Isabelle/Solidity: A deep embedding of Solidity in Isabelle/HOL

• Published in: Formal aspects of computing Vol. 37; no. 2; pp. 1 - 56
• Main Authors: Marmsoler, Diego, Brucker, Achim D.
• Format: Journal Article
• Language: English
• Published: New York, NY ACM 04.03.2025
• Subjects: Formal software verification; Logic and verification; Program semantics; Security and privacy; Software and its engineering; Theory of computation; Solidity; Isabelle/HOL; denotational semantics
• ISSN: 0934-5043; 1433-299X
• DOI: 10.1145/3700601

Smart contracts are computer programs designed to automate legal agreements. They are usually developed in a high-level programming language, the most popular of which is Solidity. Every day, hundreds of thousands of new contracts are deployed managing millions of dollars’ worth of transactions. As for every computer program, smart contracts may contain bugs which can be exploited. However, since smart contracts are often used to automate financial transactions, such exploits may result in huge economic losses. In general, it is estimated that since 2019, more than $5B was stolen due to vulnerabilities in smart contracts.This article addresses the issue of smart contract vulnerabilities by introducing an executable denotational semantics for Solidity within the Isabelle/HOL interactive theorem prover. This formal semantics serves as the basis for an interactive program verification environment for Solidity smart contracts. To evaluate our semantics, we integrate grammar-based fuzzing with symbolic execution to automatically test it against the Solidity reference implementation. The article concludes by showcasing the formal verification of Solidity programs, exemplified through the verification of a basic Solidity token.