During the half year in the Ethereum space, I accumulated some nice-to-do projects. I usually put them aside and instead work on existing stuff, reviewing, adding tests, removing bugs and writing proofs. Maybe I should start my pending projects all, mess around, and eventually find what gains momentum. Maybe I should start small. Then the smallest way to start is expressing the ideas somehow. That’s what I do here.

If you want to see anything started, please highlight the portion of the text. Then everybody knows which projects are most attracting. Of course, if you think “yep, I can do that,” already, probably you can be the first one to do that.

Collection of buggy Ethereum contracts

There is an automatic EVM code analyzer called Oyente, and there will be more tools for Ethereum contract verification. We need a benchmark for those. The first step is to curate a collection of buggy Ethereum contracts.

CSmith for Solidity

There is a project called CSmith that fuzzes C/C++ compilers. The project claims it has found bugs in all compilers that they targeted. The same approach will surely find bugs in the Solidity compiler.

Somehow I found a language called Luck for producing random programs in a certain language. I found one issue and waiting for it to be fixed. Maybe I should fix it myself.

Formally verified floating-point number arithmetics on EVM

Ethereum Virtual Machine does not support floating point numbers natively. So a library might be useful, but a wrong library would be harmful. So let’s implement and prove correct floating-point arithmetics in EVM. All the ingredients are available already:

One definition of EVM is available for theorem provers Coq, Isabelle/HOL and HOL4

IEEE-754 (about a representation of floating point numbers) has been modelled in all of these theorem provers: Coq and Isabelle/HOL and HOL4.

Automatic implementation of cryptographic protocols, using Ethereum as a public channel

In Malta, I learned that Ethereum is usable for implementing cryptographic protocols, especially when a public pin-board is necessary [Patrick McCorry, Siamak Shahandashti and Feng Hao, FC2017]. I also learned that some people verify cryptographic protocols using ProVerif. These ideas somehow mixed in my head.

If you can translate ProVerif input to a set of Ethereum programs and deployment procedures, protocols verified in ProVerif can be implemented quickly.

Using Rosette to find bugs in EVM bytecodes

I found a tool called Rosette. The documentation seems to say that, once you implement an interpreter of a programming language in Rosette, you can ask Rosette to perform some automatic program verification tasks. Why not do that for the Ethereum Virtual Machine? Rosette supports bitvectors, so there should not be any big problems implementing EVM.

This would be especially powerful in combination with high-level language compilers that can compile a never-reached failure into an invalid instruction. The Solidity compiler is using the 0xfe invalid instruction for assertion failures that should never be reached. I guess it’s very easy to instruct Rosette to try to find an execution that reaches them. We get an automatic static checker for Solidity assertions.

Developing a formally verified compiler for a tiny language into EVM

After specifying a virtual machine in theorem provers, the next natural thing to do is to start developing a small compiler into the virtual machine. I’m somehow interested in this French technique https://hal.inria.fr/hal-01094488.

Verifying EVM to eWASM transpiler

I heard EVM to eWASM transpiler has already been implemented and it passes all VM tests. I think it shouldn’t be too hard to prove the correctness of this transpiler (not too hard = takes not more than ten years).

Executable specification of Solidity

I’ve been talking about the lack of specification of Solidity. What is the way to improve the situation? Of course writing a specification, but it is a huge amount of work. It will start paying off earlier if the specification is executable because, then, we can test the Solidity compiler against the specification from the very beginning (once the specification can understand the simplest program).

Adding algebraic data type in Solidity

If I choose only one language feature from OCaml that I want in Solidity, that would be algebraic data types. There is already an issue about this, but not much has been done there.

Proof Market on Ethereum

Once I was running a web site called the proof market where people could set up bounty on statements to be proven. I closed down the site after seeing consistency bugs in the theorem prover, but the bigger problem was that the site was running on a VPS and managing Bitcoins on the server. A natural alternative is to implement a proof checker on Ethereum, and implement the bounty program as an Ethereum contract. There, a logical proof checking is much closer to the economic incentives.

The first question there is, what kind of formal proofs can be checked on Ethereum. Maybe we need to do something similar to TrueBit.