A STUDY ON THE SECURE CODING RULES FOR DEVELOPING SECURE SMART CONTRACT ON ETHEREUM ENVIRONMENTS

Published 31 Dec 2019 •  vol 133  • 


Authors:

 

Junho Jeong, Dept. of Computer Science and Engineering, Kongju National University, Cheonan, Korea
Yunsik Son, Dept. of Computer Science and Engineering, Dongguk University, Seoul, Korea
Yangsun Lee, Dept. of Computer Engineering, Seokyeong University, Seoul, Korea

Abstract:

 

Smart contract-based development of decentralized applications is increasing with the development of blockchain technology. Although blockchain-based smart contracts are expected to revolutionize the digital economy, several security issues need to be addressed before this technology can be used reliably. The recent discovery of security weaknesses in Ethereum smart contracts questions the reliability of smart contracts. Therefore, there is a need to create and diagnose security weaknesses in Ethereum smart contracts to mitigate security risks. In this study, we assessed the potential security weaknesses of running smart contracts on Ethereum.

Keywords:

 

Secure Coding; Smart Contract; blockchain; Software Weakness; Ethereum

References:

 

[1] M. I. Mehar, C. L. Shier, A. Giambattista, E. Gong, G. Fletcher, R. Sanayhie, H. M. Kim, M. Laskowski, "Understanding a revolutionary and flawed grand experiment in blockchain: the DAO attack," Journal of Cases on Information Technology, Vol. 21, No. 1, (2019), pp. 19-32.
[2] The Parity Wallet Hack Explained, https://blog.zeppelin.solutions/on-the-parity-wallet-multisig-hack-405a8c12e8f7.
[3] G. Destefanis, M. Marchesi, M. Ortu, R. Tonelli, A. Bracciali, R. Hierons, "Smart contracts vulnerabilities: a call for blockchain software engineering," 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), (2018), pp. 19-25.
[4] T. Abdellatif, K. L. Brousmiche, "Formal verification of smart contracts based on users and blockchain behaviors models," 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), (2018), pp. 1-5.
[5] SECURIFY, https://securify.ch.
[6] P. Tsankov, A. Dan, D. Drachsler-Cohen, A. Gervais, F. Buenzli, M. Vechev, "Securify: Practical security analysis of smart contracts," Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, (2018), pp. 67-82.
[7] SmartCheck, https://tool.smartdec.net
[8] S. Tikhomirov, E. Voskresenskaya, I. Ivanitskiy, R. Takhaviev, E. Marchenko, Y. Alexandrov, "Smartcheck: Static analysis of ethereum smart contracts," 2018 IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain, (2018), pp. 9-16.
[9] K. Delmolino, M. Arnett, A. Kosba, A. Miller, E. Shi, "Step by step towards creating a safe smart contract: Lessons and insights from a cryptocurrency lab," International Conference on Financial Cryptography and Data Security, (2016), pp.79-94.
[10] K. Bhargavan, A. Delignat-Lavaud, C. Fournet, A. Gollamudi, G. Gonthier, N. Kobeissi, A. Rastogi, T. Sibut-Pinote, N. Swamy, S. Zanella-B├ęguelin, "Formal verification of smart contracts: Short paper," Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, (2016), pp. 91-96.
[11] Y. Lee, J. Jeong, Y. Son, "Design and implementation of the secure compiler and virtual machine for developing secure IoT services," Future Generation Computer Systems, Vol. 76, (2017), pp. 350-357.
[12] Ethereum Smart Contract Best Practices, Recommendations for Smart Contract Security in Solidity, https://consensys.github.io/smart-contract-best-practices/recommendations/
[13] Solidity 0.4.21 documentation, https://solidity.readthedocs.io/en/v0.4.21/contracts.html.
[14] Known Attacks, https://consensys.github.io/smart-contract-best-practices/known_attacks/.
[15] E. Zhou, S. Hua, B. Pi, J. Sun, Y. Nomura, K. Yamashita, H. Kurihara, "Security assurance for smart contract," 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), (2018), pp. 1-5.

Citations:

 

APA:
Jeong, J., Son, Y., & Lee, Y. (2019). A Study on the Secure Coding Rules for Developing Secure Smart Contract on Ethereum Environments. International Journal of Advanced Science and Technology (IJAST), ISSN: 2005-4238(Print); 2207-6360 (Online), NADIA, 133, 47-58. doi: 10.33832/ijast.2019.133.05.

MLA:
Jeong, Junho, et al. “A Study on the Secure Coding Rules for Developing Secure Smart Contract on Ethereum Environments.” International Journal of Advanced Science and Technology, ISSN: 2005-4238(Print); 2207-6360 (Online), NADIA, vol. 133, 2019, pp. 47-58. IJAST, http://article.nadiapub.com/IJAST/Vol133/5.html.

IEEE:
[1] J. Jeong, Y. Son, and Y. Lee, " A Study on the Secure Coding Rules for Developing Secure Smart Contract on Ethereum Environments." International Journal of Advanced Science and Technology (IJAST), ISSN: 2005-4238(Print); 2207-6360 (Online), NADIA, vol. 133, pp. 47-58, Dec 2019.