Formal properties for randomness and delegatecall usage in smart contracts

Determine valid formal specification properties for Solidity smart contracts that explicitly express expectations of proper randomness generation and the correct use of delegatecall, so that these properties can be applied within property-based verification pipelines to detect corresponding vulnerabilities.

Background

During evaluation on well-known smart contract CVEs, the authors examined cases their system did not detect and identified a gap in property modeling for certain vulnerability classes. Specifically, they noted uncertainty around how to formally express expectations related to randomness and delegatecall in the specification language used for verification.

Establishing such properties is important because randomness misuse and delegatecall misconfiguration are common sources of vulnerabilities in smart contracts. Clear, verifiable properties would enable retrieval-augmented generation systems and formal provers to capture these categories in a principled way, improving coverage for logic bugs that are not easily represented by existing specifications.

References

We also investigated the remaining four CVEs that PropertyGPT failed to detect. It is unknown what valid properties can express the expectation of proper randomness and delegatecall use.

PropertyGPT: LLM-driven Formal Verification of Smart Contracts through Retrieval-Augmented Property Generation  (2405.02580 - Liu et al., 2024) in Section 6.2 (RQ2: Vulnerability Detection)