Saved in:
Bibliographic Details
Main Authors: Koutavas, Vasileios, Lin, Yu-Yang, Tzevelekos, Nikos
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2512.22417
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866917444410408960
author Koutavas, Vasileios
Lin, Yu-Yang
Tzevelekos, Nikos
author_facet Koutavas, Vasileios
Lin, Yu-Yang
Tzevelekos, Nikos
contents We present a game semantics framework for open-world safety analysis of Ethereum smart contracts. We model the interaction between a contract and its environment as a two-player game between the contract and the environment, and prove up to gas model approximations soundness: every assertion violation found corresponds to a real execution; and completeness: every open-world execution is captured. To our knowledge, this provides the first formal open-world interaction semantics for Ethereum smart contracts with mathematical guarantees of soundness and completeness. We implement this framework in YulTracer, an assertion reachability tool for real-world Solidity contracts, built on Yul, the intermediate language of the Solidity compiler. YulTracer uses concrete execution and exhaustively explores game traces within user-specified bounds. We evaluate it on reentrancy benchmarks, where YulTracer achieves 100% recall and precision -- the only tool to do so from those we examined -- and on two large real-world exploits (the DAO and PredyPool), where it detects the known vulnerabilities and produces no false positives on fixed versions. To our knowledge, YulTracer is the first tool to achieve this level of precision on real-world contracts without false positives. We additionally demonstrate generality of the approach via the examination of access control benchmarks.
format Preprint
id arxiv_https___arxiv_org_abs_2512_22417
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Open-World Assertion Checking for Smart Contracts via Game Semantics
Koutavas, Vasileios
Lin, Yu-Yang
Tzevelekos, Nikos
Programming Languages
We present a game semantics framework for open-world safety analysis of Ethereum smart contracts. We model the interaction between a contract and its environment as a two-player game between the contract and the environment, and prove up to gas model approximations soundness: every assertion violation found corresponds to a real execution; and completeness: every open-world execution is captured. To our knowledge, this provides the first formal open-world interaction semantics for Ethereum smart contracts with mathematical guarantees of soundness and completeness. We implement this framework in YulTracer, an assertion reachability tool for real-world Solidity contracts, built on Yul, the intermediate language of the Solidity compiler. YulTracer uses concrete execution and exhaustively explores game traces within user-specified bounds. We evaluate it on reentrancy benchmarks, where YulTracer achieves 100% recall and precision -- the only tool to do so from those we examined -- and on two large real-world exploits (the DAO and PredyPool), where it detects the known vulnerabilities and produces no false positives on fixed versions. To our knowledge, YulTracer is the first tool to achieve this level of precision on real-world contracts without false positives. We additionally demonstrate generality of the approach via the examination of access control benchmarks.
title Open-World Assertion Checking for Smart Contracts via Game Semantics
topic Programming Languages
url https://arxiv.org/abs/2512.22417