Specification is law : safe creation and upgrade of ethereum smart contracts

FERREIRA, Juliandson Estanislau

Specification is law : safe creation and upgrade of ethereum smart contracts

Detalhes bibliográficos
Ano de defesa:	2022
Autor(a) principal:	FERREIRA, Juliandson Estanislau
Orientador(a):	SAMPAIO, Augusto Cezar Alves
Banca de defesa:	Não Informado pela instituição
Tipo de documento:	Dissertação
Tipo de acesso:	Acesso aberto
Idioma:	eng
Instituição de defesa:	Universidade Federal de Pernambuco
Programa de Pós-Graduação:	Programa de Pos Graduacao em Ciencia da Computacao
Departamento:	Não Informado pela instituição
País:	Brasil
Palavras-chave em Português:	Verificação formal Contratos inteligentes Ethereum Solidity Criação segura Atualização segura
Link de acesso:	https://repositorio.ufpe.br/handle/123456789/47799
Resumo:	Smart contract evolution is crucial for the success of decentralized applications, and current methods and processes are not well suited to handle these drivers of change, as the knowledge about the software is predominantly stored in informal documents. In addition, they are the building blocks of the ”code is law” paradigm: the smart contract’s code indisputably describes how its assets are to be managed - once it is created, its code is typically immutable. Faulty smart contracts present the most significant evidence against the practicality of this paradigm; they are well-documented and resulted in assets worth vast sums of money being compromised. To address this issue, the Ethereum community proposed (i) tools and processes to audit/analyse smart contracts, and (ii) design patterns implementing a mechanism to make contract code mutable. Individually, (i) and (ii) only partially address the challenges raised by the ”code is law” paradigm. In this work, we combine elements from (i) and (ii) to create a systematic framework that moves away from ”code is law” and gives rise to a new ”specifica- tion is law” paradigm. It allows contracts to be created and upgraded but only if they meet a corresponding formal specification. We explain how formal verification techniques can be used to ensure safety properties of smart contracts during their evolution. Although formal verification methods have the potential of being used in several application fields, we focus on ensuring compliance with its specifications. The process consists of three phases: Formal requirements specification, verification, and deployment. All steps are planned and executed in an integrated way and together they form a framework capable of fostering safe evolution and make it more reliable and secure. The framework is centered around a trusted deployer: an off-chain service that formally verifies and enforces specification conformance. We have proto- typed this framework, and investigated its applicability to contracts implementing three widely used Ethereum standards: the ERC20 Token Standard, ERC3156 Flash Loans and ERC1155 Multi Token Standard, with promising results.

Metadados do item

id	UFPE_00768795a111513d67f8af5a76f84965
oai_identifier_str	oai:repositorio.ufpe.br:123456789/47799
network_acronym_str	UFPE
network_name_str	Repositório Institucional da UFPE
repository_id_str
spelling	FERREIRA, Juliandson Estanislauhttp://lattes.cnpq.br/3810290537638702http://lattes.cnpq.br/3977760354511853http://lattes.cnpq.br/2585745313503366SAMPAIO, Augusto Cezar AlvesANTONINO, Pedro Ribeiro Gonçalves2022-11-22T12:00:46Z2022-11-22T12:00:46Z2022-09-12FERREIRA, Juliandson Estanislau. Specification is law: safe creation and upgrade of ethereum smart contracts. 2022. Dissertação (Mestrado em Ciência da Computação) - Universidade Federal de Pernambuco, Recife, 2022.https://repositorio.ufpe.br/handle/123456789/47799Smart contract evolution is crucial for the success of decentralized applications, and current methods and processes are not well suited to handle these drivers of change, as the knowledge about the software is predominantly stored in informal documents. In addition, they are the building blocks of the ”code is law” paradigm: the smart contract’s code indisputably describes how its assets are to be managed - once it is created, its code is typically immutable. Faulty smart contracts present the most significant evidence against the practicality of this paradigm; they are well-documented and resulted in assets worth vast sums of money being compromised. To address this issue, the Ethereum community proposed (i) tools and processes to audit/analyse smart contracts, and (ii) design patterns implementing a mechanism to make contract code mutable. Individually, (i) and (ii) only partially address the challenges raised by the ”code is law” paradigm. In this work, we combine elements from (i) and (ii) to create a systematic framework that moves away from ”code is law” and gives rise to a new ”specifica- tion is law” paradigm. It allows contracts to be created and upgraded but only if they meet a corresponding formal specification. We explain how formal verification techniques can be used to ensure safety properties of smart contracts during their evolution. Although formal verification methods have the potential of being used in several application fields, we focus on ensuring compliance with its specifications. The process consists of three phases: Formal requirements specification, verification, and deployment. All steps are planned and executed in an integrated way and together they form a framework capable of fostering safe evolution and make it more reliable and secure. The framework is centered around a trusted deployer: an off-chain service that formally verifies and enforces specification conformance. We have proto- typed this framework, and investigated its applicability to contracts implementing three widely used Ethereum standards: the ERC20 Token Standard, ERC3156 Flash Loans and ERC1155 Multi Token Standard, with promising results.FACEPEA evolução de contratos inteligentes é crucial para o sucesso de aplicações descentral- izadas, os métodos e processos atuais não são adequados para lidar com esses drivers de mudança, pois o conhecimento sobre o software está predominantemente armazenado em documentos informais. Além disso, eles são os blocos de construção do paradigma "code is law": o código do contrato inteligente descreve indiscutivelmente como seus ativos devem ser gerenciados - uma vez criado, seu código é imutável. Contratos inteligentes com bugs apresentam a evidência mais significativa contra a praticidade desse paradigma; normalmente eles estão bem documentados e mesmo assim grandes somas de ativos foram comprometidas. Para resolver esse problema, a comunidade Ethereum propôs (i) ferramentas e processos para auditar/analisar contratos inteligentes e (ii) padrões de design que implementam um mecan- ismo para tornar o código do contrato mutável. Individualmente, (i) e (ii) abordam apenas parcialmente os desafios levantados pelo paradigma “code is law”. Neste trabalho, combinamos elementos de (i) e (ii) para criar uma estrutura sistemática que se afasta do “code is law” e dá origem a um novo paradigma “specification is law”. Ele permite que contratos sejam criados e atualizados, mas somente se eles atenderem a uma determinada especificação formal. Expli- camos como as técnicas formais de verificação podem ser usadas para garantir as propriedades de segurança dos contratos inteligentes durante sua evolução. Embora os métodos formais de verificação tenham potencial para serem utilizados em diversos campos de aplicação, focamos em garantir a conformidade com suas especificações. O processo consiste em três fases: es- pecificação de requisitos formais, verificação e implantação. Todas as etapas são planejadas e executadas de forma integrada e juntas formam uma estrutura capaz de promover uma evolução segura e torná-la mais confiável. O framework está centrado em trusted deployer: um serviço off-chain que verifica e reforça formalmente conformidade de especificação. Pro- totipamos essa estrutura e investigamos sua aplicabilidade a contratos que implementam três padrões Ethereum amplamente utilizados: o ERC20 Token Standard, ERC3156 Flash Loans e ERC1155 Multi Token Standard, com resultados promissores.engUniversidade Federal de PernambucoPrograma de Pos Graduacao em Ciencia da ComputacaoUFPEBrasilhttp://creativecommons.org/licenses/by-nc-nd/3.0/br/info:eu-repo/semantics/openAccessVerificação formalContratos inteligentesEthereumSolidityCriação seguraAtualização seguraSpecification is law : safe creation and upgrade of ethereum smart contractsinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesismestradoreponame:Repositório Institucional da UFPEinstname:Universidade Federal de Pernambuco (UFPE)instacron:UFPEORIGINALDISSERTAÇÃO Juliandson Estanislau Ferreira.pdfDISSERTAÇÃO Juliandson Estanislau Ferreira.pdfapplication/pdf1030682https://repositorio.ufpe.br/bitstream/123456789/47799/1/DISSERTA%c3%87%c3%83O%20Juliandson%20Estanislau%20Ferreira.pdf3335c777f6bdc6177a698475631f9e5eMD51CC-LICENSElicense_rdflicense_rdfapplication/rdf+xml; charset=utf-8811https://repositorio.ufpe.br/bitstream/123456789/47799/2/license_rdfe39d27027a6cc9cb039ad269a5db8e34MD52LICENSElicense.txtlicense.txttext/plain; charset=utf-82362https://repositorio.ufpe.br/bitstream/123456789/47799/3/license.txt5e89a1613ddc8510c6576f4b23a78973MD53TEXTDISSERTAÇÃO Juliandson Estanislau Ferreira.pdf.txtDISSERTAÇÃO Juliandson Estanislau Ferreira.pdf.txtExtracted texttext/plain182272https://repositorio.ufpe.br/bitstream/123456789/47799/4/DISSERTA%c3%87%c3%83O%20Juliandson%20Estanislau%20Ferreira.pdf.txt276bb4ecfdbc4a8625848ff0086f54b4MD54THUMBNAILDISSERTAÇÃO Juliandson Estanislau Ferreira.pdf.jpgDISSERTAÇÃO Juliandson Estanislau Ferreira.pdf.jpgGenerated Thumbnailimage/jpeg1181https://repositorio.ufpe.br/bitstream/123456789/47799/5/DISSERTA%c3%87%c3%83O%20Juliandson%20Estanislau%20Ferreira.pdf.jpgce1b28f61fc6cbc230067c0fad566fd8MD55123456789/477992022-11-23 02:24:54.954oai:repositorio.ufpe.br:123456789/47799VGVybW8gZGUgRGVww7NzaXRvIExlZ2FsIGUgQXV0b3JpemHDp8OjbyBwYXJhIFB1YmxpY2l6YcOnw6NvIGRlIERvY3VtZW50b3Mgbm8gUmVwb3NpdMOzcmlvIERpZ2l0YWwgZGEgVUZQRQoKCkRlY2xhcm8gZXN0YXIgY2llbnRlIGRlIHF1ZSBlc3RlIFRlcm1vIGRlIERlcMOzc2l0byBMZWdhbCBlIEF1dG9yaXphw6fDo28gdGVtIG8gb2JqZXRpdm8gZGUgZGl2dWxnYcOnw6NvIGRvcyBkb2N1bWVudG9zIGRlcG9zaXRhZG9zIG5vIFJlcG9zaXTDs3JpbyBEaWdpdGFsIGRhIFVGUEUgZSBkZWNsYXJvIHF1ZToKCkkgLSBvcyBkYWRvcyBwcmVlbmNoaWRvcyBubyBmb3JtdWzDoXJpbyBkZSBkZXDDs3NpdG8gc8OjbyB2ZXJkYWRlaXJvcyBlIGF1dMOqbnRpY29zOwoKSUkgLSAgbyBjb250ZcO6ZG8gZGlzcG9uaWJpbGl6YWRvIMOpIGRlIHJlc3BvbnNhYmlsaWRhZGUgZGUgc3VhIGF1dG9yaWE7CgpJSUkgLSBvIGNvbnRlw7pkbyDDqSBvcmlnaW5hbCwgZSBzZSBvIHRyYWJhbGhvIGUvb3UgcGFsYXZyYXMgZGUgb3V0cmFzIHBlc3NvYXMgZm9yYW0gdXRpbGl6YWRvcywgZXN0YXMgZm9yYW0gZGV2aWRhbWVudGUgcmVjb25oZWNpZGFzOwoKSVYgLSBxdWFuZG8gdHJhdGFyLXNlIGRlIG9icmEgY29sZXRpdmEgKG1haXMgZGUgdW0gYXV0b3IpOiB0b2RvcyBvcyBhdXRvcmVzIGVzdMOjbyBjaWVudGVzIGRvIGRlcMOzc2l0byBlIGRlIGFjb3JkbyBjb20gZXN0ZSB0ZXJtbzsKClYgLSBxdWFuZG8gdHJhdGFyLXNlIGRlIFRyYWJhbGhvIGRlIENvbmNsdXPDo28gZGUgQ3Vyc28sIERpc3NlcnRhw6fDo28gb3UgVGVzZTogbyBhcnF1aXZvIGRlcG9zaXRhZG8gY29ycmVzcG9uZGUgw6AgdmVyc8OjbyBmaW5hbCBkbyB0cmFiYWxobzsKClZJIC0gcXVhbmRvIHRyYXRhci1zZSBkZSBUcmFiYWxobyBkZSBDb25jbHVzw6NvIGRlIEN1cnNvLCBEaXNzZXJ0YcOnw6NvIG91IFRlc2U6IGVzdG91IGNpZW50ZSBkZSBxdWUgYSBhbHRlcmHDp8OjbyBkYSBtb2RhbGlkYWRlIGRlIGFjZXNzbyBhbyBkb2N1bWVudG8gYXDDs3MgbyBkZXDDs3NpdG8gZSBhbnRlcyBkZSBmaW5kYXIgbyBwZXLDrW9kbyBkZSBlbWJhcmdvLCBxdWFuZG8gZm9yIGVzY29saGlkbyBhY2Vzc28gcmVzdHJpdG8sIHNlcsOhIHBlcm1pdGlkYSBtZWRpYW50ZSBzb2xpY2l0YcOnw6NvIGRvIChhKSBhdXRvciAoYSkgYW8gU2lzdGVtYSBJbnRlZ3JhZG8gZGUgQmlibGlvdGVjYXMgZGEgVUZQRSAoU0lCL1VGUEUpLgoKIApQYXJhIHRyYWJhbGhvcyBlbSBBY2Vzc28gQWJlcnRvOgoKTmEgcXVhbGlkYWRlIGRlIHRpdHVsYXIgZG9zIGRpcmVpdG9zIGF1dG9yYWlzIGRlIGF1dG9yIHF1ZSByZWNhZW0gc29icmUgZXN0ZSBkb2N1bWVudG8sIGZ1bmRhbWVudGFkbyBuYSBMZWkgZGUgRGlyZWl0byBBdXRvcmFsIG5vIDkuNjEwLCBkZSAxOSBkZSBmZXZlcmVpcm8gZGUgMTk5OCwgYXJ0LiAyOSwgaW5jaXNvIElJSSwgYXV0b3Jpem8gYSBVbml2ZXJzaWRhZGUgRmVkZXJhbCBkZSBQZXJuYW1idWNvIGEgZGlzcG9uaWJpbGl6YXIgZ3JhdHVpdGFtZW50ZSwgc2VtIHJlc3NhcmNpbWVudG8gZG9zIGRpcmVpdG9zIGF1dG9yYWlzLCBwYXJhIGZpbnMgZGUgbGVpdHVyYSwgaW1wcmVzc8OjbyBlL291IGRvd25sb2FkIChhcXVpc2nDp8OjbykgYXRyYXbDqXMgZG8gc2l0ZSBkbyBSZXBvc2l0w7NyaW8gRGlnaXRhbCBkYSBVRlBFIG5vIGVuZGVyZcOnbyBodHRwOi8vd3d3LnJlcG9zaXRvcmlvLnVmcGUuYnIsIGEgcGFydGlyIGRhIGRhdGEgZGUgZGVww7NzaXRvLgoKIApQYXJhIHRyYWJhbGhvcyBlbSBBY2Vzc28gUmVzdHJpdG86CgpOYSBxdWFsaWRhZGUgZGUgdGl0dWxhciBkb3MgZGlyZWl0b3MgYXV0b3JhaXMgZGUgYXV0b3IgcXVlIHJlY2FlbSBzb2JyZSBlc3RlIGRvY3VtZW50bywgZnVuZGFtZW50YWRvIG5hIExlaSBkZSBEaXJlaXRvIEF1dG9yYWwgbm8gOS42MTAgZGUgMTkgZGUgZmV2ZXJlaXJvIGRlIDE5OTgsIGFydC4gMjksIGluY2lzbyBJSUksIGF1dG9yaXpvIGEgVW5pdmVyc2lkYWRlIEZlZGVyYWwgZGUgUGVybmFtYnVjbyBhIGRpc3BvbmliaWxpemFyIGdyYXR1aXRhbWVudGUsIHNlbSByZXNzYXJjaW1lbnRvIGRvcyBkaXJlaXRvcyBhdXRvcmFpcywgcGFyYSBmaW5zIGRlIGxlaXR1cmEsIGltcHJlc3PDo28gZS9vdSBkb3dubG9hZCAoYXF1aXNpw6fDo28pIGF0cmF2w6lzIGRvIHNpdGUgZG8gUmVwb3NpdMOzcmlvIERpZ2l0YWwgZGEgVUZQRSBubyBlbmRlcmXDp28gaHR0cDovL3d3dy5yZXBvc2l0b3Jpby51ZnBlLmJyLCBxdWFuZG8gZmluZGFyIG8gcGVyw61vZG8gZGUgZW1iYXJnbyBjb25kaXplbnRlIGFvIHRpcG8gZGUgZG9jdW1lbnRvLCBjb25mb3JtZSBpbmRpY2FkbyBubyBjYW1wbyBEYXRhIGRlIEVtYmFyZ28uCg==Repositório InstitucionalPUBhttps://repositorio.ufpe.br/oai/requestattena@ufpe.bropendoar:22212022-11-23T05:24:54Repositório Institucional da UFPE - Universidade Federal de Pernambuco (UFPE)false
dc.title.pt_BR.fl_str_mv	Specification is law : safe creation and upgrade of ethereum smart contracts
title	Specification is law : safe creation and upgrade of ethereum smart contracts
spellingShingle	Specification is law : safe creation and upgrade of ethereum smart contracts FERREIRA, Juliandson Estanislau Verificação formal Contratos inteligentes Ethereum Solidity Criação segura Atualização segura
title_short	Specification is law : safe creation and upgrade of ethereum smart contracts
title_full	Specification is law : safe creation and upgrade of ethereum smart contracts
title_fullStr	Specification is law : safe creation and upgrade of ethereum smart contracts
title_full_unstemmed	Specification is law : safe creation and upgrade of ethereum smart contracts
title_sort	Specification is law : safe creation and upgrade of ethereum smart contracts
author	FERREIRA, Juliandson Estanislau
author_facet	FERREIRA, Juliandson Estanislau
author_role	author
dc.contributor.authorLattes.pt_BR.fl_str_mv	http://lattes.cnpq.br/3810290537638702
dc.contributor.advisorLattes.pt_BR.fl_str_mv	http://lattes.cnpq.br/3977760354511853
dc.contributor.advisor-coLattes.pt_BR.fl_str_mv	http://lattes.cnpq.br/2585745313503366
dc.contributor.author.fl_str_mv	FERREIRA, Juliandson Estanislau
dc.contributor.advisor1.fl_str_mv	SAMPAIO, Augusto Cezar Alves
dc.contributor.advisor-co1.fl_str_mv	ANTONINO, Pedro Ribeiro Gonçalves
contributor_str_mv	SAMPAIO, Augusto Cezar Alves ANTONINO, Pedro Ribeiro Gonçalves
dc.subject.por.fl_str_mv	Verificação formal Contratos inteligentes Ethereum Solidity Criação segura Atualização segura
topic	Verificação formal Contratos inteligentes Ethereum Solidity Criação segura Atualização segura
description	Smart contract evolution is crucial for the success of decentralized applications, and current methods and processes are not well suited to handle these drivers of change, as the knowledge about the software is predominantly stored in informal documents. In addition, they are the building blocks of the ”code is law” paradigm: the smart contract’s code indisputably describes how its assets are to be managed - once it is created, its code is typically immutable. Faulty smart contracts present the most significant evidence against the practicality of this paradigm; they are well-documented and resulted in assets worth vast sums of money being compromised. To address this issue, the Ethereum community proposed (i) tools and processes to audit/analyse smart contracts, and (ii) design patterns implementing a mechanism to make contract code mutable. Individually, (i) and (ii) only partially address the challenges raised by the ”code is law” paradigm. In this work, we combine elements from (i) and (ii) to create a systematic framework that moves away from ”code is law” and gives rise to a new ”specifica- tion is law” paradigm. It allows contracts to be created and upgraded but only if they meet a corresponding formal specification. We explain how formal verification techniques can be used to ensure safety properties of smart contracts during their evolution. Although formal verification methods have the potential of being used in several application fields, we focus on ensuring compliance with its specifications. The process consists of three phases: Formal requirements specification, verification, and deployment. All steps are planned and executed in an integrated way and together they form a framework capable of fostering safe evolution and make it more reliable and secure. The framework is centered around a trusted deployer: an off-chain service that formally verifies and enforces specification conformance. We have proto- typed this framework, and investigated its applicability to contracts implementing three widely used Ethereum standards: the ERC20 Token Standard, ERC3156 Flash Loans and ERC1155 Multi Token Standard, with promising results.
publishDate	2022
dc.date.accessioned.fl_str_mv	2022-11-22T12:00:46Z
dc.date.available.fl_str_mv	2022-11-22T12:00:46Z
dc.date.issued.fl_str_mv	2022-09-12
dc.type.status.fl_str_mv	info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv	info:eu-repo/semantics/masterThesis
format	masterThesis
status_str	publishedVersion
dc.identifier.citation.fl_str_mv	FERREIRA, Juliandson Estanislau. Specification is law: safe creation and upgrade of ethereum smart contracts. 2022. Dissertação (Mestrado em Ciência da Computação) - Universidade Federal de Pernambuco, Recife, 2022.
dc.identifier.uri.fl_str_mv	https://repositorio.ufpe.br/handle/123456789/47799
identifier_str_mv	FERREIRA, Juliandson Estanislau. Specification is law: safe creation and upgrade of ethereum smart contracts. 2022. Dissertação (Mestrado em Ciência da Computação) - Universidade Federal de Pernambuco, Recife, 2022.
url	https://repositorio.ufpe.br/handle/123456789/47799
dc.language.iso.fl_str_mv	eng
language	eng
dc.rights.driver.fl_str_mv	http://creativecommons.org/licenses/by-nc-nd/3.0/br/ info:eu-repo/semantics/openAccess
rights_invalid_str_mv	http://creativecommons.org/licenses/by-nc-nd/3.0/br/
eu_rights_str_mv	openAccess
dc.publisher.none.fl_str_mv	Universidade Federal de Pernambuco
dc.publisher.program.fl_str_mv	Programa de Pos Graduacao em Ciencia da Computacao
dc.publisher.initials.fl_str_mv	UFPE
dc.publisher.country.fl_str_mv	Brasil
publisher.none.fl_str_mv	Universidade Federal de Pernambuco
dc.source.none.fl_str_mv	reponame:Repositório Institucional da UFPE instname:Universidade Federal de Pernambuco (UFPE) instacron:UFPE
instname_str	Universidade Federal de Pernambuco (UFPE)
instacron_str	UFPE
institution	UFPE
reponame_str	Repositório Institucional da UFPE
collection	Repositório Institucional da UFPE
bitstream.url.fl_str_mv	https://repositorio.ufpe.br/bitstream/123456789/47799/1/DISSERTA%c3%87%c3%83O%20Juliandson%20Estanislau%20Ferreira.pdf https://repositorio.ufpe.br/bitstream/123456789/47799/2/license_rdf https://repositorio.ufpe.br/bitstream/123456789/47799/3/license.txt https://repositorio.ufpe.br/bitstream/123456789/47799/4/DISSERTA%c3%87%c3%83O%20Juliandson%20Estanislau%20Ferreira.pdf.txt https://repositorio.ufpe.br/bitstream/123456789/47799/5/DISSERTA%c3%87%c3%83O%20Juliandson%20Estanislau%20Ferreira.pdf.jpg
bitstream.checksum.fl_str_mv	3335c777f6bdc6177a698475631f9e5e e39d27027a6cc9cb039ad269a5db8e34 5e89a1613ddc8510c6576f4b23a78973 276bb4ecfdbc4a8625848ff0086f54b4 ce1b28f61fc6cbc230067c0fad566fd8
bitstream.checksumAlgorithm.fl_str_mv	MD5 MD5 MD5 MD5 MD5
repository.name.fl_str_mv	Repositório Institucional da UFPE - Universidade Federal de Pernambuco (UFPE)
repository.mail.fl_str_mv	attena@ufpe.br
_version_	1797782334760550400

Specification is law : safe creation and upgrade of ethereum smart contracts

Registros relacionados