The beta version of DROPS 2 is now publicly available! Check this page out at DROPS 2 now!


License: Creative Commons Attribution 4.0 International license (CC BY 4.0)
When quoting this document, please refer to the following
DOI: 10.4230/LIPIcs.ECOOP.2023.23
URN: urn:nbn:de:0030-drops-182167
URL: http://dagstuhl.sunsite.rwth-aachen.de/volltexte/2023/18216/
Go to the corresponding LIPIcs Volume Portal

Olivieri, Luca ; Negrini, Luca ; Arceri, Vincenzo ; Tagliaferro, Fabio ; Ferrara, Pietro ; Cortesi, Agostino ; Spoto, Fausto

Information Flow Analysis for Detecting Non-Determinism in Blockchain

pdf-format:
LIPIcs-ECOOP-2023-23.pdf (1 MB)

Abstract

A mandatory feature for blockchain software, such as smart contracts and decentralized applications, is determinism. In fact, non-deterministic behaviors do not allow blockchain nodes to reach one common consensual state or a deterministic response, which causes the blockchain to be forked, stopped, or to deny services. While domain-specific languages are deterministic by design, general-purpose languages widely used for the development of smart contracts such as Go, provide many sources of non-determinism. However, not all non-deterministic behaviours are critical. In fact, only those that affect the state or the response of the blockchain can cause problems, as other uses (for example, logging) are only observable by the node that executes the application and not by others. Therefore, some frameworks for blockchains, such as Hyperledger Fabric or Cosmos SDK, do not prohibit the use of non-deterministic constructs but leave the programmer the burden of ensuring that the blockchain application is deterministic. In this paper, we present a flow-based approach to detect non-deterministic vulnerabilities which could compromise the blockchain. The analysis is implemented in GoLiSA, a semantics-based static analyzer for Go applications. Our experimental results show that GoLiSA is able to detect all vulnerabilities related to non-determinism on a significant set of applications, with better results than other open-source analyzers for blockchain software written in Go.

BibTeX - Entry

@InProceedings{olivieri_et_al:LIPIcs.ECOOP.2023.23,
  author =	{Olivieri, Luca and Negrini, Luca and Arceri, Vincenzo and Tagliaferro, Fabio and Ferrara, Pietro and Cortesi, Agostino and Spoto, Fausto},
  title =	{{Information Flow Analysis for Detecting Non-Determinism in Blockchain}},
  booktitle =	{37th European Conference on Object-Oriented Programming (ECOOP 2023)},
  pages =	{23:1--23:25},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-281-5},
  ISSN =	{1868-8969},
  year =	{2023},
  volume =	{263},
  editor =	{Ali, Karim and Salvaneschi, Guido},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/opus/volltexte/2023/18216},
  URN =		{urn:nbn:de:0030-drops-182167},
  doi =		{10.4230/LIPIcs.ECOOP.2023.23},
  annote =	{Keywords: Static Analysis, Program Verification, Non-determinism, Blockchain, Smart contracts, DApps, Go language}
}

Keywords: Static Analysis, Program Verification, Non-determinism, Blockchain, Smart contracts, DApps, Go language
Collection: 37th European Conference on Object-Oriented Programming (ECOOP 2023)
Issue Date: 2023
Date of publication: 11.07.2023
Supplementary Material: Software (ECOOP 2023 Artifact Evaluation approved artifact): https://doi.org/10.4230/DARTS.9.2.23

DROPS-Home | Fulltext Search | Imprint | Privacy Published by LZI