Martino Agostini

Technology, Business, Strategy … so what ?

Martino Agostini

Technology, Business, Strategy … so what ?
Menu
Some considerations on Smart Contract Security

Some considerations on Smart Contract Security

Blockchain platforms and languages for writing smart contracts are becoming increasingly popular. However, smart contracts and blockchain applications are developed through non-standard software life-cycles, in which, for instance, delivered applications can hardly be updated or bugs resolved by releasing a new version of the software (Vacca et al. 2021).

In this scenario, more focus needs to be dedicated to Smart contract security. This emerging research area deals with security issues arising from the execution of smart contracts in a blockchain system. Generally, a smart contract is a piece of executable code that automatically runs on the blockchain to enforce an agreement preset between parties involved in the transaction. To address these vulnerabilities, we examine recent advances in smart contract security spanning four development phases: 1) security design, 2) security implementation, 3) testing before deployment, and 4) monitoring and analysis. Finally, we outline emerging challenges and opportunities in smart contract security for blockchain engineers and researchers (Huang et al. 2019).

An interesting snapshot of the complexity of the subject is reported in the paper “Ethereum smart contract security research: survey and future research opportunities” (Wang et al. 2021).

Source: Zeli WANG et al.

An additional element of reflection analysis is coming to one this lecture Practical Smart Contract Security that leverage the idea of a “duck test” to raise attention to the fact that not all smart contracts are the same and that vulnerability can be present even the old contract.

Even the most popular tokens can be deceiving, so understanding risks and common pitfalls when integrating them is fundamental in Ethereum’s composable world. In this session, Martin Abbatemarco l cover many edge cases that developers should consider when integrating tokens into their projects, providing code examples and real cases of the dangers in mainnet.

Additional resource :

Weird ERC20 Tokens (Github)
Awesome Buggy ERC20 Tokens
Token integration checklist (Github)
Token Interaction Checklist (Consensys Diligence)

Publication bibliography

Huang, Yongfeng; Bian, Yiyang; Li, Renpu; Zhao, J. Leon; Shi, Peizhong (2019): Smart contract security: A software lifecycle perspective. In IEEE Access 7, pp. 150184–150202.

Vacca, Anna; Di Sorbo, Andrea; Visaggio, Corrado A.; Canfora, Gerardo (2021): A systematic literature review of blockchain and smart contract development: Techniques, tools, and open challenges. In Journal of Systems and Software 174, p. 110891.

Wang, Zeli; Jin, Hai; Dai, Weiqi; Choo, Kim-Kwang Raymond; Zou, Deqing (2021): Ethereum smart contract security research: survey and future research opportunities. In Frontiers of Computer Science 15 (2), pp. 1–18.

0 comments

Here is no comments for now.

Leave a reply