Smart contracts are autonomously executing programs that can manipulate digital assets. Their key capability is the creation of trustworthy transaction environments: They can execute arbitrarily complex agreements in a manner that is fair to all parties. Smart contracts promise to have a transformative societal impact, bringing radical new efficiency to sectors as diverse as finance, digital media, and insurance. An impediment to the successful deployment of smart contracts, however, is their heightened susceptibility to bugs, which can lead directly to violation of contractual obligations and even theft of assets. Thus, new ways of ensuring the trustworthiness of smart contracts are needed.
This research project attacks the problem of trustworthiness in smart contracts from two sides. It explores new, proactive, language-based mechanisms for increasing the assurance that contracts are correctly implemented before deployment. Not all errors can be caught prior to deployment, however, so the project also investigates reactive mechanisms for preventing and mitigating the damage caused by incorrectly programmed smart contracts. The reactive methods explored in this research include the principled use of bug bounties to incentivize discovery and reporting of bugs, coupled with built-in mitigation mechanisms that alter contract behavior when bugs are uncovered. The outcomes of this research will include new scientific foundations for smart contract assurance that are applicable to the broader problem of software assurance, as well as practical methods that combine proactive and reactive tools to achieve heightened trustworthiness in deployed smart contracts.
