Aarhus University Seal

Finding smart contract vulnerabilities with ConCert's property-based testing framework

Research output: Working paper/Preprint Working paperResearch



We provide three detailed case studies of vulnerabilities in smart contracts, and show how property-based testing would have found them: 1. the Dexter1 token exchange; 2. the iToken; 3. the ICO of Brave's BAT token. The last example is, in fact, new, and was missed in the auditing process. We have implemented this testing in ConCert, a general executable model/specification of smart contract execution in the Coq proof assistant. ConCert contracts can be used to generate verified smart contracts in Tezos' LIGO and Concordium's rust language. We thus show the effectiveness of combining formal verification and property-based testing of smart contracts.
Original languageEnglish
Number of pages13
Publication statusPublished - Aug 2022
SeriesFMBC: Formal Methods for Blockchains

    Research areas

  • cs.LO, cs.PL

See relations at Aarhus University Citationformats

Download statistics

No data available

ID: 278916830