Smart contracts - computer protocols that regulate the exchange of crypto-assets in trustless environments - have become popular with the spread of blockchain technologies. A landmark security property of smart contracts is liquidity: in a non-liquid contract, it may happen that some assets remain frozen, i.e. not redeemable by anyone. The relevance of this issue is witnessed by recent liquidity attacks to Ethereum, which have frozen hundreds of USD millions. We address the problem of verifying liquidity on BitML, a DSL for smart contracts with a secure compiler to Bitcoin, featuring primitives for currency transfers, contract renegotiation and consensual recursion. Our main result is a verification technique for liquidity. We first transform the infinite-state semantics of BitML into a finite-state one, which focusses on the behaviour of a chosen set of contracts, abstracting from the moves of the context. With respect to the chosen contracts, this abstraction is sound, i.e. if the abstracted contract is liquid, then also the concrete one is such. We then verify liquidity by model-checking the finite-state abstraction. We implement a toolchain that automatically verifies liquidity of BitML contracts and compiles them to Bitcoin, and we assess it through a benchmark of representative contracts.
翻译:管理无信任环境中的密码资产交换的计算机协议----规范在无信任环境中的密码资产交换的计算机协议----智能智能合同----随着链链技术的传播而变得受欢迎。智能合同的一个里程碑式安全属性是流动性:在非流动合同中,一些资产可能仍然被冻结,即任何人都无法赎回。这个问题的相关性见于最近对Etheyum的流动性袭击,这些袭击冻结了数亿美元。我们处理的是BitML的流动性核查问题,BitML是一个与Bitcoin的安全编译者签订的智能合同的DSL,其特点是货币转移、合同重新谈判和双方同意的递转。我们的主要结果是流动资金核查技术。我们首先将BitML的无限状态语义转换成一个固定状态,侧重于选定一套合同的行为,从背景变化中摘取。关于所选合同,这种抽象性是有道理的,即如果抽象合同是液体,那么具体合同也是这样的。我们随后通过模型核对流动性,我们通过核对固定状态抽象的抽象的抽象的抽象形式来核查。我们执行一个工具链,我们通过BITML合同自动地核查其流动性,我们通过BTML合同和基准来评估BIT合同的基准。