On-Chain Smart Contract Verification over Tendermint

• Published in: Financial Cryptography and Data Security. FC 2021 International Workshops pp. 333 - 347
• Main Authors: Olivieri, Luca, Spoto, Fausto, Tagliaferro, Fabio
• Format: Book Chapter
• Language: English
• Published: Berlin, Heidelberg Springer Berlin Heidelberg
• Series: Lecture Notes in Computer Science
• Subjects: Blockchain; Program analysis; Smart contract; Software verification; Tendermint
• ISBN: 3662639572; 9783662639573
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-662-63958-0_28

Smart contracts are computer code that runs in blockchain and expresses the rules of an agreement among parties. A bug in their code has major consequences, such as rule violations and security attacks. Smart contracts are immutable and cannot be easily replaced to patch a bug. To overcome these problems, there exist automatic static analyzers that find bugs before smart contracts are installed in blockchain. However, this off-chain verification is optional: programmers are not forced to use it. This paper defines on-chain verification instead, that occurs inside the same blockchain nodes, when the code of smart contracts is installed. It acts as a mandatory entry filter that bans code that does not abide to the verification rules, that are consequently part of the consensus rules of the blockchain. Thus, an improvement in on-chain verification entails a consensus update of the network. This paper provides an implementation of on-chain verification for smart contracts written in the Takamaka subset of Java, running as a Tendermint application. It shows that on-chain verification works, reporting actual experiments.