solidity 0 5 when typed does not mean type safe
play

Solidity 0.5: when typed does not mean type-safe S. Crafa M. Di - PowerPoint PPT Presentation

Mar 15, 2024 •266 likes •588 views

Solidity 0.5: when typed does not mean type-safe S. Crafa M. Di Pirro Universit di Padova, Italy Kynetics, Italy crafa@math.unipd.it matteo.dipirro@kynetics.com FMBC - 11 October 2019 - Porto Agenda Smart contracts and Solidity

  1. Solidity 0.5: when typed does not mean type-safe S. Crafa M. Di Pirro Università di Padova, Italy Kynetics, Italy crafa@math.unipd.it matteo.dipirro@kynetics.com FMBC - 11 October 2019 - Porto

  2. Agenda ● Smart contracts and Solidity ● Unsafe gambling game ● Safe gambling game ● Conclusion

  3. Trusted Solidity contracts ● Smart contracts are intended to be automatically enforced ● Solidity ○ Statically typed language ○ Claimed to be “type safe” ● Solidity programmers commonly use the compiler to check type errors in the source code

  4. Trusted Solidity contracts Unfortunately … ● Solidity’s type safety is limited address payable is intended to prevent Ether transfers to smart ● contracts that are not supposed to receive money ○ The compiler fails to enforce such semantics ! ● Incorrect contracts lead to gas losses and money indefinitely locked

  5. Trusted Solidity contracts Unfortunately … ● Solidity’s type safety is limited address payable is intended to prevent Ether transfers to smart contracts that ● are not supposed to receive money ○ The compiler fails to enforce such semantics ! ● Incorrect contracts lead to gas losses and money indefinitely locked Formal methods come to the rescue!

  6. A gambling game Web server GamblingGame Bookmaker Gambler

  7. A gambling game contract Gambler { constructor () payable public {} function bet(address bookmaker, string guess, uint n) external{ require(amount < address(this).balance); Bookmaker(bookmaker).placeBet.value(n)(guess); } }

  8. A gambling game contract Gambler { constructor () payable public {} function bet(address bookmaker, string guess, uint n) external{ require(amount < address(this).balance); Bookmaker(bookmaker).placeBet.value(n)(guess); } } contract Bookmaker { mapping (address => uint) private currentBets; GamblingGame private game; constructor(address _game) public {game = GamblingGame(_game); } function placeBet(string guess) external payable { currentBets[msg.sender] += msg.value; game.play("http://...", guess, msg.sender); } function callback(...) external {...} }

  9. A gambling game contract GamblingGame { event Play(address, string, string, address payable); function play(string url, string guess, address payable gambler) external { emit Play(msg.sender, url, guess, gambler); // eventually calls msg.sender.callback( outcome , gambler) } }

  10. A gambling game contract GamblingGame { event Play(address, string, string, address payable); function play(string url, string guess, address payable gambler) external { emit Play(msg.sender, url, guess, gambler); // eventually calls msg.sender.callback( outcome , gambler) } } contract Bookmaker { GamblingGame private game; function placeBet(..) external payable {...} function callback(bool outcome,address payable gambler) external{ // if (outcome) gambler.transfer( ... ) // otherwise gambler loses its bet } }

  11. A gambling game Web callback server Play play placeBet GamblingGame Bookmaker Gambler transfer ● Gambler has no fallback function ! transfer will cause a runtime revert ○ ○ Gambler’s bet indefinitely locked into Bookmaker → Gambler’s code correctly compiles

  12. The compiler is happy transfer is defined on address payable ● contract Bookmaker { function placeBet(string guess) external payable { ... game.play("...", guess, msg.sender); } function callback(bool outcome, address payable gambler) { // if (outcome) gambler.transfer( ... ) // otherwise gambler loses its bet } }

  13. The compiler is happy transfer is defined on address payable ● contract Bookmaker { function placeBet(string guess) external payable { ... game.play("...", guess, msg.sender); } function callback(bool outcome, address payable gambler) { // if (outcome) gambler.transfer( ... ) // otherwise gambler loses its bet } } gambler has type address payable !! ● contract GamblingGame { function play(string url, string guess, address payable gambler) external { emit Play(msg.sender, url, guess, gambler); } }

  14. The compiler is happy msg.sender has always type address payable ● ➔ But it will be substituted with a non-payable address ➔ The use of address ( payable ) is unsound ◆ Message-not-understood errors at run-time

  15. The compiler is happy msg.sender has always type address payable ● ➔ But it will be substituted with a non-payable address ➔ The use of address ( payable ) is unsound ◆ Message-not-understood errors at run-time No Type Soundness! Subject Reduction fails Solidity 0.5 compiler is unsound

  16. The problem … ● Solidity’s type address is an untyped pointer , like void * ● Two features of Solidity make this problem pervasive ○ Instances of smart contracts can only be accessed through their public (“untyped”) address ○ Extensive use of msg.sender The caller is referred to through an untyped pointer ■ All the callback expressions undergo potentially unsafe ■ usages

  17. The problem … ● Solidity’s type address is an untyped pointer , like void * ● Two features of Solidity make this problem pervasive ○ Instances of smart contracts can only be accessed through their public (“untyped”) address ○ Extensive use of msg.sender The caller is referred to through an untyped pointer ■ All the callback expressions undergo potentially unsafe ■ usages msg.sender.transfer(n) and C(msg.sender).f() are typical (dangerous!) Solidity patterns.

  18. … and the solution 1. Refined address types ○ address<C> is the address of contracts of type C (or subtypes) 2. Refined function signatures to constrain function callers ○ function foo<C> (T x) can be called only by contracts of type (lower than) C 3. This solution is retro-compatible with legacy Solidity code, allowing new, safer, contracts to interact with s.c. already deployed

  19. … and the solution 1. Refined address types ○ address<C> is the address of contracts of type C (or subtypes) 2. Refined function signatures to constrain function callers ○ function foo<C> (T x) can be called only by contracts of type (lower than) C Example: Let Top_fb be the supertype of all the contracts providing a fallback ● address<Top_fb> ● function foo<Top_fb>(T x)

  20. … and the solution 1. Refined address types ○ address<C> is the address of contracts of type C (or subtypes) 2. Refined function signatures to constrain function callers ○ function foo<C> (T x) can be called only by contracts of type (lower than) C Cast safety Transfer safety

  21. Oracle pattern contract GamblingGame { event Play(address<Bookmaker>, string,string, address payable); function play<Bookmaker>(string url, string guess, address payable gambler) external { emit Play(msg.sender, url, guess, gambler); // eventually calls msg.sender.callback(...) } } play can be invoked only by a (subcontract of) Bookmaker

  22. Oracle pattern contract GamblingGame { event Play(address<Bookmaker>, string,string, address payable); function play<Bookmaker>(string url, string guess, address payable gambler) external { emit Play(msg.sender, url, guess, gambler); // eventually calls msg.sender.callback(...) } } msg.sender: address<Bookmaker>

  23. Transfer safety contract Bookmaker { ... function placeBet(string guess) external payable payback { ... game.play(..., msg.sender); } } contract Gambler { ... function bet(...) external{ Bookmaker(bookmaker).placeBet.value(n)(guess); } }

  24. Transfer safety contract Bookmaker { ... function placeBet(string guess) external payable payback { ... game.play(..., msg.sender); } } contract Gambler { ... function bet(...) external{ Bookmaker(bookmaker).placeBet.value(n)(guess); } } The call of placeBet in Gambler does not compile

  25. Cast safety contract Gambler { constructor () payable public {} function bet(address<Bookmaker> bookmaker, string guess, uint n) external{ require(amount < address(this).balance); Bookmaker(bookmaker).placeBet.value(n)(guess); } } bet requires a Bookmaker

  26. Cast safety contract Gambler { constructor () payable public {} function bet(address<Bookmaker> bookmaker, string guess, uint n) external{ require(amount < address(this).balance); Bookmaker(bookmaker).placeBet.value(n)(guess); } } The cast is safe

  27. Conclusion address address payable address<C> In Solidity 0.5 address payable essentially provides only a refined documentation about addresses ○ The address of a contract that can “safely” receive Ether ➔ Programmers expect that “safely” means “type-safely”

  28. Conclusion address address payable address<C> In Solidity 0.5 address payable essentially provides only a refined documentation about addresses ○ The address of a contract that can “safely” receive Ether ➔ Programmers expect that “safely” means “type-safely” In [Crafa - Di Pirro - Zucca 19] we prove the type soundness of this solution on Featherweight Solidity

  29. Solidity 0.5 Typed does not mean type-safe THANK YOU Silvia Crafa Matteo Di Pirro crafa@math.unipd.it matteo.dipirro@kynetics.com

Recommend

Solidity Pt. 1 Solidity idity Javascript-like programming language for writing programs that

Solidity Pt. 1 Solidity idity Javascript-like programming language for writing programs that

Solidity Pt. 1 Solidity idity Javascript-like programming language for writing programs that run on the Ethereum Virtual Machine Domain-specific language that supports abstractions required for operation of smart contracts e.g.

763 views • 44 slides
Fuzzing the Solidity Compiler Bhargava Shastry @ibags Ethereum Foundation bshastry Fuzzcon

Fuzzing the Solidity Compiler Bhargava Shastry @ibags Ethereum Foundation bshastry Fuzzcon

Fuzzing the Solidity Compiler Bhargava Shastry @ibags Ethereum Foundation bshastry Fuzzcon Europe 2020 | Fuzzing the Solidity Compiler 2 whoami Security engineer, Solidity team Semantic testing of Solidity compiler Find

441 views • 28 slides
Preemptive type checking in dynamically typed programs Neville Grech, Julian Rathke, Bernd

Preemptive type checking in dynamically typed programs Neville Grech, Julian Rathke, Bernd

Preemptive type checking in dynamically typed programs Neville Grech, Julian Rathke, Bernd Fischer n.grech@ecs.soton.ac.uk Dynamically-typed languages Principal type of a variable is mutated through assignments: def plus2(a): if

1.47k views • 109 slides
CMSC 430 Introduction to Compilers Spring 2016 Type Systems What is a Type System? A type

CMSC 430 Introduction to Compilers Spring 2016 Type Systems What is a Type System? A type

CMSC 430 Introduction to Compilers Spring 2016 Type Systems What is a Type System? A type system is some mechanism for distinguishing good programs from bad Good programs = well typed Bad programs = ill-typed or not typable

765 views • 57 slides
Typed recursion in the rewriting calculus Benjamin Wack joint work with C. Kirchner, L. Liquori,

Typed recursion in the rewriting calculus Benjamin Wack joint work with C. Kirchner, L. Liquori,

Typed recursion in the rewriting calculus Benjamin Wack joint work with C. Kirchner, L. Liquori, H. Cirstea Workshop, March 10th 2004, Nancy The type system Typing fixpoints Encoding typed objects and TRS Logical failure Typed recursion in

476 views • 35 slides
Think. . . . . . of simply typed lambda calculus extended with a boolean type Bool

Think. . . . . . of simply typed lambda calculus extended with a boolean type Bool

Normalization by Evaluation for , 2 Thorsten Altenkirch Tarmo Uustalu Workshop on NbE, Tallinn, 17 April 2004 1 Think. . . . . . of simply typed lambda calculus extended with a boolean type Bool (but

538 views • 27 slides
Damas-Milner Type Inference Christine Rizkallah CSE, UNSW Term 3 2020 1 Implicitly Typed MinHS

Damas-Milner Type Inference Christine Rizkallah CSE, UNSW Term 3 2020 1 Implicitly Typed MinHS

Implicitly Typed MinHS Inference Algorithm Unification Damas-Milner Type Inference Christine Rizkallah CSE, UNSW Term 3 2020 1 Implicitly Typed MinHS Inference Algorithm Unification Implicitly Typed MinHS Explicitly typed languages are

1.01k views • 42 slides
Polymorphic types Polymorphic -calculus (System F) Simply typed -calculus is

Polymorphic types Polymorphic -calculus (System F) Simply typed -calculus is

Polymorphic types Polymorphic -calculus (System F) Simply typed -calculus is monomorphic, Extends simply-typed : i.e. a type has no flexible pieces ::= * | type syntax expression/value syntax

328 views • 4 slides
Expressing Type-Flaw Attacks in a Strongly Typed Language Iliano Cervesato

Expressing Type-Flaw Attacks in a Strongly Typed Language Iliano Cervesato

Expressing Type-Flaw Attacks in a Strongly Typed Language Iliano Cervesato iliano@itd.nrl.navy.mil ITT Industries, Inc @ NRL Washington DC http://www.cs.stanford.edu/~iliano/ 2 nd International Workshop on Foundations for

891 views • 45 slides
VI.2 IE for Entities, Relations, Roles Extracting named entities (either type-less constants or

VI.2 IE for Entities, Relations, Roles Extracting named entities (either type-less constants or

VI.2 IE for Entities, Relations, Roles Extracting named entities (either type-less constants or typed unary predicates) in Web pages and NL text Examples: person, organization, monetary value, protein, etc. Extracting typed relations

544 views • 37 slides
Type Systems Lecture 3 Nov. 3rd, 2004 Sebastian Maneth

Type Systems Lecture 3 Nov. 3rd, 2004 Sebastian Maneth

Type Systems Lecture 3 Nov. 3rd, 2004 Sebastian Maneth http://lampwww.epfl.ch/teaching/typeSystems/2004 Today: into the types 1. A Type System for Arithmetic Expressions 2. Proving Type Safety 3. Simply Typed Lambda Calculus

988 views • 50 slides
STAMP: Strongly Type-sAfe Meta-Programming Thomas Winant Dominique Devriese Jesper Cockx

STAMP: Strongly Type-sAfe Meta-Programming Thomas Winant Dominique Devriese Jesper Cockx

STAMP: Strongly Type-sAfe Meta-Programming Thomas Winant Dominique Devriese Jesper Cockx DistriNet KU Leuven 21 September 2015 Type-safe metaprogramming: Overview Most metaprogramming is weakly type-safe (e.g. Template Haskell)

433 views • 16 slides
Strong whose properties are known at compilation Type conversions take place in a controlled

Strong whose properties are known at compilation Type conversions take place in a controlled

A language is strongly typed, if: Every data element has a unique type, Strong whose properties are known at compilation Type conversions take place in a controlled typing manner, by interpreting value of one type as another Not

340 views • 16 slides
An Invitation to Homotopy Type Theory Tingxiang Zou Type Theory Formal Systems: Churchs

An Invitation to Homotopy Type Theory Tingxiang Zou Type Theory Formal Systems: Churchs

An Invitation to Homotopy Type Theory Tingxiang Zou Type Theory Formal Systems: Churchs simply typed lambda calculus (1940); Martin L ofs dependent type theory (1971-1984) Origin: Russells theory of types The world is

848 views • 12 slides
JSJS A Strongly Typed Language for the Web Ayush Jain Gaurang Sadekar Bahul Jain

JSJS A Strongly Typed Language for the Web Ayush Jain Gaurang Sadekar Bahul Jain

JSJS A Strongly Typed Language for the Web Ayush Jain Gaurang Sadekar Bahul Jain Prakhar Srivastav Just another day in the Javascript world Feature JSJS JS Type Safety Type Inference Why JSJS? Immutable

768 views • 22 slides
Notes for State of the Art Report on Type Systems and Static Analysis for Distributed Programming

Notes for State of the Art Report on Type Systems and Static Analysis for Distributed Programming

Notes for State of the Art Report on Type Systems and Static Analysis for Distributed Programming Languages J. Rathke Mikado meeting Lisbon, June 2002 p.1/7 Introduction Why use typed languages? What is typed static analysis?

118 views • 7 slides
LDP Typed Wildcard PW FEC Elements draft-raza-pwe3-pw-typed-wc-fec-00.txt Kamran Raza Sami

LDP Typed Wildcard PW FEC Elements draft-raza-pwe3-pw-typed-wc-fec-00.txt Kamran Raza Sami

LDP Typed Wildcard PW FEC Elements draft-raza-pwe3-pw-typed-wc-fec-00.txt Kamran Raza Sami Boutros Background Label Distribution Protocol (LDP) [RFC5036] defines the general notion of a &quot;Typed Wildcard Forwarding Equivalence Class

309 views • 6 slides
Last time Introduced type inference can write type-safe programs without writing CS 611

Last time Introduced type inference can write type-safe programs without writing CS 611

Last time Introduced type inference can write type-safe programs without writing CS 611 down types explicitly Advanced Programming Languages useful for higher-order functions because types are large, obscure code Andrew Myers

393 views • 3 slides
On Type-holding and type-repelling lambda-term skeletons, with applications to all-term and

On Type-holding and type-repelling lambda-term skeletons, with applications to all-term and

On Type-holding and type-repelling lambda-term skeletons, with applications to all-term and random-term generation of simply-typed closed lambda terms Paul Tarau Department of Computer Science and Engineering University of North Texas

818 views • 54 slides
Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with

Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with

Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with Jamie Morgenstern Carnegie Mellon University Security-Typed Programming Access control: who gets access to what? read a file play a song make an

860 views • 62 slides
Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with

Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with

Security-Typed Programming within Dependently-Typed Programming Dan Licata Joint work with Jamie Morgenstern Carnegie Mellon University Supported by NSF CCF-0702381 and CNS-0716469 Security-Typed Programming Access control: who gets access

1.06k views • 79 slides
Minemu: Protecting buggy binaries from memory corruption attacks Erik Bosman

Minemu: Protecting buggy binaries from memory corruption attacks Erik Bosman

Minemu: Protecting buggy binaries from memory corruption attacks Erik Bosman &lt;erik@minemu.org&gt; Programming Languages type-safe vs. not type-safe Programming Languages type-safe vs. not type-safe Java Python Ruby Javascript

1.22k views • 111 slides
What is an object? Objects are units of data with the following properties: typed and

What is an object? Objects are units of data with the following properties: typed and

What is an object? Objects are units of data with the following properties: typed and self-contained Each object is an instance of a type that defines a set of methods (signatures) that can be invoked to operate on the object.

322 views • 9 slides
FROM SYSTEM F TO TYPED ASSEMBLY LANGUAGE Greg Morrisett, David Walker, Karl Crary &amp; Neal

FROM SYSTEM F TO TYPED ASSEMBLY LANGUAGE Greg Morrisett, David Walker, Karl Crary &amp; Neal

FROM SYSTEM F TO TYPED ASSEMBLY LANGUAGE Greg Morrisett, David Walker, Karl Crary &amp; Neal Glew TOPLAS 1999 Presentation by: Drew Zagieboylo/Matthew Milano TYPED ASSEMBLY LANGUAGE TYPED ASSEMBLY LANGUAGE TYPED ASSEMBLY LANGUAGE TYPED

654 views • 32 slides

More recommend