Scar: Verification-Based Development of Smart Contracts (Tool Paper)
Schiffl, Jonas
1; Beckert, Bernhard
1; Marmsoler, Diego [Hrsg.]; Xu, Meng [Hrsg.]
1 Institut für Informationssicherheit und Verlässlichkeit (KASTEL), Karlsruher Institut für Technologie (KIT)
1; Beckert, Bernhard
1; Marmsoler, Diego [Hrsg.]; Xu, Meng [Hrsg.]1 Institut für Informationssicherheit und Verlässlichkeit (KASTEL), Karlsruher Institut für Technologie (KIT)
Abstract:
Compared to other kinds of computer programs, smart contracts have some unique characteristics, e.g., immutability, and the public availability of source code. This means that any vulnerability has a large probability of being exploited. Since smart contracts cannot be patched, it is very important that smart contracts are correct and secure upon deployment. While much research has been invested in this goal, smart contract correctness and security remains a challenging problem.
In this paper, we present the Scar approach for model-driven development of correct and secure smart contract applications. Before implementing an application, smart contract developers first describe it in terms of an intuitive, platform-agnostic metamodel. Within this model, they can also specify high-level security and behavioral correctness properties, and check whether the model contains any inconsistencies. Finally, a combination of code generation, static analyses, and formal verification of automatically generated formal annotations leads to an implementation that is correct and secure w.r.t. the initial model.
In this paper, we present the Scar approach for model-driven development of correct and secure smart contract applications. Before implementing an application, smart contract developers first describe it in terms of an intuitive, platform-agnostic metamodel. Within this model, they can also specify high-level security and behavioral correctness properties, and check whether the model contains any inconsistencies. Finally, a combination of code generation, static analyses, and formal verification of automatically generated formal annotations leads to an implementation that is correct and secure w.r.t. the initial model.
| Zugehörige Institution(en) am KIT | Institut für Informationssicherheit und Verlässlichkeit (KASTEL) |
| Publikationstyp | Proceedingsbeitrag |
| Publikationsdatum | 16.05.2025 |
| Sprache | Englisch |
| Identifikator | ISBN: 978-3-9597737-1-3 ISSN: 2190-6807 KITopen-ID: 1000183598 |
| HGF-Programm | 46.23.01 (POF IV, LK 01) Methods for Engineering Secure Systems |
| Erschienen in | 6th International Workshop on Formal Methods for Blockchains (FMBC 2025) |
| Veranstaltung | 6th International Workshop on Formal Methods for Blockchains (FMBC 2025), Hamilton, Kanada, 04.05.2025 |
| Verlag | Schloss Dagstuhl - Leibniz-Zentrum für Informatik (LZI) |
| Seiten | 14:1-14:13 |
| Serie | Open Access Series in Informatics (OASIcs) ; 129 |
| Schlagwörter | Smart Contracts, Formal Verification, Security, Safety and Liveness, Software and its engineering → Formal methods |
| Nachgewiesen in | OpenAlex Scopus |