Posted on by Achim D. Brucker, licensed under CC BY-ND 4.0.
solidity | ProgramVerification | Isabelle/HOL

A deep embedding of Solidity in Isabelle/HOL

Smart contracts are computer programs designed to automate legal agreements. They are usually developed in a high-level programming language, the most popular of which is Solidity. Every day, hundreds of thousands of new contracts are deployed managing millions of dollars worth of transactions. As for every computer program, smart contracts may contain bugs which can be exploited. However, since smart contracts are often used to automate financial transactions, such exploits may result in huge economic losses. In general, it is estimated that since 2019, more than $5B was stolen due to vulnerabilities in smart contracts.

To address the issue of smart contract vulnerabilities we developed Isabelle/Solidity. Isabelle/Solidity is, on the one hand, a deep embedding of an executable denotational semantics for Solidity within the Isabelle/HOL interactive theorem prover. On the other hand, Isabelle/Solidity is an interactive program verification environment for Solidity smart contracts.

We describe Isabelle/Solidity in our latest publication in the journal Formal Aspects of Computing [1].

References §

[1]
D. Marmsoler and A. D. Brucker, “A deep embedding of Solidity in Isabelle/HOL,” Formal Aspects of Computing (FAC), 2025, doi: 10.1145/3700601. Author copy: http://logicalhacking.com/publications/marmsoler.ea-isabelle-solidity-2025/

Welcome to the blog of the Software Assurance & Security Research Team at the University of Exeter. We blog regularly news, tips & tricks, as well as fun facts about software assurance, reliability, security, testing, verification, hacking, and logic.

You can also follow us on Twitter: @logicalhacking.

Categories

Archive

Tags

FormalMethods Isabelle/HOL ML/AI ProgramVerification SoftwareEngineering academia ai android apidesign appsec bitcoin blockchain bpmn browser browserextensions browsersecurity bug certification chrome composition confidentiality cordova dast devops devsecops dom dsbd efsm epsrc event events extensions fixeffort floss formaldocument formalmethods formalverification funding hol-ocl hol-testgen humanfactor hybridapps iast industry internetofthings iot isabelle/hol isabelledof isabellehol isadof latex logic maintance malicous mbst mobile mobile apps modelinference modeling monads monitoring msc neuralnetwork ocl ontology opensource owasp patches pedadogy pet phd phdlife phishing policy programminglanguages protocols protocolverfication publishing reliability research safelinks safety sap sast sdlc secdevops secureprogramming security securityengineering securitytesting semantics servicecomposition skills smartcontract smartcontracts smartthings smpc softwareeinginering softwaresecurity softwaresupplychain solidity staff&positions statemachine studentproject tcb teaching test&proof test@proof testing tips&tricks tools transport tuos uk uoe upgrade usability verification vulnerabilities vulnerableapplication webinar websecurity

Search


blog whole site