Smart contracts embody complex business processes that can be difficult to analyze statically. Therefore, we present HighGuard, a runtime monitoring tool that leverages business process specifications written in DCR graphs to provide runtime verification of smart contract execution. We demonstrate how HighGuard can detect and flag deviations from specified behaviors in smart contracts deployed in the Ethereum network without code instrumentation and any additional gas costs.
- Fully automated model-based monitoring/testing of smart contracts.
- Supports DCR graphs enhanced with data and time.
- Supports multi- and cross-chain smart contract monitoring
- Platform agnostic as the models are built based on high-level business logic specifications.
- Batteries included: Many of the smart contract libraries HighGuard uses are part of its project under
libdirectory. - Distributed logging: As HighGuard can monitor many contracts at once, and it includes a distributed logging ecosystem to better suit large-scale monitoring operations.
To manually install and run HighGuard, follow these steps:
-
Clone the repository:
git clone https://github.com/mojtaba-eshghie/HighGuard.git cd HighGuard -
Install Node.js and npm:
Ensure you have Node.js version 16.20.2 and npm version 8.19.4 installed. You can download and install Node.js from Node.js official website.
Verify the installation:
node --version npm --version
-
Install project dependencies:
npm install
-
Install Foundry and Anvil:
Follow the instructions to install Foundry from the Foundry Book.
curl -L https://foundry.paradigm.xyz | bash source ~/.bashrc foundryup
-
Run the CLI commands:
You can now run the CLI commands as needed:
pkill anvil; node CI/run.js -t synthesized -e separate -v -c micro-configs/config-synthesized-governance.yml pkill anvil; node CI/run.js -t synthesized -e separate -v -c micro-configs/config-synthesized-escrow.yml pkill anvil; node CI/run.js -t synthesized -e separate -v -c micro-configs/config-synthesized-multistageauction.yml pkill anvil; node CI/run.js -t synthesized -e separate -v -c micro-configs/config-synthesized-prizedistribution.yml pkill anvil; node CI/run.js -t synthesized -e separate -v -c micro-configs/config-synthesized-productorder.yml pkill anvil; clear; node CI/run.js -t cross-chain -e unified pkill anvil; clear; node CI/run.js -t cross-chain -e unified -l "tests/Bridge.exploit1.js" pkill anvil; clear; node CI/run.js -t cross-chain -e unified -l "tests/Bridge.exploit2.js"
To build and run HighGuard using Docker, follow these steps:
-
Clone the repository:
git clone https://github.com/mojtaba-eshghie/HighGuard.git cd HighGuard -
Build the Docker image:
docker build -t HighGuard-cli-docker . -
Run the Docker container with specific commands:
Replace the command as needed:
docker run --rm -v $(pwd):/usr/src/app HighGuard-cli-docker bash -c "pkill anvil; node CI/run.js -t synthesized -e separate -v -c micro-configs/config-synthesized-governance.yml"
Example commands:
docker run --rm -v $(pwd):/usr/src/app highguard-cli-docker bash -c "pkill anvil; node CI/run.js -t synthesized -e separate -v -c micro-configs/config-synthesized-escrow.yml" docker run --rm -v $(pwd):/usr/src/app highguard-cli-docker bash -c "pkill anvil; node CI/run.js -t synthesized -e separate -v -c micro-configs/config-synthesized-multistageauction.yml" docker run --rm -v $(pwd):/usr/src/app highguard-cli-docker bash -c "pkill anvil; node CI/run.js -t synthesized -e separate -v -c micro-configs/config-synthesized-prizedistribution.yml" docker run --rm -v $(pwd):/usr/src/app highguard-cli-docker bash -c "pkill anvil; node CI/run.js -t synthesized -e separate -v -c micro-configs/config-synthesized-productorder.yml" docker run --rm -v $(pwd):/usr/src/app highguard-cli-docker bash -c "pkill anvil; clear; node CI/run.js -t cross-chain -e unified" docker run --rm -v $(pwd):/usr/src/app highguard-cli-docker bash -c "pkill anvil; clear; node CI/run.js -t cross-chain -e unified -l \"tests/Bridge.exploit1.js\"" docker run --rm -v $(pwd):/usr/src/app highguard-cli-docker bash -c "pkill anvil; clear; node CI/run.js -t cross-chain -e unified -l \"tests/Bridge.exploit2.js\""
Export the
resultsdirectory from the container to your current directory (outside the container) using the following command:docker run --rm -v $(pwd)/results:/results highguard-cli-docker bash -c "cp -r /usr/src/app/results/* /results"
For an extended documentation on how to use and extend HighGuard, refer to HighGuard wiki
@misc{HighGuard,
author = {Mojtaba Eshghie and Wolfgang Ahrendt and
Cyrille Artho and Thomas Troels Hildebrandt and
Gerardo Schneider},
title = {HighGuard: Monitoring Business Processes in
Smart Contracts},
year = {2023},
month = {May},
url = {https://arxiv.org/abs/2305.08254},
doi = {10.48550/arXiv.2305.08254},
abstract = {Smart contracts embody complex business processes that can be difficult to analyze statically.
In this paper, we present HighGuard, a runtime monitoring tool that leverages business process
specifications written in DCR graphs to provide runtime verification of smart contract execution.
We demonstrate how HighGuard can detect and flag deviations from specified behaviors in smart
contracts deployed in the Ethereum network without code instrumentation or additional gas costs.},
note = {arXiv:2305.08254v1 [cs.CR]},
keywords = {dcr-graphs, dynamic-condition-response,
runtime-monitoring, runtime-verification,
smart-contract-specifications,
smart-contracts-security}
}
This part is deprecated, and is not actively maintained. You can look here for the old documentation.