Finding Smart Contract Vulnerabilities with ConCert's Property-Based Testing Framework

Mikkel Milo*, Eske Hoy Nielsen, Danil Annenkov, Bas Spitters

*Corresponding author for this work

Research output: Contribution to book/anthology/report/proceedingArticle in proceedingsResearchpeer-review

Abstract

We provide three detailed case studies of vulnerabilities in smart contracts, and show how property based testing would have found them: 1. the Dexter1 token exchange; 2. the iToken; 3. the ICO of Brave's BAT token. The last example is, in fact, new, and was missed in the auditing process. We have implemented this testing in ConCert, a general executable model/specification of smart contract execution in the Coq proof assistant. ConCert contracts can be used to generate verified smart contracts in Tezos' LIGO and Concordium's rust language. We thus show the effectiveness of combining formal verification and property-based testing of smart contracts.

Original languageEnglish
Title of host publication4th International Workshop on Formal Methods for Blockchains (FMBC 2022)
EditorsZaynah Dargaye, Clara Schneidewind
Number of pages13
PublisherDagstuhl Publishing
Publication dateOct 2022
ISBN (Print)978-3-95977-250-1
DOIs
Publication statusPublished - Oct 2022
Event4th International Workshop on Formal Methods for Blockchains, FMBC 2022 - Haifa, Israel
Duration: 11 Aug 2022 → …

Conference

Conference4th International Workshop on Formal Methods for Blockchains, FMBC 2022
Country/TerritoryIsrael
CityHaifa
Period11/08/2022 → …
SponsorExcellence Cluster ORIGINS
SeriesOpenAccess Series in Informatics
Volume105
ISSN2190-6807

Keywords

  • Coq
  • Formal Verification
  • Property-Based Testing
  • Smart Contracts

Fingerprint

Dive into the research topics of 'Finding Smart Contract Vulnerabilities with ConCert's Property-Based Testing Framework'. Together they form a unique fingerprint.

Cite this