Finding smart contract vulnerabilities with ConCert's property-based testing framework

For students
For PhDs
For employees
Departments and faculties
AU Library

Research output: Working paper/Preprint › Working paper › Research

Documents

2208.00758v1
776 KB, PDF document

DOI

https://doi.org/10.48550/arXiv.2208.00758
Final published version

Mikkel Milo
Eske Hoy Nielsen
Danil Annenkov
Bas Spitters

Department of Computer Science

We provide three detailed case studies of vulnerabilities in smart contracts, and show how property-based testing would have found them: 1. the Dexter1 token exchange; 2. the iToken; 3. the ICO of Brave's BAT token. The last example is, in fact, new, and was missed in the auditing process. We have implemented this testing in ConCert, a general executable model/specification of smart contract execution in the Coq proof assistant. ConCert contracts can be used to generate verified smart contracts in Tezos' LIGO and Concordium's rust language. We thus show the effectiveness of combining formal verification and property-based testing of smart contracts.

Original language	English
Number of pages	13
DOIs	https://doi.org/10.48550/arXiv.2208.00758
Publication status	Published - Aug 2022

Series	FMBC: Formal Methods for Blockchains

Research areas

cs.LO, cs.PL

See relations at Aarhus University Citationformats

Download statistics

No data available

ID: 278916830

International admissions at AU

Meet AU

How to apply

Research units and facilities

PhD studies

Researcher positions

Junior Researcher services

Danish way of living

Your new city

For students

For PhDs and researchers

How to collaborate with AU

Technology Transfer at AU

Profile

Organisation

Contact

AU for visitors

About Aarhus University