain what concert etiquette is and how it evolves Describe

Welcome! I Can... Explain what concert etiquette is and how it evolves Describe

Welcome! I Can... Explain what concert etiquette is and how it evolves Describe what my student is being taught about concert etiquette Support my students learning as an audience member What IS Concert Etiquette?!

331 views • 7 slides
Drug Testing and Marijuana in the New England Workplace Presented by: Charlie Einsiedler and

Drug Testing and Marijuana in the New England Workplace Presented by: Charlie Einsiedler and

Drug Testing and Marijuana in the New England Workplace Presented by: Charlie Einsiedler and Dan Strader October 11, 2018 Overview of Presentation What laws apply in each state? May employers prohibit use in and/ or outside

659 views • 41 slides
Anonymous Personalization Without Leaving Drupal by Mike Lander Michael Lander Technical

Anonymous Personalization Without Leaving Drupal by Mike Lander Michael Lander Technical

DrupalCon Seattle 2019 Anonymous Personalization Without Leaving Drupal by Mike Lander Michael Lander Technical Director @ Elevated Third D.O.: @michaellander Twitter: @MikeLand3r Drupal Slack: @michaellander What is personalization?

458 views • 32 slides
DELEGA TE TEE : Brokered Delegation DELE Using Trusted Execution Environments Sinisa Matetic and

DELEGA TE TEE : Brokered Delegation DELE Using Trusted Execution Environments Sinisa Matetic and

DELEGA TE TEE : Brokered Delegation DELE Using Trusted Execution Environments Sinisa Matetic and Moritz Schneider, ETH Zurich ; Andrew Miller, UIUC ; Ari Juels, Cornell Tech ; Srdjan Capkun, ETH Zurich CSC 6991 Presented by: Shikha Sikligar

596 views • 18 slides
Whistle-Blowing 1 Whistleblowing Disclosure, using other than approved organizational

Whistle-Blowing 1 Whistleblowing Disclosure, using other than approved organizational

Whistle-Blowing 1 Whistleblowing Disclosure, using other than approved organizational channels, of wrongdoing to someone in a position to take action. disclosure: information intentionally conveyed channels: chain of command,

429 views • 12 slides
Continuous Kubernetes Security @sublimino and @controlplaneio Im: - Andy - Dev-like -

Continuous Kubernetes Security @sublimino and @controlplaneio Im: - Andy - Dev-like -

Continuous Kubernetes Security @sublimino and @controlplaneio Im: - Andy - Dev-like - Sec-ish - Ops-y Is this Kubernetes cluster secure? EPIC FAIL GIF How secure is Kubernetes? What this Kubernetes talk is about Common Pwns

1.18k views • 113 slides
Towards Refactoring-Aware Regression Test Selection Kaiyuan Wang , Chenguang Zhu, Ahmet Celik,

Towards Refactoring-Aware Regression Test Selection Kaiyuan Wang , Chenguang Zhu, Ahmet Celik,

Towards Refactoring-Aware Regression Test Selection Kaiyuan Wang , Chenguang Zhu, Ahmet Celik, Jongwook Kim, Don Batory, Milos Gligoric Funded in part by the US National Science Foundation and a Google Faculty Research Award 1 Regression

783 views • 31 slides
Computational Integrity with a Public Random String from Quasi-Linear PCPs Michael Riabzev

Computational Integrity with a Public Random String from Quasi-Linear PCPs Michael Riabzev

Goal Other approaches SCI overview Under the hood Measurements Acknowledgment Summary Computational Integrity with a Public Random String from Quasi-Linear PCPs Michael Riabzev Technion - Israel Institute of Technology EUROCRYPT 2017

469 views • 46 slides
Mixminion a best-of-breed anonymous remailer (systems track) Nick Mathewson, Roger Dingledine

Mixminion a best-of-breed anonymous remailer (systems track) Nick Mathewson, Roger Dingledine

Mixminion a best-of-breed anonymous remailer (systems track) Nick Mathewson, Roger Dingledine The Free Haven Project {nickm,arma}@freehaven.net Scope Introduction to anonymity How we got started Introduction to mix-nets

649 views • 27 slides

More recommend