Ensuring high-level security properties for Ethereum smart contracts remains challenging under complex compositional interactions and unknown code defects. Method: This paper proposes Theorem-Carrying Transactions (TCT), a novel mechanism where each transaction carries a verifiable theorem; the runtime system checks, prior to execution, whether the theorem holds for contract-level safety properties. We introduce a lightweight runtime certification paradigm that synergistically integrates symbolic proof generation with concrete execution, enabling safety properties to serve as unconditional commitments of the contract—without relying on predefined vulnerability patterns. Contribution/Results: Leveraging lightweight theorem synthesis, runtime proof checking, declarative safety property modeling, and formal verification techniques, TCT effectively mitigates integer overflows, reentrancy, and other critical vulnerabilities in real-world DeFi applications—including Token contracts and Uniswap. Our prototype reduces verification overhead by two orders of magnitude compared to state-of-the-art approaches, achieving significant gains in both efficiency and assurance.

Security bugs and trapdoors in smart contracts have been impacting the Ethereum community since its inception. Conceptually, the 1.45-million Ethereum's contracts form a single"gigantic program"whose behaviors are determined by the complex reference-topology between the contracts. Can the Ethereum community be assured that this gigantic program conforms to its design-level safety properties, despite unforeseeable code-level intricacies? Static code verification is inadequate due to the program's gigantic scale and high polymorphism. In this paper, we present a viable technological roadmap for the community toward this ambitious goal. Our technology, called Theorem-Carrying-Transaction (TCT), combines the benefits of concrete execution and symbolic proofs. Under the TCT protocol, every transaction carries a theorem that proves its adherence to the specified properties in the invoked contracts, and the runtime system checks the theorem before executing the transaction. Once a property is specified in a contract, it can be treated confidently as an unconditional guarantee made by the contract. As case studies, we demonstrate that TCT secures token contracts without foreseeing code-level intricacies like integer overflow and reentrancy. TCT is also successfully applied to a Uniswap codebase, showcasing a complex decentralized finance (DeFi) scenario. Our prototype incurs a negligible runtime overhead, two orders of magnitude lower than a state-of-the-art approach.