Static Capability-based Security for Smart Contracts

Smart contracts manage resources on a blockchain platform. These resources exist in the form of cryptocurrency, but also, more generally, in the form of data that is stored on the ledger. Due to the peculiarities of blockchain networks, changing smart contracts after deployment is hard or even impossible. This means that smart contracts must be correct and secure upon deployment. However, frequent exploits show that smart contract security is still difficult to achieve. To address this problem, we propose a static approach for capability-based smart contract security. We identify three central capabilities: calling functions, modifying state, and transferring currency. The entities to which these capabilities are attached are accounts (organized in roles) and smart contract functions. In our approach, a developer, given a security policy for a smart contract application, first designs a model of the application. The model consists of state variables, functions, roles and capabilities. We provide a definition of when the created model is consistent, and develop a formal analysis of model consistency. Furthermore, we provide a definition of what constitutes a secure implementation w.r.t. this model, and describe how to achieve an implementation which fulfills this notion of security.