Specification is law : safe creation and upgrade of ethereum smart contracts

Detalhes bibliográficos
Autor(a) principal: FERREIRA, Juliandson Estanislau
Data de Publicação: 2022
Tipo de documento: Dissertação
Idioma: eng
Título da fonte: Repositório Institucional da UFPE
dARK ID: ark:/64986/001300000dhc4
Texto Completo: https://repositorio.ufpe.br/handle/123456789/47799
Resumo: Smart contract evolution is crucial for the success of decentralized applications, and current methods and processes are not well suited to handle these drivers of change, as the knowledge about the software is predominantly stored in informal documents. In addition, they are the building blocks of the ”code is law” paradigm: the smart contract’s code indisputably describes how its assets are to be managed - once it is created, its code is typically immutable. Faulty smart contracts present the most significant evidence against the practicality of this paradigm; they are well-documented and resulted in assets worth vast sums of money being compromised. To address this issue, the Ethereum community proposed (i) tools and processes to audit/analyse smart contracts, and (ii) design patterns implementing a mechanism to make contract code mutable. Individually, (i) and (ii) only partially address the challenges raised by the ”code is law” paradigm. In this work, we combine elements from (i) and (ii) to create a systematic framework that moves away from ”code is law” and gives rise to a new ”specifica- tion is law” paradigm. It allows contracts to be created and upgraded but only if they meet a corresponding formal specification. We explain how formal verification techniques can be used to ensure safety properties of smart contracts during their evolution. Although formal verification methods have the potential of being used in several application fields, we focus on ensuring compliance with its specifications. The process consists of three phases: Formal requirements specification, verification, and deployment. All steps are planned and executed in an integrated way and together they form a framework capable of fostering safe evolution and make it more reliable and secure. The framework is centered around a trusted deployer: an off-chain service that formally verifies and enforces specification conformance. We have proto- typed this framework, and investigated its applicability to contracts implementing three widely used Ethereum standards: the ERC20 Token Standard, ERC3156 Flash Loans and ERC1155 Multi Token Standard, with promising results.
id UFPE_00768795a111513d67f8af5a76f84965
oai_identifier_str oai:repositorio.ufpe.br:123456789/47799
network_acronym_str UFPE
network_name_str Repositório Institucional da UFPE
repository_id_str 2221
spelling FERREIRA, Juliandson Estanislauhttp://lattes.cnpq.br/3810290537638702http://lattes.cnpq.br/3977760354511853http://lattes.cnpq.br/2585745313503366SAMPAIO, Augusto Cezar AlvesANTONINO, Pedro Ribeiro Gonçalves2022-11-22T12:00:46Z2022-11-22T12:00:46Z2022-09-12FERREIRA, Juliandson Estanislau. Specification is law: safe creation and upgrade of ethereum smart contracts. 2022. Dissertação (Mestrado em Ciência da Computação) - Universidade Federal de Pernambuco, Recife, 2022.https://repositorio.ufpe.br/handle/123456789/47799ark:/64986/001300000dhc4Smart contract evolution is crucial for the success of decentralized applications, and current methods and processes are not well suited to handle these drivers of change, as the knowledge about the software is predominantly stored in informal documents. In addition, they are the building blocks of the ”code is law” paradigm: the smart contract’s code indisputably describes how its assets are to be managed - once it is created, its code is typically immutable. Faulty smart contracts present the most significant evidence against the practicality of this paradigm; they are well-documented and resulted in assets worth vast sums of money being compromised. To address this issue, the Ethereum community proposed (i) tools and processes to audit/analyse smart contracts, and (ii) design patterns implementing a mechanism to make contract code mutable. Individually, (i) and (ii) only partially address the challenges raised by the ”code is law” paradigm. In this work, we combine elements from (i) and (ii) to create a systematic framework that moves away from ”code is law” and gives rise to a new ”specifica- tion is law” paradigm. It allows contracts to be created and upgraded but only if they meet a corresponding formal specification. We explain how formal verification techniques can be used to ensure safety properties of smart contracts during their evolution. Although formal verification methods have the potential of being used in several application fields, we focus on ensuring compliance with its specifications. The process consists of three phases: Formal requirements specification, verification, and deployment. All steps are planned and executed in an integrated way and together they form a framework capable of fostering safe evolution and make it more reliable and secure. The framework is centered around a trusted deployer: an off-chain service that formally verifies and enforces specification conformance. We have proto- typed this framework, and investigated its applicability to contracts implementing three widely used Ethereum standards: the ERC20 Token Standard, ERC3156 Flash Loans and ERC1155 Multi Token Standard, with promising results.FACEPEA evolução de contratos inteligentes é crucial para o sucesso de aplicações descentral- izadas, os métodos e processos atuais não são adequados para lidar com esses drivers de mudança, pois o conhecimento sobre o software está predominantemente armazenado em documentos informais. Além disso, eles são os blocos de construção do paradigma "code is law": o código do contrato inteligente descreve indiscutivelmente como seus ativos devem ser gerenciados - uma vez criado, seu código é imutável. Contratos inteligentes com bugs apresentam a evidência mais significativa contra a praticidade desse paradigma; normalmente eles estão bem documentados e mesmo assim grandes somas de ativos foram comprometidas. Para resolver esse problema, a comunidade Ethereum propôs (i) ferramentas e processos para auditar/analisar contratos inteligentes e (ii) padrões de design que implementam um mecan- ismo para tornar o código do contrato mutável. Individualmente, (i) e (ii) abordam apenas parcialmente os desafios levantados pelo paradigma “code is law”. Neste trabalho, combinamos elementos de (i) e (ii) para criar uma estrutura sistemática que se afasta do “code is law” e dá origem a um novo paradigma “specification is law”. Ele permite que contratos sejam criados e atualizados, mas somente se eles atenderem a uma determinada especificação formal. Expli- camos como as técnicas formais de verificação podem ser usadas para garantir as propriedades de segurança dos contratos inteligentes durante sua evolução. Embora os métodos formais de verificação tenham potencial para serem utilizados em diversos campos de aplicação, focamos em garantir a conformidade com suas especificações. O processo consiste em três fases: es- pecificação de requisitos formais, verificação e implantação. Todas as etapas são planejadas e executadas de forma integrada e juntas formam uma estrutura capaz de promover uma evolução segura e torná-la mais confiável. O framework está centrado em trusted deployer: um serviço off-chain que verifica e reforça formalmente conformidade de especificação. Pro- totipamos essa estrutura e investigamos sua aplicabilidade a contratos que implementam três padrões Ethereum amplamente utilizados: o ERC20 Token Standard, ERC3156 Flash Loans e ERC1155 Multi Token Standard, com resultados promissores.engUniversidade Federal de PernambucoPrograma de Pos Graduacao em Ciencia da ComputacaoUFPEBrasilhttp://creativecommons.org/licenses/by-nc-nd/3.0/br/info:eu-repo/semantics/openAccessVerificação formalContratos inteligentesEthereumSolidityCriação seguraAtualização seguraSpecification is law : safe creation and upgrade of ethereum smart contractsinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesismestradoreponame:Repositório Institucional da UFPEinstname:Universidade Federal de Pernambuco (UFPE)instacron:UFPEORIGINALDISSERTAÇÃO Juliandson Estanislau Ferreira.pdfDISSERTAÇÃO Juliandson Estanislau Ferreira.pdfapplication/pdf1030682https://repositorio.ufpe.br/bitstream/123456789/47799/1/DISSERTA%c3%87%c3%83O%20Juliandson%20Estanislau%20Ferreira.pdf3335c777f6bdc6177a698475631f9e5eMD51CC-LICENSElicense_rdflicense_rdfapplication/rdf+xml; charset=utf-8811https://repositorio.ufpe.br/bitstream/123456789/47799/2/license_rdfe39d27027a6cc9cb039ad269a5db8e34MD52LICENSElicense.txtlicense.txttext/plain; charset=utf-82362https://repositorio.ufpe.br/bitstream/123456789/47799/3/license.txt5e89a1613ddc8510c6576f4b23a78973MD53TEXTDISSERTAÇÃO Juliandson Estanislau Ferreira.pdf.txtDISSERTAÇÃO Juliandson Estanislau Ferreira.pdf.txtExtracted texttext/plain182272https://repositorio.ufpe.br/bitstream/123456789/47799/4/DISSERTA%c3%87%c3%83O%20Juliandson%20Estanislau%20Ferreira.pdf.txt276bb4ecfdbc4a8625848ff0086f54b4MD54THUMBNAILDISSERTAÇÃO Juliandson Estanislau Ferreira.pdf.jpgDISSERTAÇÃO Juliandson Estanislau Ferreira.pdf.jpgGenerated Thumbnailimage/jpeg1181https://repositorio.ufpe.br/bitstream/123456789/47799/5/DISSERTA%c3%87%c3%83O%20Juliandson%20Estanislau%20Ferreira.pdf.jpgce1b28f61fc6cbc230067c0fad566fd8MD55123456789/477992022-11-23 02:24:54.954oai:repositorio.ufpe.br:123456789/47799VGVybW8gZGUgRGVww7NzaXRvIExlZ2FsIGUgQXV0b3JpemHDp8OjbyBwYXJhIFB1YmxpY2l6YcOnw6NvIGRlIERvY3VtZW50b3Mgbm8gUmVwb3NpdMOzcmlvIERpZ2l0YWwgZGEgVUZQRQoKCkRlY2xhcm8gZXN0YXIgY2llbnRlIGRlIHF1ZSBlc3RlIFRlcm1vIGRlIERlcMOzc2l0byBMZWdhbCBlIEF1dG9yaXphw6fDo28gdGVtIG8gb2JqZXRpdm8gZGUgZGl2dWxnYcOnw6NvIGRvcyBkb2N1bWVudG9zIGRlcG9zaXRhZG9zIG5vIFJlcG9zaXTDs3JpbyBEaWdpdGFsIGRhIFVGUEUgZSBkZWNsYXJvIHF1ZToKCkkgLSBvcyBkYWRvcyBwcmVlbmNoaWRvcyBubyBmb3JtdWzDoXJpbyBkZSBkZXDDs3NpdG8gc8OjbyB2ZXJkYWRlaXJvcyBlIGF1dMOqbnRpY29zOwoKSUkgLSAgbyBjb250ZcO6ZG8gZGlzcG9uaWJpbGl6YWRvIMOpIGRlIHJlc3BvbnNhYmlsaWRhZGUgZGUgc3VhIGF1dG9yaWE7CgpJSUkgLSBvIGNvbnRlw7pkbyDDqSBvcmlnaW5hbCwgZSBzZSBvIHRyYWJhbGhvIGUvb3UgcGFsYXZyYXMgZGUgb3V0cmFzIHBlc3NvYXMgZm9yYW0gdXRpbGl6YWRvcywgZXN0YXMgZm9yYW0gZGV2aWRhbWVudGUgcmVjb25oZWNpZGFzOwoKSVYgLSBxdWFuZG8gdHJhdGFyLXNlIGRlIG9icmEgY29sZXRpdmEgKG1haXMgZGUgdW0gYXV0b3IpOiB0b2RvcyBvcyBhdXRvcmVzIGVzdMOjbyBjaWVudGVzIGRvIGRlcMOzc2l0byBlIGRlIGFjb3JkbyBjb20gZXN0ZSB0ZXJtbzsKClYgLSBxdWFuZG8gdHJhdGFyLXNlIGRlIFRyYWJhbGhvIGRlIENvbmNsdXPDo28gZGUgQ3Vyc28sIERpc3NlcnRhw6fDo28gb3UgVGVzZTogbyBhcnF1aXZvIGRlcG9zaXRhZG8gY29ycmVzcG9uZGUgw6AgdmVyc8OjbyBmaW5hbCBkbyB0cmFiYWxobzsKClZJIC0gcXVhbmRvIHRyYXRhci1zZSBkZSBUcmFiYWxobyBkZSBDb25jbHVzw6NvIGRlIEN1cnNvLCBEaXNzZXJ0YcOnw6NvIG91IFRlc2U6IGVzdG91IGNpZW50ZSBkZSBxdWUgYSBhbHRlcmHDp8OjbyBkYSBtb2RhbGlkYWRlIGRlIGFjZXNzbyBhbyBkb2N1bWVudG8gYXDDs3MgbyBkZXDDs3NpdG8gZSBhbnRlcyBkZSBmaW5kYXIgbyBwZXLDrW9kbyBkZSBlbWJhcmdvLCBxdWFuZG8gZm9yIGVzY29saGlkbyBhY2Vzc28gcmVzdHJpdG8sIHNlcsOhIHBlcm1pdGlkYSBtZWRpYW50ZSBzb2xpY2l0YcOnw6NvIGRvIChhKSBhdXRvciAoYSkgYW8gU2lzdGVtYSBJbnRlZ3JhZG8gZGUgQmlibGlvdGVjYXMgZGEgVUZQRSAoU0lCL1VGUEUpLgoKIApQYXJhIHRyYWJhbGhvcyBlbSBBY2Vzc28gQWJlcnRvOgoKTmEgcXVhbGlkYWRlIGRlIHRpdHVsYXIgZG9zIGRpcmVpdG9zIGF1dG9yYWlzIGRlIGF1dG9yIHF1ZSByZWNhZW0gc29icmUgZXN0ZSBkb2N1bWVudG8sIGZ1bmRhbWVudGFkbyBuYSBMZWkgZGUgRGlyZWl0byBBdXRvcmFsIG5vIDkuNjEwLCBkZSAxOSBkZSBmZXZlcmVpcm8gZGUgMTk5OCwgYXJ0LiAyOSwgaW5jaXNvIElJSSwgYXV0b3Jpem8gYSBVbml2ZXJzaWRhZGUgRmVkZXJhbCBkZSBQZXJuYW1idWNvIGEgZGlzcG9uaWJpbGl6YXIgZ3JhdHVpdGFtZW50ZSwgc2VtIHJlc3NhcmNpbWVudG8gZG9zIGRpcmVpdG9zIGF1dG9yYWlzLCBwYXJhIGZpbnMgZGUgbGVpdHVyYSwgaW1wcmVzc8OjbyBlL291IGRvd25sb2FkIChhcXVpc2nDp8OjbykgYXRyYXbDqXMgZG8gc2l0ZSBkbyBSZXBvc2l0w7NyaW8gRGlnaXRhbCBkYSBVRlBFIG5vIGVuZGVyZcOnbyBodHRwOi8vd3d3LnJlcG9zaXRvcmlvLnVmcGUuYnIsIGEgcGFydGlyIGRhIGRhdGEgZGUgZGVww7NzaXRvLgoKIApQYXJhIHRyYWJhbGhvcyBlbSBBY2Vzc28gUmVzdHJpdG86CgpOYSBxdWFsaWRhZGUgZGUgdGl0dWxhciBkb3MgZGlyZWl0b3MgYXV0b3JhaXMgZGUgYXV0b3IgcXVlIHJlY2FlbSBzb2JyZSBlc3RlIGRvY3VtZW50bywgZnVuZGFtZW50YWRvIG5hIExlaSBkZSBEaXJlaXRvIEF1dG9yYWwgbm8gOS42MTAgZGUgMTkgZGUgZmV2ZXJlaXJvIGRlIDE5OTgsIGFydC4gMjksIGluY2lzbyBJSUksIGF1dG9yaXpvIGEgVW5pdmVyc2lkYWRlIEZlZGVyYWwgZGUgUGVybmFtYnVjbyBhIGRpc3BvbmliaWxpemFyIGdyYXR1aXRhbWVudGUsIHNlbSByZXNzYXJjaW1lbnRvIGRvcyBkaXJlaXRvcyBhdXRvcmFpcywgcGFyYSBmaW5zIGRlIGxlaXR1cmEsIGltcHJlc3PDo28gZS9vdSBkb3dubG9hZCAoYXF1aXNpw6fDo28pIGF0cmF2w6lzIGRvIHNpdGUgZG8gUmVwb3NpdMOzcmlvIERpZ2l0YWwgZGEgVUZQRSBubyBlbmRlcmXDp28gaHR0cDovL3d3dy5yZXBvc2l0b3Jpby51ZnBlLmJyLCBxdWFuZG8gZmluZGFyIG8gcGVyw61vZG8gZGUgZW1iYXJnbyBjb25kaXplbnRlIGFvIHRpcG8gZGUgZG9jdW1lbnRvLCBjb25mb3JtZSBpbmRpY2FkbyBubyBjYW1wbyBEYXRhIGRlIEVtYmFyZ28uCg==Repositório InstitucionalPUBhttps://repositorio.ufpe.br/oai/requestattena@ufpe.bropendoar:22212022-11-23T05:24:54Repositório Institucional da UFPE - Universidade Federal de Pernambuco (UFPE)false
dc.title.pt_BR.fl_str_mv Specification is law : safe creation and upgrade of ethereum smart contracts
title Specification is law : safe creation and upgrade of ethereum smart contracts
spellingShingle Specification is law : safe creation and upgrade of ethereum smart contracts
FERREIRA, Juliandson Estanislau
Verificação formal
Contratos inteligentes
Ethereum
Solidity
Criação segura
Atualização segura
title_short Specification is law : safe creation and upgrade of ethereum smart contracts
title_full Specification is law : safe creation and upgrade of ethereum smart contracts
title_fullStr Specification is law : safe creation and upgrade of ethereum smart contracts
title_full_unstemmed Specification is law : safe creation and upgrade of ethereum smart contracts
title_sort Specification is law : safe creation and upgrade of ethereum smart contracts
author FERREIRA, Juliandson Estanislau
author_facet FERREIRA, Juliandson Estanislau
author_role author
dc.contributor.authorLattes.pt_BR.fl_str_mv http://lattes.cnpq.br/3810290537638702
dc.contributor.advisorLattes.pt_BR.fl_str_mv http://lattes.cnpq.br/3977760354511853
dc.contributor.advisor-coLattes.pt_BR.fl_str_mv http://lattes.cnpq.br/2585745313503366
dc.contributor.author.fl_str_mv FERREIRA, Juliandson Estanislau
dc.contributor.advisor1.fl_str_mv SAMPAIO, Augusto Cezar Alves
dc.contributor.advisor-co1.fl_str_mv ANTONINO, Pedro Ribeiro Gonçalves
contributor_str_mv SAMPAIO, Augusto Cezar Alves
ANTONINO, Pedro Ribeiro Gonçalves
dc.subject.por.fl_str_mv Verificação formal
Contratos inteligentes
Ethereum
Solidity
Criação segura
Atualização segura
topic Verificação formal
Contratos inteligentes
Ethereum
Solidity
Criação segura
Atualização segura
description Smart contract evolution is crucial for the success of decentralized applications, and current methods and processes are not well suited to handle these drivers of change, as the knowledge about the software is predominantly stored in informal documents. In addition, they are the building blocks of the ”code is law” paradigm: the smart contract’s code indisputably describes how its assets are to be managed - once it is created, its code is typically immutable. Faulty smart contracts present the most significant evidence against the practicality of this paradigm; they are well-documented and resulted in assets worth vast sums of money being compromised. To address this issue, the Ethereum community proposed (i) tools and processes to audit/analyse smart contracts, and (ii) design patterns implementing a mechanism to make contract code mutable. Individually, (i) and (ii) only partially address the challenges raised by the ”code is law” paradigm. In this work, we combine elements from (i) and (ii) to create a systematic framework that moves away from ”code is law” and gives rise to a new ”specifica- tion is law” paradigm. It allows contracts to be created and upgraded but only if they meet a corresponding formal specification. We explain how formal verification techniques can be used to ensure safety properties of smart contracts during their evolution. Although formal verification methods have the potential of being used in several application fields, we focus on ensuring compliance with its specifications. The process consists of three phases: Formal requirements specification, verification, and deployment. All steps are planned and executed in an integrated way and together they form a framework capable of fostering safe evolution and make it more reliable and secure. The framework is centered around a trusted deployer: an off-chain service that formally verifies and enforces specification conformance. We have proto- typed this framework, and investigated its applicability to contracts implementing three widely used Ethereum standards: the ERC20 Token Standard, ERC3156 Flash Loans and ERC1155 Multi Token Standard, with promising results.
publishDate 2022
dc.date.accessioned.fl_str_mv 2022-11-22T12:00:46Z
dc.date.available.fl_str_mv 2022-11-22T12:00:46Z
dc.date.issued.fl_str_mv 2022-09-12
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.citation.fl_str_mv FERREIRA, Juliandson Estanislau. Specification is law: safe creation and upgrade of ethereum smart contracts. 2022. Dissertação (Mestrado em Ciência da Computação) - Universidade Federal de Pernambuco, Recife, 2022.
dc.identifier.uri.fl_str_mv https://repositorio.ufpe.br/handle/123456789/47799
dc.identifier.dark.fl_str_mv ark:/64986/001300000dhc4
identifier_str_mv FERREIRA, Juliandson Estanislau. Specification is law: safe creation and upgrade of ethereum smart contracts. 2022. Dissertação (Mestrado em Ciência da Computação) - Universidade Federal de Pernambuco, Recife, 2022.
ark:/64986/001300000dhc4
url https://repositorio.ufpe.br/handle/123456789/47799
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv http://creativecommons.org/licenses/by-nc-nd/3.0/br/
info:eu-repo/semantics/openAccess
rights_invalid_str_mv http://creativecommons.org/licenses/by-nc-nd/3.0/br/
eu_rights_str_mv openAccess
dc.publisher.none.fl_str_mv Universidade Federal de Pernambuco
dc.publisher.program.fl_str_mv Programa de Pos Graduacao em Ciencia da Computacao
dc.publisher.initials.fl_str_mv UFPE
dc.publisher.country.fl_str_mv Brasil
publisher.none.fl_str_mv Universidade Federal de Pernambuco
dc.source.none.fl_str_mv reponame:Repositório Institucional da UFPE
instname:Universidade Federal de Pernambuco (UFPE)
instacron:UFPE
instname_str Universidade Federal de Pernambuco (UFPE)
instacron_str UFPE
institution UFPE
reponame_str Repositório Institucional da UFPE
collection Repositório Institucional da UFPE
bitstream.url.fl_str_mv https://repositorio.ufpe.br/bitstream/123456789/47799/1/DISSERTA%c3%87%c3%83O%20Juliandson%20Estanislau%20Ferreira.pdf
https://repositorio.ufpe.br/bitstream/123456789/47799/2/license_rdf
https://repositorio.ufpe.br/bitstream/123456789/47799/3/license.txt
https://repositorio.ufpe.br/bitstream/123456789/47799/4/DISSERTA%c3%87%c3%83O%20Juliandson%20Estanislau%20Ferreira.pdf.txt
https://repositorio.ufpe.br/bitstream/123456789/47799/5/DISSERTA%c3%87%c3%83O%20Juliandson%20Estanislau%20Ferreira.pdf.jpg
bitstream.checksum.fl_str_mv 3335c777f6bdc6177a698475631f9e5e
e39d27027a6cc9cb039ad269a5db8e34
5e89a1613ddc8510c6576f4b23a78973
276bb4ecfdbc4a8625848ff0086f54b4
ce1b28f61fc6cbc230067c0fad566fd8
bitstream.checksumAlgorithm.fl_str_mv MD5
MD5
MD5
MD5
MD5
repository.name.fl_str_mv Repositório Institucional da UFPE - Universidade Federal de Pernambuco (UFPE)
repository.mail.fl_str_mv attena@ufpe.br
_version_ 1815172799093800960

Registros relacionados