Blockchain smart contracts formalization: Approaches and challenges to address vulnerabilities. Issue 88 (January 2020)
- Record Type:
- Journal Article
- Title:
- Blockchain smart contracts formalization: Approaches and challenges to address vulnerabilities. Issue 88 (January 2020)
- Main Title:
- Blockchain smart contracts formalization: Approaches and challenges to address vulnerabilities
- Authors:
- Singh, Amritraj
Parizi, Reza M.
Zhang, Qi
Choo, Kim-Kwang Raymond
Dehghantanha, Ali - Abstract:
- Highlights: Blockchain smart contracts formalization. Vulnerability aspects of smart contracts targeted by formalization approaches. Domain specific languages (DSL) for formalizing smart contracts. Formal/specification/general-purpose languages for formalizing smart contracts. Abstract: Blockchain as a distributed computing platform enables users to deploy pieces of software (known as smart contracts) for a wealth of next-generation decentralized applications without involving a trusted third-party. The advantages of smart contracts do, however, come at a price. As with most technologies, there are potential security threats, vulnerabilities and various other issues associated with smart contracts. Writing secure and safe smart contracts can be extremely difficult due to various business logics, as well as platform vulnerabilities and limitations. Formal methods have recently been advocated to mitigate these vulnerabilities. This paper aims to provide a first-time study on current formalization research on all smart contract-related platforms on blockchains, which is scarce in the literature. To this end, a timely and rigorous systematic review to examine the state-of-the-art research and achievements published between 2015 and July 2019 is provided. This study is based on a comprehensive review of a set of 35 research papers that have been extracted from eight major online digital databases. The results indicate that the most common formalization technique is theoremHighlights: Blockchain smart contracts formalization. Vulnerability aspects of smart contracts targeted by formalization approaches. Domain specific languages (DSL) for formalizing smart contracts. Formal/specification/general-purpose languages for formalizing smart contracts. Abstract: Blockchain as a distributed computing platform enables users to deploy pieces of software (known as smart contracts) for a wealth of next-generation decentralized applications without involving a trusted third-party. The advantages of smart contracts do, however, come at a price. As with most technologies, there are potential security threats, vulnerabilities and various other issues associated with smart contracts. Writing secure and safe smart contracts can be extremely difficult due to various business logics, as well as platform vulnerabilities and limitations. Formal methods have recently been advocated to mitigate these vulnerabilities. This paper aims to provide a first-time study on current formalization research on all smart contract-related platforms on blockchains, which is scarce in the literature. To this end, a timely and rigorous systematic review to examine the state-of-the-art research and achievements published between 2015 and July 2019 is provided. This study is based on a comprehensive review of a set of 35 research papers that have been extracted from eight major online digital databases. The results indicate that the most common formalization technique is theorem proving, which is most often used to verify security properties relating to smart contracts, while other techniques such as symbolic execution and model checking were also frequently used. These techniques were most commonly used to verify the functional correctness of smart contracts. From the language and automation point of views, there were 12 languages (domain specific/specification/general purpose) proposed or used for the formalization of smart contracts on blockchains, while 15 formal method-specific automated tools/frameworks were identified for mitigating various vulnerabilities of smart contracts. From the results of this work, we further highlight three open issues for future research in this emerging domain including: formal testing, automated verification of smart contracts, and domain specific languages (DSLs) for Ethereum. These issues suggest the need for additional, in-depth research. Our study also provides possible future research directions. … (more)
- Is Part Of:
- Computers & security. Issue 88(2020)
- Journal:
- Computers & security
- Issue:
- Issue 88(2020)
- Issue Display:
- Volume 88, Issue 88 (2020)
- Year:
- 2020
- Volume:
- 88
- Issue:
- 88
- Issue Sort Value:
- 2020-0088-0088-0000
- Page Start:
- Page End:
- Publication Date:
- 2020-01
- Subjects:
- Blockchain -- Smart contracts -- Formal methods -- Verification -- Systematic review
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2019.101654 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 16306.xml