Advertisement

Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab

  • Kevin Delmolino
  • Mitchell Arnett
  • Ahmed Kosba
  • Andrew Miller
  • Elaine Shi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9604)

Abstract

We document our experiences in teaching smart contract programming to undergraduate students at the University of Maryland, the first pedagogical attempt of its kind. Since smart contracts deal directly with the movement of valuable currency units between contractual parties, security of a contract program is of paramount importance.

Our lab exposed numerous common pitfalls in designing safe and secure smart contracts. We document several typical classes of mistakes students made, suggest ways to fix/avoid them, and advocate best practices for programming smart contracts. Finally, our pedagogical efforts have also resulted in online open course materials for programming smart contracts, which may be of independent interest to the community.

Keywords

Security Class Storage File Virtual Currency Virtual Machine Image Typical Mistake 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Notes

Acknowledgements

We thank the anonymous reviewers for their insightful feedback. This work is funded in part by NSF grants CNS-1314857, CNS-1453634, CNS-1518765, CNS-1514261, a Packard Fellowship, a Sloan Fellowship, two Google Faculty Research Awards, a VMWare Research Award, and by Maryland Procurement Office contract H98230-14-C-0137, ARO grants W911NF11103, W911NF1410358, and W911NF09102.

References

  1. 1.
  2. 2.
  3. 3.
    The rise and rise of bitcoin. Documentary. http://bitcoindoc.com/
  4. 4.
    Smart Contract Programming Open Course Materials. http://mc2-umd.github.io/ethereumlab/
  5. 5.
    Ahamad, S., Nair, M., Varghese, B.: A survey on crypto currencies. In: International Conference on Advances in Civil Engineering (2013)Google Scholar
  6. 6.
    Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, L.: Secure multiparty computations on bitcoin. In: IEEE Symposium on Security and Privacy (2013)Google Scholar
  7. 7.
    Barber, S., Boyen, X., Shi, E., Uzun, E.: Bitter to better — how to make bitcoin a better currency. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 399–414. Springer, Heidelberg (2012)Google Scholar
  8. 8.
    Bentov, I., Kumaresan, R.: How to use bitcoin to design fair protocols. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 421–439. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  9. 9.
    Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J.A., Felten, E.W.: SoK: research perspectives and challenges for bitcoin and cryptocurrencies. In: IEEE Symposium on Security and Privacy, SP, San Jose, CA, USA, pp. 104–121, 17–21 May 2015Google Scholar
  10. 10.
    Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: IEEE Symposium on Foundations of Computer Science (FOCS) (2001)Google Scholar
  11. 11.
    Canetti, R., Dodis, Y., Pass, R., Walfish, S.: Universally composable security with global setup. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 61–85. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Canetti, R., Rabin, T.: Universal composition with joint state. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 265–281. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Chaum, D., Fiat, A., Naor, M.: Untraceable electronic cash. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 319–327. Springer, New York (1990)Google Scholar
  14. 14.
    Dermody, A.K.R., Slama, O.: Counterparty Announcement, January 2014. https://bitcointalk.org/index.php?topic=395761.0
  15. 15.
    Juels, A., Kosba, A., Shi, E.: Rings of gyges: using smart contractsfor crime. Manuscript (2015)Google Scholar
  16. 16.
    Kosba, A., Miller, A., Papamanthou, C., Shi, E., Wen, Z.: Hawk: the blockchain model of cryptography and privacy-preserving smart contracts. https://eprint.iacr.org/2015/675.pdf
  17. 17.
    Lewenberg, Y., Sompolinsky, Y., Zohar, A.: Inclusive block chain protocols. In: Financial Cryptography and Data Security (FC) (2015)Google Scholar
  18. 18.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)Google Scholar
  19. 19.
    Pass, R., Shelat, A.: Micropayments for decentralized currencies. In: Proceedings of 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, pp. 207–218 (2015)Google Scholar
  20. 20.
    Ruffing, T., Kate, A., Schröder, D.: Liar, liar, coins on fire! Penalizing equivocation by loss of bitcoins. In: Proceedings of 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015 (2015)Google Scholar
  21. 21.
    Sompolinsky, Y., Zohar, A.: Accelerating bitcoin’s transaction processing. Fast money grows on trees, not chains. IACR Cryptology ePrint Archive 2013:881 (2013)Google Scholar
  22. 22.
    Etheruem Wiki: Serpent (2015). https://github.com/ethereum/wiki/wiki/Serpent
  23. 23.
    Wood, G.: Ethereum: a secure decentralized transaction ledger (2014). http://gavwood.com/paper.pdf

Copyright information

© International Financial Cryptography Association 2016

Authors and Affiliations

  • Kevin Delmolino
    • 1
  • Mitchell Arnett
    • 1
  • Ahmed Kosba
    • 1
  • Andrew Miller
    • 1
    • 2
  • Elaine Shi
    • 2
  1. 1.Department of Computer ScienceUniversity of Maryland, College ParkCollege ParkUSA
  2. 2.Initiative for Cryptocurrencies and Contracts (IC3), Department of Computer ScienceCornell UniversityIthacaUSA

Personalised recommendations