Obsidian: Typestate and Assets for Safer Blockchain Programming
This addresses security vulnerabilities in blockchain smart contracts, which are critical for trustless transactions, though it is an incremental improvement over existing methods by introducing a new language with enhanced type safety.
The authors tackled the problem of bugs in smart contracts by developing Obsidian, a novel programming language with a type system that statically detects common bugs, such as improper state manipulation and asset abuse, as demonstrated in case studies for parametric insurance and supply chain management.
Blockchain platforms are coming into broad use for processing critical transactions among participants who have not established mutual trust. Many blockchains are programmable, supporting smart contracts, which maintain persistent state and support transactions that transform the state. Unfortunately, bugs in many smart contracts have been exploited by hackers. Obsidian is a novel programming language with a type system that enables static detection of bugs that are common in smart contracts today. Obsidian is based on a core calculus, Silica, for which we proved type soundness. Obsidian uses typestate to detect improper state manipulation and uses linear types to detect abuse of assets. We describe two case studies that evaluate Obsidian's applicability to the domains of parametric insurance and supply chain management, finding that Obsidian's type system facilitates reasoning about high-level states and ownership of resources. We compared our Obsidian implementation to a Solidity implementation, observing that the Solidity implementation requires much boilerplate checking and tracking of state, whereas Obsidian does this work statically.