Search papers, labs, and topics across Lattice.
This paper details the implementation of defense-in-depth runtime safety checks for the Move smart-contract language used on the Aptos blockchain, addressing the limitations of static verification methods that can overlook bugs. By introducing independent runtime checks, the authors aim to safeguard against potential vulnerabilities that could lead to significant asset loss or corruption of on-chain state. The findings underscore the necessity of layered safety mechanisms in blockchain environments to enhance the reliability of smart contract execution.
Runtime safety checks in Move could be the critical layer that prevents asset loss from undetected verifier bugs in blockchain applications.
Move is a smart-contract language used to execute transactions on the Aptos blockchain. Move programs execute in a sandboxed VM as typed bytecode. The VM statically verifies foundational safety properties like type safety and reference safety at code loading time. In principle, this design gives strong guarantees for Move. However, the static verification logic is complex and continually evolving with the language; like any software, it is not immune to bugs. In a live blockchain setting, a missed rule violation can translate directly into loss of assets, forged authority, or unrecoverable corruption of on-chain state. For this reason, Aptos relies on defense-in-depth runtime safety checks that independently verify the critical invariants during execution, providing protection against latent verifier bugs and malicious bytecode. This paper motivates and describes the runtime safety checks for Move on Aptos.