|Appears in Collections:||Computing Science and Mathematics Conference Papers and Proceedings|
|Title:||Smart contracts vulnerabilities: a call for blockchain software engineering?|
Ducasse S, S
|Citation:||Destefanis G, Marchesi M, Ortu M, Tonelli R, Bracciali A & Hierons R (2018) Smart contracts vulnerabilities: a call for blockchain software engineering?. In: Tonelli R, Ducasse S S, Fenu G & Bracciali A (eds.) 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE). 2018 IEEE 1st International Workshop on Blockchain Oriented Software Engineering (IWBOSE), Campobasso, Italy, 20.03.2018-20.03.2018. Piscataway, NJ, USA: IEEE, pp. 19-25. https://ieeexplore.ieee.org/abstract/document/8327567/; https://doi.org/10.1109/IWBOSE.2018.8327567|
|Conference Name:||2018 IEEE 1st International Workshop on Blockchain Oriented Software Engineering (IWBOSE)|
|Conference Dates:||2018-03-20 - 2018-03-20|
|Conference Location:||Campobasso, Italy|
|Abstract:||Smart Contracts have gained tremendous popularity in the past few years, to the point that billions of US Dollars are currently exchanged every day through such technology. However, since the release of the Frontier network of Ethereum in 2015, there have been many cases in which the execution of Smart Contracts managing Ether coins has led to problems or conflicts. Compared to traditional Software Engineering, a discipline of Smart Contract and Blockchain programming, with standardized best practices that can help solve the mentioned problems and conflicts, is not yet sufficiently developed. Furthermore, Smart Contracts rely on a non-standard software life-cycle, according to which, for instance, delivered applications can hardly be updated or bugs resolved by releasing a new version of the software. In this paper we advocate the need for a discipline of Blockchain Software Engineering, addressing the issues posed by smart contract programming and other applications running on blockchains.We analyse a case of study where a bug discovered in a Smart Contract library, and perhaps "unsafe" programming, allowed an attack on Parity, a wallet application, causing the freezing of about 500K Ethers (about 150M USD, in November 2017). In this study we analyze the source code of Parity and the library, and discuss how recognised best practices could mitigate, if adopted and adapted, such detrimental software misbehavior. We also reflect on the specificity of Smart Contract software development, which makes some of the existing approaches insufficient, and call for the definition of a specific Blockchain Software Engineering.|
|Status:||AM - Accepted Manuscript|
|Rights:||© 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.|
|smart-contracts-vulnerabilities-3.pdf||Fulltext - Accepted Version||382.65 kB||Adobe PDF||View/Open|
This item is protected by original copyright
Items in the Repository are protected by copyright, with all rights reserved, unless otherwise indicated.
If you believe that any material held in STORRE infringes copyright, please contact firstname.lastname@example.org providing details and we will remove the Work from public display in STORRE and investigate your claim.