Smart contracts: security patterns in the ethereum ecosystem and solidity

  title={Smart contracts: security patterns in the ethereum ecosystem and solidity},
  author={Maximilian W{\"o}hrer and Uwe Zdun},
  journal={2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE)},
  • Maximilian Wöhrer, U. Zdun
  • Published 20 March 2018
  • Computer Science
  • 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE)
Smart contracts that build up on blockchain technologies are receiving great attention in new business applications and the scientific community, because they allow untrusted parties to manifest contract terms in program code and thus eliminate the need for a trusted third party. The creation process of writing well performing and secure contracts in Ethereum, which is today’s most prominent smart contract platform, is a difficult task. Research on this topic has only recently started in… 

Tables from this paper

Design Patterns for Smart Contracts in the Ethereum Ecosystem
  • Maximilian Wöhrer, U. Zdun
  • Computer Science
    2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)
  • 2018
A number of design patterns providing design guidelines for smart contract patterns in Ethereum are mined and it is shown that the patterns are widely used to address application requirements and common problems.
Detection of Vulnerabilities in Smart Contracts Specifications in Ethereum Platforms
This paper proposes a tool for the detection of vulnerabilities in high-level languages based on automatized static analysis that can be more relevant for security and have greater economic consequences than a mistake in the conventional apps.
Security Analysis Methods on Ethereum Smart Contract Vulnerabilities: A Survey
This survey aims to identify the key vulnerabilities in smart contracts on Ethereum in the perspectives of their internal mechanisms and software security vulnerabilities by correlating 16 Ethereum vulnerabilities and 19 software security issues.
Security Vulnerabilities in Ethereum Smart Contracts
To foster a secure development process of SC this paper summarizes known vulnerabilities in smart contracts found by literature research and analysis and compares currently available code analysis tools for their capabilities to identify and detect vulnerabilities inSmart contracts based on a taxonomy for vulnerabilities.
SoK: Development of Secure Smart Contracts - Lessons from a Graduate Course
This work focuses on smart contracts, which are programs on top of blockchains and cryptocurrencies that allow parties to exchange valuable assets without mutual trust, with smart contracts controlling the interaction between the parties.
Characterizing the Cost of Introducing Secure Programming Patterns and Practices in Ethereum
The results show that the application of the ten security patterns and practices identified and implemented increases the cost of the smart contract (when compared to the baseline), but it is argued that this difference is not significant and should not deter any programmers into introducing the security pattern and practices into their smart contracts.
Applicability of the Software Security Code Metrics for Ethereum Smart Contract
The Goal Question Metric approach is used to analyze the applicability of the security code metric from non-blockchain into the smart contract domain and found 15 security code metrics that can be applied to smart contract development.
Foundations and Tools for the Static Analysis of Ethereum Smart Contracts
This work will overview the state-of-the-art in smart contract verification, covering formal semantics, security definitions, and verification tools, and focus on EtherTrust, a framework for the static analysis of Ethereum smart contracts which includes the first complete small-step semantics of EVM bytecode.
Developing Safe Smart Contracts
It is shown how the actor model can be used for modeling, analysis and synthesis of smart contracts, and a synthesizer is implemented to synthesize Solidity programs that run on the Ethereum platform from Smart Rebeca models.
Smart Contract Security: A Software Lifecycle Perspective
A literature review of smart contract security from a software lifecycle perspective analyzes the key features of blockchain that can cause security issues in smart contracts and summarizes the common security vulnerabilities of smart contracts.


A Survey of Attacks on Ethereum Smart Contracts (SoK)
This work analyses the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities, and shows a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.
Blockchain-based Smart Contracts: A Systematic Mapping Study
A systematic mapping study to collect all research that is relevant to smart contracts from a technical perspective and identifies four key issues, namely, codifying, security, privacy and performance issues.
An Empirical Analysis of Smart Contracts: Platforms, Applications, and Design Patterns
Focussing on the two most widespread platforms, Bitcoin and Ethereum, the usage of smart contracts in relation to their application domain is quantified and the most common programming patterns in Ethereum are analysed.
The blockchain paradigm when coupled with cryptographically-secured transactions has demonstrated its utility through a number of projects, with Bitcoin being one of the most notable ones, and Ethereum implements this paradigm in a generalised manner.
Applying Software Patterns to Address Interoperability in Blockchain-based Healthcare Apps
This paper provides an initial step in filling the gap on the concrete architectural styles and patterns for applying blockchain to healthcare apps by showing the features and implementation challenges in healthcare interoperability, and how applying foundational software patterns can help address common interoperability challenges faced by blockchain-based healthcare apps.
Security considerations — solidity 0 . 4 . 18 documentation
    Analysis of the dao exploit
    • 2016, [Online; accessed 6-September-2017 ]. [Online]. Available: 06/18/analysis-of-the-dao-exploit/
    • 2016
    Design patterns: elements of
    • 1994.
    • 1994