Smart contracts: security patterns in the ethereum ecosystem and solidity

@article{Whrer2018SmartCS,
  title={Smart contracts: security patterns in the ethereum ecosystem and solidity},
  author={Maximilian W{\"o}hrer and Uwe Zdun},
  journal={2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE)},
  year={2018},
  pages={2-8}
}
  • Maximilian Wöhrer, U. Zdun
  • Published 20 March 2018
  • Computer Science
  • 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE)
Smart contracts that build up on blockchain technologies are receiving great attention in new business applications and the scientific community, because they allow untrusted parties to manifest contract terms in program code and thus eliminate the need for a trusted third party. The creation process of writing well performing and secure contracts in Ethereum, which is today’s most prominent smart contract platform, is a difficult task. Research on this topic has only recently started in… 

Tables from this paper

Design Patterns for Smart Contracts in the Ethereum Ecosystem
  • Maximilian Wöhrer, U. Zdun
  • Computer Science
    2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)
  • 2018
TLDR
A number of design patterns providing design guidelines for smart contract patterns in Ethereum are mined and it is shown that the patterns are widely used to address application requirements and common problems.
Detection of Vulnerabilities in Smart Contracts Specifications in Ethereum Platforms
TLDR
This paper proposes a tool for the detection of vulnerabilities in high-level languages based on automatized static analysis that can be more relevant for security and have greater economic consequences than a mistake in the conventional apps.
Security Issues of Smart Contracts in Ethereum Platforms
TLDR
Evaluation audit of ICOs associated with the underlying security of smart contracts is a complex issue requiring many efforts, and this paper focuses on one of the most popular blockchain frameworks, Ethereum, a prominent ICO and smart contract platform, and its dominant programming language, Solidity.
Security Analysis Methods on Ethereum Smart Contract Vulnerabilities: A Survey
TLDR
This survey aims to identify the key vulnerabilities in smart contracts on Ethereum in the perspectives of their internal mechanisms and software security vulnerabilities by correlating 16 Ethereum vulnerabilities and 19 software security issues.
Security checklists for Ethereum smart contract development: patterns and best practices.
TLDR
A list of security patterns for DApps is collected to allow developers to easily verify if they applied all the relevant security patterns to their smart contracts and to provide the reader with security assessment checklists that can be easily used for the development of SCs.
Security Vulnerabilities in Ethereum Smart Contracts
TLDR
To foster a secure development process of SC this paper summarizes known vulnerabilities in smart contracts found by literature research and analysis and compares currently available code analysis tools for their capabilities to identify and detect vulnerabilities inSmart contracts based on a taxonomy for vulnerabilities.
SoK: Development of Secure Smart Contracts - Lessons from a Graduate Course
TLDR
This work focuses on smart contracts, which are programs on top of blockchains and cryptocurrencies that allow parties to exchange valuable assets without mutual trust, with smart contracts controlling the interaction between the parties.
Characterizing the Cost of Introducing Secure Programming Patterns and Practices in Ethereum
TLDR
The results show that the application of the ten security patterns and practices identified and implemented increases the cost of the smart contract (when compared to the baseline), but it is argued that this difference is not significant and should not deter any programmers into introducing the security pattern and practices into their smart contracts.
Applicability of the Software Security Code Metrics for Ethereum Smart Contract
TLDR
The Goal Question Metric approach is used to analyze the applicability of the security code metric from non-blockchain into the smart contract domain and found 15 security code metrics that can be applied to smart contract development.
Foundations and Tools for the Static Analysis of Ethereum Smart Contracts
TLDR
This work will overview the state-of-the-art in smart contract verification, covering formal semantics, security definitions, and verification tools, and focus on EtherTrust, a framework for the static analysis of Ethereum smart contracts which includes the first complete small-step semantics of EVM bytecode.
...
...

References

SHOWING 1-8 OF 8 REFERENCES
A Survey of Attacks on Ethereum Smart Contracts (SoK)
TLDR
This work analyses the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities, and shows a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.
Blockchain-based Smart Contracts: A Systematic Mapping Study
TLDR
A systematic mapping study to collect all research that is relevant to smart contracts from a technical perspective and identifies four key issues, namely, codifying, security, privacy and performance issues.
An Empirical Analysis of Smart Contracts: Platforms, Applications, and Design Patterns
TLDR
Focussing on the two most widespread platforms, Bitcoin and Ethereum, the usage of smart contracts in relation to their application domain is quantified and the most common programming patterns in Ethereum are analysed.
ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER
TLDR
The blockchain paradigm when coupled with cryptographically-secured transactions has demonstrated its utility through a number of projects, with Bitcoin being one of the most notable ones, and Ethereum implements this paradigm in a generalised manner.
Applying Software Patterns to Address Interoperability in Blockchain-based Healthcare Apps
TLDR
This paper provides an initial step in filling the gap on the concrete architectural styles and patterns for applying blockchain to healthcare apps by showing the features and implementation challenges in healthcare interoperability, and how applying foundational software patterns can help address common interoperability challenges faced by blockchain-based healthcare apps.
Security considerations — solidity 0 . 4 . 18 documentation
    Analysis of the dao exploit
    • 2016, [Online; accessed 6-September-2017 ]. [Online]. Available: http://hackingdistributed.com/2016/ 06/18/analysis-of-the-dao-exploit/
    • 2016
    Design patterns: elements of
    • 1994.
    • 1994