Skip to main content
SpringerLink
Log in

Blockchain Smart Contracts Static Analysis for Software Assurance

  • Conference paper
  • First Online:
Intelligent Computing

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 284))

Abstract

This paper examines blockchain smart contract software assurance through the lens of static analysis. Smart contracts are immutable. Once they are deployed, it is impossible to patch or redevelop the smart contracts on active chains. This paper explores specific blockchain smart contract bugs to further understand categories of vulnerabilities for bug detection prior to smart contract deployment. Specifically, this work focuses on smart contract concerns in Solidity v0.6.2 which are unchecked by static analysis tools. Solidity, influenced by C++, Python and JavaScript, is designed to target the Ethereum Virtual Machine (EVM). Many, if not all, of the warnings we categorize are currently neither integrated into Solidity static analysis tools nor earlier versions of the Solidity compiler itself. Thus, the prospective bug detection lies entirely on smart contract developers and the Solidity compiler to determine if contracts potentially qualify for bugs, concerns, issues, and vulnerabilities. We aggregate and categorize these known concerns into categories and build a model for integrating the checking of these categories into a static analysis tool engine. The static analysis engine could be employed prior to deployment to improve smart contract software assurance. Finally, we connect our fault categories with other tools to show that our introduced categories are not yet considered during static analysis.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Dingman, W., et al.: Classification of smart contract bugs using the NIST bugs framework. In: 17th IEEE/ACIS International Conference on Software Engineering, Management and Applications (SERA 2019)

    Google Scholar 

  2. Xu, X., Pautasso, C., Zhu, L., Lu, Q., Weber, I.: A pattern collection for blockchain-based applications. In: Proceedings of the 23rd European Conference on Pattern Languages of Programs (EuroPLoP 2018). ACM, New York, NY, USA, Article 3, pp. 1–20 (2018). https://doi.org/10.1145/3282308.3282312

  3. Mense, A., Flatscher, M.: Security vulnerabilities in Ethereum smart contracts. In: Proceedings of the 20th International Conference on Information Integration and Web-based Applications & Services (iiWAS2018), Indrawan-Santiago, M., Pardede, E., Salvadori, I.L., Steinbauer, M., Khalil, I., Anderst-Kotsis, G. (eds.). ACM, New York, NY, USA, pp. 375–380 (2018). https://doi.org/10.1145/3282373.3282419

  4. Parker, T.: Smart Contracts: The Ultimate Guide to Blockchain Smart Contracts - Learn how to Use Smart Contracts for Cryptocurrency Exchange! CreateSpace Independent Publishing Platform, USA (2016)

    Google Scholar 

  5. Juels, A., Kosba, A., Shi, E.: The ring of gyges: investigating the future of criminal smart contracts. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS 2016). ACM, New York, NY, USA, pp. 283–295 (2016). https://doi.org/10.1145/2976749.2978362

  6. Parker, T.: Smart Contracts: The Complete Step-By-Step Guide to Smart Contracts for Cryptocurrency Exchange. CreateSpace Independent Publishing Platform, USA (2017)

    Google Scholar 

  7. van der Laan, B., Ersoy, O., Erkin, Z.: MUSCLE: authenticated external data retrieval from multiple sources for smart contracts. In: Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing (SAC 2019). ACM, New York, NY, USA, pp. 382–391 (2019). https://doi.org/10.1145/3297280.3297320

  8. Governatori, G., Idelberger, F., Milosevic, Z., Riveret, R., Sartor, G., Xu, X.: On legal contracts, imperative and declarative smart contracts, and blockchain systems. Artif. Intell. Law 26(4), 377–409 (2018). https://doi.org/10.1007/s10506-018-9223-3

    Article  Google Scholar 

  9. Lee, S., Park, S., Park, Y.B.: Formal specification technique in smart contract verification. In: 2019 International Conference on Platform Technology and Service (PlatCon), Jeju, Korea (South), 2019, pp. 1–4. https://doi.org/10.1109/PlatCon.2019.8669419

  10. Hao, X., Xiao-Hong, S., Dian, Y.: Multi-agent system for e-commerce security transaction with block chain technology. In: 2018 International Symposium in Sensing and Instrumentation in IoT Era (ISSI), Shanghai, 2018, pp. 1–6 (2018).https://doi.org/10.1109/ISSI.2018.8538253

  11. Naidu, V., Mudliar, K., Naik, A., Bhavathankar, P.P.: A fully observable supply chain management system using block chain and IOT. In: 2018 3rd International Conference for Convergence in Technology (I2CT), Pune, 2018, pp. 1–4 (2018). https://doi.org/10.1109/I2CT.2018.8529725

  12. Tang, H., Tong, N., Ouyang, J.: Medical images sharing system based on Blockchain and smart contract of credit scores. In: 2018 1st IEEE International Conference on Hot Information-Centric Networking (HotICN), Shenzhen, 2018, pp. 240–241 (2018)

    Google Scholar 

  13. Cheng, J., Lee, N., Chi, C., Chen, Y.: Blockchain and smart contract for digital certificate. In: 2018 IEEE International Conference on Applied System Invention (ICASI), Chiba, 2018, pp. 1046–1051 (2018). https://doi.org/10.1109/ICASI.2018.8394455

  14. Afanasev, M.Y., Fedosov, Y.V., Krylova, A.A., Shorokhov, S.A.: An application of blockchain and smart contracts for machine-to-machine communications in cyber-physical production systems. In: 2018 IEEE Industrial Cyber-Physical Systems (ICPS), St. Petersburg, 2018, pp. 13–19 (2018).https://doi.org/10.1109/ICPHYS.2018.8387630

  15. Bartoletti, M., Zunino, R.: BitML: a calculus for bitcoin smart contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS 2018). ACM, New York, NY, USA, pp. 83–100 (2018). https://doi.org/10.1145/3243734.3243795

  16. Schrans, F., Eisenbach, S., Drossopoulou, S.: Writing safe smart contracts in flint. In: Conference Companion of the 2nd International Conference on Art, Science, and Engineering of Programming (Programming 2018 Companion). ACM, New York, NY, USA, pp. 218–219 (2018). https://doi.org/10.1145/3191697.3213790

  17. Neisse, R., Steri, G., Nai-Fovino, I.: A blockchain-based approach for data accountability and provenance tracking. In: Proceedings of the 12th International Conference on Availability, Reliability and Security (ARES 2017). ACM, New York, NY, USA, Article 14, p. 10 (2017). https://doi.org/10.1145/3098954.3098958

  18. Kang, E.S., Pee, S.J., Song, J.G., Jang, J.W.: Blockchain based smart energy trading platform using smart contract. In: 2019 International Conference on Artificial Intelligence in Information and Communication (ICAIIC), Okinawa, Japan, 2019, pp. 322–325 (2019). https://doi.org/10.1109/ICAIIC.2019.8668978

  19. Bojanova, I., Black, P.E., Yesha, Y., Wu, Y.: The Bugs Framework (BF): a structured approach to express bugs. In: 2016 IEEE International Conference on Software Quality, Reliability and Security (QRS), Vienna, 2016, pp. 175–182 (2016). https://doi.org/10.1109/QRS.2016.29

  20. Christidis, K., Devetsikiotis, M.: Blockchains and smart contracts for the internet of things. IEEE Access 4, 2292–2303 (2016). https://doi.org/10.1109/ACCESS.2016.2566339

    Article  Google Scholar 

  21. Luu, L., Chu, D.H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS 2016). ACM, New York, NY, USA, pp. 254–269 (2016). https://doi.org/10.1145/2976749.2978309

  22. Wohrer, M., Zdun, U.: Smart contracts: security patterns in the ethereum ecosystem and solidity. In: 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), Campobasso, 2018, pp. 2–8 (2018).https://doi.org/10.1109/IWBOSE.2018.8327565

  23. Tikhomirov, S., Voskresenskaya, E., Ivanitskiy, I., Takhaviev, R., Marchenko, E., Alexandrov, Y.: SmartCheck: static analysis of ethereum smart contracts. In: Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB 2018). ACM, New York, NY, USA, pp. 9–16 (2018). https://doi.org/10.1145/3194113.3194115

  24. Henney, K.: Inside requirements (2017). https://www.slideshare.net/Kevlin/inside-requirements

  25. Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks o n ethereum smart contracts sok. In: P roceedings of the 6th International Conference on Principles of Security and Trust – vol. 10204, New York, NY, USA: SpringerSpringer-Verlag New York, Inc., 2017, pp. 164–186, ISBN: 978 978-3-66 2-5445454454-9 (2017). https://doi.org/10.1007/978978-36623662544554455-68

  26. Dika, A.: Ethereum smart contracts: Security vulnerabilities and security tools tools. Master Thesis, Norwegian University of Science and Technology (2017). https://brage.bibsys.no/xmlui/bitstream/handle/11250/2479191/18400_FULLTEXT. Accessed 27 February 2018

  27. Solidity: Introduction to Smart Contracts (2020). https://solidity.readthedocs.io/en/v0.6.2/introduction-to-smart-contracts.html

  28. Feist, J., Grieco, G., Groce, A.: Slither: a static analysis framework for smart contracts. In: 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), Montreal, QC, Canada, 2019, pp. 8–15 (2019)

    Google Scholar 

  29. Slither: GitHub: Static Analyzer for Solidity (2020). https://github.com/crytic/slither

  30. Lindman, J., et al.: “The uncertain promise of blockchain for government”. OECD Working Papers on Public Governance, No. 43, OECD Publishing, Paris (2020). https://doi.org/10.1787/d031cd67-en

  31. Sayeed, S., Marco-Gisbert, H., Caira, T.: Smart contract: attacks and protections. IEEE Access 8, 24416–24427 (2020).https://doi.org/10.1109/ACCESS.2020.2970495

Download references

Author information

Authors and Affiliations

  1. Computer Science, Mathematics and Science, St. John’s University, New York, NY, USA

    Suzanna Schmeelk & Bryan Rosado

  2. National Institute of Standards and Technology (NIST), Gaithersburg, MD, USA

    Paul E. Black

Authors
  1. Suzanna Schmeelk
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bryan Rosado
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Paul E. Black
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Suzanna Schmeelk .

Editor information

Editors and Affiliations

  1. Faculty of Science and Engineering, Saga University, Saga, Japan

    Kohei Arai

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Schmeelk, S., Rosado, B., Black, P.E. (2021). Blockchain Smart Contracts Static Analysis for Software Assurance. In: Arai, K. (eds) Intelligent Computing. Lecture Notes in Networks and Systems, vol 284. Springer, Cham. https://doi.org/10.1007/978-3-030-80126-7_62

Download citation

Publish with us

Policies and ethics

Search

Navigation