Smart contracts are programs running on top of a cryptocurrency or blockchain. This has has recently emerged as an important new programming model. In the Ethereum cryptocurrency alone, smart contract programs directly control over $10B USB of virtual currency. Smart contracts show an exciting potential to automate business processes, reduce the need for trusted intermediaries, and enable disruptive applications like prediction markets and exchanges.
However, the positive potential of smart contracts seems to be equally matched by new hazards and pitfalls. Programming errors and exploitable vulnerabilities have already led to the loss or thefts or hundreds of millions of dollars. This has led to a surge of interest in using PL and formal methods techniques to avoid errors and improve code trustworthiness.
In this talk I’ll give a short survey of the security failures of smart contracts and their underlying causes, as well as the state of adoption of techniques from PL/FM research communities. I’ll suggest some differences between smart contracts and traditional programming models that pose new research challenges.