In this conference, Grigore Rosu, founder of Runtime Verification, explains that many of the recent cryptocurrency bugs and exploits are due to flaws or weaknesses in the underlying blockchain programming languages or virtual machines.
The post-mortem approach to formal language semantics and verification, where the language is implemented and used in production for many years before the need for formal semantics and verification tools arises, simply does not work anymore.
New blockchain languages and virtual machines are being proposed at an alarming rate, followed by new versions of each of them every few weeks, together with programs (or smart contracts) in these languages that are responsible for financial transactions of potentially large value.
Formal analysis and verification tools are therefore needed immediately for these languages and virtual machines. At Runtime Verification we use recent academic and commercial results to develop blockchain languages and virtual machines that come equipped with formal analysis and verification tools from the outset. The idea is to generate all of these automatically, so that they are ‘correct by construction’ from a formal specification. We demonstrate the feasibility of this approach by applying it to two blockchains, Ethereum and Cardano.