Program Analysis for Web3

Dr. Saurabh Joshi

Principal Researcher

Supra Research

What is a blockchain?

Execution trace of a deterministic state machine

What is a blockchain?

s1s_1
s_1
s2s_2
s_2
s3s_3
s_3
s4s_4
s_4
s4s_4
s_4
s5s_5
s_5
t1t_1
t_1
t3t_3
t_3
t5t_5
t_5
t2t_2
t_2
t4t_4
t_4

What is a blockchain?

Programs are state transformers

x=x+1
x=0x = 0
x = 0
x=1x = 1
x = 1
x=x+1
x=1x = 1
x = 1
x=2x = 2
x = 2
x=x+1
x=255x = 255
x = 255
x=?x = ?
x = ?

Need for determinism

Without deterministic operational semantics, given the same sequence of transactions, output state may be different when executed on a different hardware, or on the same hardware at a different time

What is a blockchain?

Execution trace of a deterministic state machine agreed upon by a network of distributed, possibly heterogenous and decentralized computers

Determinism

  • Floating point arithmetic
  • Signed integer arithmetic
  • Concurrency
  • Interaction with external environment
  • ..and many more

Termination

  • All transactions are executed with a pre-determined upperbound on gas (resources) consumed
gas:InstrNgas : Instr \rightarrow \mathbb{N}
gas : Instr \rightarrow \mathbb{N}
  • Can we perform a static analysis on a code that given a fixed gas cost table, a given code would terminate within a specified gas limit? If the code is parametric, for what value of n it can terminate within the gas limit?
  • Challenges with respect to native functions.

Gas Optimization

  • Reduce the amount of gas used while retaining the same input/output behaviour
minimizegas(Instri)minimize \sum gas(Instr_i)
minimize \sum gas(Instr_i)
  • Gas for storage and gas for computation makes gas optimization a bit tricky.
  • Would caching be cheaper as compared to computing a value every time?

Gas Estimation

  • Provide the number of gas units that would be consumed by the transaction
  • Undecidability
  • Input context is not known until execution
  • Provide an estimate for the number of gas units that would be consumed by the transaction
  • Accurate estimation needed both for users and for the network

Improve execution 

  • Given an ordered set of transactions (tx1, tx2,...,txN), and an input state s_I , compute output state s_O as fast as possible
  • Aptos BlockSTM
  • SupraSTM

Deriving access specification

Part 1: Given a program P(s), derive abstract access specifications in terms of ReadSet and WriteSet

Part 2: Given a program P(s), and input state s, quickly refine the abstract specification to minimize ReadSet and WriteSet as much as possible

Compilers and Virtual Machines

  • From high level programming languages to blockchain VMs (e.g., Solidity -> EVM, Move -> Move VM, Rust/C++ -> Solana VM)
  • Enabling smart contracts written in one language to work on another VM (e.g., Fractal, A transpiler that makes Solidity work on Move VM)
  • Enabling smart contracts written in one language to work on near native assembly (e.g., Rust/C++ -> Wasm)

Safety and security of smart contracts

Example Vulnerability

function multiClaim(uint256[] memory _tickets) external {   
	uint256 totalReward = 0;     
    for (uint i = 0; i < _tickets.length; i++) {  
    	require (msg.sender == lotteryNFT.ownerOf(_tickets[i]),    “not from owner”); 
        require (!lotteryNFT.getClaimStatus(_tickets[i]), “claimed”);  
        uint256 reward = getRewardView(_tickets[i]);  
        
        if(reward>0) {
        	totalReward = reward.add(totalReward);   
            }
     }
     
     lotteryNFT.multiClaimReward(_tickets); 
     
     if(totalReward>0) {      
     	cake.safeTransfer(address(msg.sender), totalReward); 
     }    
     
     emit MultiClaim(msg.sender, totalReward);
     
     }

“If we want to be serious about quality, it is time to get tired of finding bugs and start preventing their happening in the first place.”Alan Page

Program Analysis for Web3

By Saurabh Joshi

Made with Slides.com

Program Analysis for Web3

  • 7

More from Saurabh Joshi