pith. sign in

arxiv: 2401.00650 · v1 · pith:BJSP5FFWnew · submitted 2024-01-01 · 💻 cs.SE

Automated Invariant Generation for Solidity Smart Contracts

classification 💻 cs.SE
keywords invconcontractssmartcontractinvariantinvariantscodecommon
0
0 comments X
read the original abstract

Smart contracts are computer programs running on blockchains to automate the transaction execution between users. The absence of contract specifications poses a real challenge to the correctness verification of smart contracts. Program invariants are properties that are always preserved throughout the execution, which characterize an important aspect of the program behaviors. In this paper, we propose a novel invariant generation framework, INVCON+, for Solidity smart contracts. INVCON+ extends the existing invariant detector, InvCon, to automatically produce verified contract invariants based on both dynamic inference and static verification. Unlike INVCON+, InvCon only produces likely invariants, which have a high probability to hold, yet are still not verified against the contract code. Particularly, INVCON+ is able to infer more expressive invariants that capture richer semantic relations of contract code. We evaluate INVCON+ on 361 ERC20 and 10 ERC721 real-world contracts, as well as common ERC20 vulnerability benchmarks. The experimental results indicate that INVCON+ efficiently produces high-quality invariant specifications, which can be used to secure smart contracts from common vulnerabilities.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Enforcing Control Flow Integrity on DeFi Smart Contracts

    cs.CR 2025-04 conditional novelty 6.0

    CrossGuard applies control flow whitelisting to block 35 of 37 historical DeFi attacks with 0.26% false positives and low gas overhead after one-time configuration at contract deployment.