Scilla: a Smart Contract Intermediate-Level LAnguage

Abstract: This paper outlines key design principles of Scilla---an intermediate-level language for verified smart contracts. Scilla provides a clean separation between the communication aspect of smart contracts on a blockchain, allowing for the rich interaction patterns, and a programming component, which enjoys principled semantics and is amenable to formal verification. Scilla is not meant to be a high-level programming language, and we are going to use it as a translation target for high-level languages, such as Solidity, for performing program analysis and verification, before further compilation to an executable bytecode. We describe the automata-based model of Scilla, present its programming component and show how contract definitions in terms of automata streamline the process of mechanised verification of their safety and temporal properties.

• The paper presents Scilla as a novel intermediate smart contract language that separates computation and communication to facilitate rigorous formal verification.
• It employs a continuation-passing style for external function calls, ensuring atomicity and mitigating reentrancy vulnerabilities common in other contracts.
• By utilizing formal methods with tools like Coq, Scilla establishes a framework for proving contract safety and liveness, laying groundwork for secure blockchain applications.

Insights into : A Smart Contract Intermediate-Level Language

The document presents an intermediate-level programming language designed for smart contracts, titled . Developed by Ilya Sergey, Amrit Kumar, and Aquinas Hobor, this language emphasizes enhancing the verification and reliability of smart contracts through automated reasoning. It proposes a structured approach to contract development, building upon formal verification principles to mitigate prevalent vulnerabilities in existing smart contract languages.

The language deviates from typical high-level programming paradigms by segmenting contract functionality into two primary components: computation and communication. Utilizing a model rooted in communicating automata, structures contract transitions as standalone atomic procedures facilitating rigorous formal verification.

Key Features and Design Principles

1. Separation of Computation and Communication: provides a clear distinction between the different components of smart contracts. It prevents cross-integration between in-contract computations and blockchain-wide interactions during process execution. This separation ensures easier verification of contract correctness, particularly in understanding and proving its state changes and invariants.
2. Effectual and Pure Computations: distinguishes between pure computations and state-manipulating commands, drawing inspiration from functional programming paradigms. This design choice ensures transition executions maintain properties such as progress and type preservation, promoting consistency and predictability.
3. Continuation-Passing Style: adopts a continuation-passing style for external function calls, ensuring transitions remain atomic and preventing reentrancy issues often prevalent in other smart contract languages. This design serves as a defense against reentrancy vulnerabilities exemplified by incidents like the DAO attack.

Verification and Semantics

One of the cornerstones of the paper is the emphasis on formal methods. By leveraging Coq—a proof assistant with dependently typed languages—ensures that contracts can be reasoned about rigorously. This approach allows for the encoding of both safety and liveness properties, offering formal guarantees of contract behavior.

A single-step execution process within is modeled in three essential components: pre-state, post-state, and potential output message, forming a robust framework for trace-based semantics. This facilitates defining and proving correctness properties across numerous interaction scenarios the contract might encounter.

Comparison with Existing Frameworks

significantly differentiates itself from other blockchain languages by targeting a middle ground between expressivity and tractability:

• Unlike Ethereum's Solidity, which is Turing-complete and more challenging to reason about, ensures atomicity in operations, allowing developers to apply safety and temporal property proofs easily.
• Comparatively, languages like Bitcoin's Simplicity prioritize simpler transaction models but lack communication capabilities, an area where offers a more comprehensive solution.

Practical Implications and Future Directions

The introduction of serves as a stepping stone towards developing robust, verifiable smart contracts. By laying a foundation for formal verification, it reduces the likelihood of unforeseen vulnerabilities due to ambiguous language semantics or contract states.

Future work will involve formal grammar definition, full implementation on real-world blockchains, and exploration of more advanced contract structures, including complex interactions between contracts. As the ecosystem evolves, may serve as an enabler for high-trust environments where contractual correctness is paramount.

In summary, distinguishes itself by addressing key challenges in smart contract development through a methodical verification approach. It balances language simplicity with the complexity required for meaningful contract application, positioning itself as a significant tool for developers prioritizing reliability and correctness in blockchain environments.