Safe design and evolution of smart contracts using dynamic condition response graphs to model generic role-based behaviors

Smart contracts executed on blockchains are interactive programs where external actors generate events that trigger function invocations. Events can be emitted by participants asynchronously. However, some functionalities should be restricted to participants inhabiting specific roles in the system, which might be dynamically adjusted while the system evolves. We argue that current smart contract languages adopting imperative programming paradigms require additional complicated access control code. Furthermore, smart contracts are often developed and evolved independently and cannot share a joint access control policy. This makes it challenging to ensure the correctness of access control properties and to maintain correctness when the contracts are adapted. We propose using dynamic condition response (DCR) graphs for role-based and declarative access control for smart contracts and techniques for test-driven modelling and refinement of DCR graphs to support the safe design and evolution of smart contracts. We show that they allow for capturing and visualizing a form of dynamic access control where access rights evolve as the contract state progresses. Their use supports the straightforward declaration of access control rights, improved code auditing, test-driven modelling, and safe evolution of smart contracts and improves users' understanding.