This paper addresses security verification of Solidity smart contracts by constructing the first decidable type system for TinySol—the core calculus of Solidity—simultaneously ensuring two critical financial-flow security properties: call integrity and noninterference. Methodologically, we introduce a novel big-step operational semantics that formally characterizes both properties and prove, for the first time, their logical independence. Building upon this semantics, we design a unified type system wherein a single type-checking pass suffices to guarantee both properties. Our contributions are twofold: theoretically, we establish the precise logical relationship between call integrity and noninterference and provide rigorous soundness proofs; practically, we validate the system’s effectiveness and practical applicability through case studies on representative smart contracts, balancing object-oriented syntactic reconstruction, formal rigor, and engineering feasibility.

In this paper we focus on TinySol, a minimal calculus for Solidity smart contracts, introduced by Bartoletti et al. We start by rephrasing its syntax (to emphasise its object-oriented flavour) and give a new big-step operational semantics. We then use it to define two security properties, namely call integrity and noninterference. These two properties have some similarities in their definition, in that they both require that some part of a program is not influenced by the other part. However, we show that the two properties are actually incomparable. Nevertheless, we provide a type system for noninterference and show that well-typed programs satisfy call integrity as well; hence, programs that are accepted by our type system satisfy both properties. We finally discuss the practical usability of the type system and its limitations by means of some simple examples.