资源描述:
Quantstamp The protocol for securing smart contracts Quantstampisthefirst smartcontractsecurity-auditing protocol. We are extending Ethereum with technology that ensuresthesecurityofsmartcontracts.Ourteamismadeofupof software testing experts who collectivelyhaveover500Google Scholar citations. Founders Founding Team Members Richard Ma, Cornell ECE Algorithmic Portfolio Manager Dr. Vajih Montaghami, PhD al s Steven Stewart, MCS, BA PhD, U. Waterloo Software verification, Database implementation Ed Zulkoski, B.S. PhD-candidate, U. Waterloo SAT/SMT solvers Leonardo Passos, PhD Compilers and Programming Languages Advisors Dr. Vijay Ganesh, Assistant Professor, U. Waterloo Ex-Stanford, MIT Evan Cheng, Director of Engineering at Facebook ACM Software System Award for LLVM Dr. Derek Rayside, P. Eng., Associate Professor, U. Waterloo Ex-MIT 2017-October-7 Version 3.0 The Problem 4 Quantstamp Protocol 4 Technology Roadmap 6 Motivation 7 Smart Contract Improvements 7 How we improve smart contract infrastructure 7 How we improve the developer’s process 8 Quantstamp, by example 9 Technology 10 Validation Protocol 11 Design 11 Security Audit Engine 13 Architectural View 14 Quantstamp Validation Smart Contract for Ethereum 14 Quantstamp Network for Ethereum 15 Quantstamp Reports 15 Tradecraft 15 Computer-aided reasoning tools 16 SAT solvers 16 SMT solvers 16 Model-checking 16 Static program analysis 17 Symbolic cution and Concolic Testing 17 Incremental releases and the subscription model 17 Bug Finders 18 Security Disclosure Strategy 18 Distributed and Parallel SAT 19 The Satisfiability Problem SAT 19 Parallel SAT Solvers 21 Parallel SAT and consensus 22 Common vulnerabilities for Ethereum/Solidity 22 Financial Planning 26 Research contributions by our team 27 Demo Locating The Parity Multisig Vulnerability 28 Frequently Asked Questions 30 2 Detailed Bios 32 Addendum A 35 Why we should be concerned about smart contracts 35 The DAO and others 35 Recent studies 36 Addendum B 38 Off-chain Tools for Developers 38 Smart Debugging using discriminating examples 38 Important Legal Disclaimer 42 3 The Problem Blockchainnetworksaresecurebutsmartcontractsarenot.InJune2016,ahackerstole55M inEthereumcoinsfromtheDAOduetoabuginitssmartcontract.InJuly2017,another 1hackerstoleover30MinEtherfromcryptocompaniesduetoaonewordbuginthesmart contractcodeintheParitymulti-sigwallet.Securityissuesliketheseareaseriousimpediment 2to wider adoption of the Ethereum network because they erode trust in smart contracts. Current efforts to validate smart contracts are inadequate. Engaging security consulting companies require humanexperts to audit smart contracts. This process is expensive and error-prone.Also,relyingonasinglecompanyrequirestrustingthatnobadactorsexistinthe company.Adistributedsystemrelyingonconsensusamongmanydifferentactorsisfarmore secure. Securityauditprocessesthatrelyonhumanexpertscannotkeepupwiththeexplodinggrowth rateof smart contractadoption.BetweenJune2017andOctober2017,thenumberofsmart contractsgrewfrom500K to2M.Withinayear,weexpecttheretobe10Msmartcontracts. 3 4Thiswillcreateanexponentialincreaseinthedemandforauditing.Therearen’tenoughsecurity expertsintheworldtoauditallsmartcontractstoday,andthisshortagewillbeevenmoreacute in the future. Thepotentialcostsofsmartcontractfailureswillalsogrow.AsofOctober2017,about3.2B 11METHwaslockedinsmartcontracts.Thenumberofdollarslockedinsmartcontractswill growexponentiallyasEthereumnetworkandsmartcontractadoptiongrows.Thepotentialcost of smart contract vulnerabilities will grow commensurately. Quantstamp Protocol TheQuantstampprotocolsolvesthesmartcontractsecurityproblembycreatingascalableand cost-effectivesystemtoauditallsmartcontractsontheEthereumnetwork.Overtime,weexpect everyEthereumsmart contract tousetheQuantstampprotocol toperasecurityaudit because security is essential. The protocol consists of two parts ● An automated and upgradeable software verification system that checks Solidity programs. The conflict-driven distributed SAT solver requires a large amount of 1 https// 2 https// 3 https//web.archive.org/web/20170602184510/https//etherscan.io/accounts/c 4 https//etherscan.io/accounts/c 4 computing power, but will be able to catch increasingly sophisticated attacks over time. ● Anautomatedbountypayoutsystemthatrewardshumanparticipantsforfindingerrors insmartcontracts.Thepurposeofthissystemistobridgethegapwhilemovingtowards the goal of full automation. TheQuantstampprotocolreliesonadistributednetworkofparticipantstomitigatetheeffects ofbadactors,providetherequiredcomputingpowerandprovidegovernance.Eachparticipant uses Quantstamp Protocol QSP tokens to pay for, receive, or improve uponverification services. Below are the different types of participants. ● ContributorsreceiveQSPtokensasaninvoiceforcontributingsoftwareforverifying Solidityprograms.Allcontributedcodewillbeopensourcesothatthecommunitycan haveconfidenceinitsefficacy.MostContributorswillbesecurityexperts.Contributions are voted in via the governance mechanism. ● Validators receive QSP tokens for running the Quantstamp validation node, a specializednodeintheEthereumnetwork.Verifiersonlyneedtocontributecomputing resources and do not need security expertise. ● BugFinders receiveQSPtokensasabountyfortingbugswhichbreaksmart contracts. ● ContractCreatorspayQSPtokenstogettheirsmartcontractverified.Asthenumber of smart contractsgrowsexponentially, weexpectdemandfromContractCreatorsto grow commensurately. ● Contract Users will have access to results of the smart contract security audits. ● VotersThegovernancesystemisacorefeatureoftheprotocol.Thidationsmart contract is designed to be modular and upgradeable based ontokenholder voting time-locked multi-sig. This governance mechanismreduces the chance of upgrade forks and decentralizes influence of the founding team over time. 5 Technology Roadmap 2017 June ● Quantstamp founded by Richard and Steven July ● Solidity Static Analyzer prototype built days after Parity Wallet hack August ● Released first version of whitepaper September ● Hired Ed, Krishna, Vajih, Leo October ● Completed Request Network semi-automated audit ● Built automated truffle test generator ● Complete 2nd semi-automated audit with another company November ● Complete 3rd semi-automated audit with another company ● QSP token launch ● Begin university partnerships with the University of Waterloo December ● Build the Quantstamp validation/payment smart contract on Ethereum ● Complete the 4th semi-automated audit 2018 January ● Build the Quantstamp validation node an augmented Ethereum node February ● Add analysis software v1 to the validation node that returns the proof-of-audit hash and raw output ● Complete the 5th semi-automated audit using analysis software v1 March ● Begin testing phase and improvement of crypto-economic incentives ● Implement token holder governance system for the upgradeable protocol April ● Deploy to test network after testing and validating system ● Begin academic review of the system May ● Hold first Quantstamp hackathon June ● Begin work on smart contract insurance with partners July ● Hold token holder vote for mainnet after months of testing/incentive adjustment August ● Release mainnet v1 September ● Begin work on distributed SAT consensus with BFT for Mainnet v2 October ● Add smart contract insurance alpha product on Mainnet smart contracts 6 Motivation Our team has devoted their careers to helping developers produce more reliable code, representing years of combined research and experience in the discipline of software verification.Theopportunitytoapplytheseexpertisetowardsthenextgenerationofthedigital revolutionisextremelyexcitingforeveryoneinvolved.Thereisaclearandurgentneedore secure code. Vulnerabilities in smart contracts threaten the adoption of blockchain technology and cryptocurrencies. CurrentlyalotofworkisbeingdonetoscaleEthereum,howeverwethink securityisequallyimportant.Withoutsecurityofsmartcontracts,it’shardforpeopletotrust themwithanythingotherthanriskcapital.Ourvisionforthefutureisthatsmartcontractswill bemainstreamapplicationsusedbypeopletomaketheireverydayliveseasier.Wewillhelp bringaboutthisvisionforsmartcontractsbyextendingEthereumwithtechnologythatensures the security of smart contracts. Webelievethatautomatedsecurityauditswillhelpdeveloperstodeploycodethatthepubliccan trust without havingtowriteal specificationsthat containmorelinesof codethanthe programitself. Ouraimistoautomatechecksandpropertyverificationasmuchaspossible. Eachof theseobjectivesshouldcontributetoahealthierblockchainecosystem.Thissolution addresses a infrastructural-level problem. Ourstrategyistocreateafoundationalprotocolthatcouldbeeventuallyincorporateddirectly intotheEthereumplatandtocreateasafeenvironmentneededforthefirstEthereum killer app. Theremainderof thisdocument detailswhyasecurityprotocolisanecessarytechnological advancement, and provides a high-level architecture of the plat. Smart Contract Improvements How we improve smart contract infrastructure Theprotocol allowsautomatedsecuritychecksonthesmartcontractcode,anddoessoina trustless manner. Our approach offers the following two core advantages. 55 We use the word “trustless” to indicate that the process is transparent and it is not necessary to trust a third-party, and deters bad actors from compromising the audit. 7 1. The protocol allows end-users to directly programs for verification, without the possibility of a bad actor manipulating the results of an audit Imagineabadactoratasecurityauditingcompanythatallowsamulti-milliondollarbugtoslip through,andthentakesadvantageofthelivedeployedcontract.Theconsensusrequiredbythe Quantstampprotocolmitigatestheeffectsofbadactorsbasedontheeconomicallydominant strategy-itwouldbetoocostlytotrytomanipulatetheresults.Verifiedsmartcontractsare producedwiththeproof-of-audithash,whichincludestheversionofthesecuritylibraryusedby theverifierandaplain-textreportisreleasedbasedonconsensus.Inthefuture,weplantooffer smartcontractinsuranceinpartnershipwith3rdpartiestofurthermitigaterisksofusingsmart contracts. 2. We incentivize miners by making the verification and certificationof smart contracts part of the validation node software on Ethereum Inablockchainarchitecture,“miners”areparticipatingentitiesthattrytoaddtransactionsto thechain.IntheQuantstampprotocol,minersarecalledverifiers.Averifierneedstorunthe validation node software which watches for updates on the Quantstamp validationsmart contract. Thefeeforperingtheservicemakesverifiershonest.Averifierthatcertifiesa contractproducesaproof-of-audithashandinturn,theverifierisawardedatokenfee.Incasea verifierfindsaviolationofsecuritygoalsbyacontract,s/heproducesacounterexamplethatisa witness to the violation and the escrowsmart contract pays a bounty fee to the verifier. Developersareresponsibletoaddressvulnerabilitieswhentheyarefound,butnow,theycan address it before real stakes are involved. How we improve the developer’s process Well-intentionedsoftwaredevelopersneedhelptoproducebettercode.AspointedoutbyLuuet al., there is a semantic gap rooted in a misunderstanding of how code cutes inthe 6blockchain;consequently,thereisapressingneedforbettertoolsthatcanassistthedeveloper in capturing vulnerabilities prior to deployment. The current way developers test code - manuallyviaopensourcecodereviewsandunittestsiftheyarediligent-isnotsufficientto meettheneedsofblockchaintechnology,whichideallyoffersperfectsecurity.Alloftheabove sareverymanual sthat allowforhumanerror. Thereisaneedforaneasy process of verifying smart contracts while minimizing the chance of seriousvulnerabilities slippingthroughthecracks.TheQuantstampprotocolprovidesthiseasyinterfacewhilealso helpingtoprotectdeveloperreputationsbyprovingontheblockchainthattheyhavepered this auditing. 6 Luu et al. describe this semantic gap in their paper “Making Smart Contracts Smarter.” They propose to enhance the operational semantics of Ethereum and offer a symbolic cution tool called Oyente to find bugs in smart contracts. We pragmatically believe that very few developers, in practice, will ever utilize such tools, just as very few do in the ordinary practice of software engineering. 8 Quantstamp, by example SupposeadeveloperplanstodeployasmartcontractwritteninSolidityonEthereum.Thereis substantialriskwhenwritingcodethataccessesamonetarysystem,andthedevelopermus
展开阅读全文