hh.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Pre-deployment Analysis of Smart Contracts
Halmstad University, School of Information Technology.ORCID iD: 0000-0002-6817-6438
2023 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Smart contracts are programs that reside and execute on top of blockchains. These programs commonly perform financial transactions and contain the backend logic of several blockchain-supported applications. The presence of errors and bugs in smart contracts poses security threats to the applications they support. This is especially concerning because operations performed by smart contracts are irreversible after deployment due to the immutable nature of blockchains. Thus, ensuring their correctness and security before deployment is important. For this purpose, several program analysis and verification approaches are being actively researched and applied to smart contracts.

The volume of research in this area makes it challenging to articulate the state-of-the-art. The first contribution of this thesis is to investigate how predeployment analysis techniques ensure the correctness and security of smart contracts. This investigation factors out the relationship between vulnerabilities in smart contracts and pre-deployment analysis techniques through properties they address.

Among the range of issues uncovered by the investigation, one notable set pertains to non-deterministic factors involved in the context of contract execution. For example, transactions (function invocations) dispatched to smart contracts are scheduled in non-deterministic order, and asynchronous calls to external services (known as oracles) return in a non-deterministic order. Consequently, these factors may cause data races and non-deterministic bugs in smart contracts. The second contribution of this thesis is to address such issues by unraveling specific forms of data races in Ethereum smart contracts, denoted as transactional data races. The thesis also presents a static analysis approach to detect issues arising from transactional data races.

In addition, this thesis makes a third contribution relating to a design approach for Domain Specific Languages (DSLs). Research on DSL design approaches has the potential to complement the research on smart contracts, as smart contracts are commonly written using DSLs. This thesis proposes an agile approach for designing a DSL for automotive safety test grounds. This approach enables increased communication and learning between different stakeholders involved in DSL development.

Finally, this thesis highlights our future research endeavors concerning various forms of concurrency and non-determinism-related issues in smart contracts.

Place, publisher, year, edition, pages
Halmstad: Halmstad University Press, 2023. , p. 28
Series
Halmstad University Dissertations ; 101
National Category
Computer Sciences Computer Systems
Identifiers
URN: urn:nbn:se:hh:diva-51575ISBN: 978-91-89587-15-1 (print)ISBN: 978-91-89587-14-4 (electronic)OAI: oai:DiVA.org:hh-51575DiVA, id: diva2:1794067
Presentation
2023-09-29, R4129, Högskolan i Halmstad, Halmstad, 15:00 (English)
Opponent
Supervisors
Available from: 2023-09-07 Created: 2023-09-04 Last updated: 2023-09-07Bibliographically approved
List of papers
1. Pre-deployment Analysis of Smart Contracts - A Survey
Open this publication in new window or tab >>Pre-deployment Analysis of Smart Contracts - A Survey
(English)Manuscript (preprint) (Other academic)
Keywords
Smart Contract, Blockchain, Program Analysis, Properties, Vulnerabilities
National Category
Computer Sciences
Identifiers
urn:nbn:se:hh:diva-51573 (URN)
Note

Som manuskript i avhandling / As manuscript in thesis

Available from: 2023-09-04 Created: 2023-09-04 Last updated: 2024-11-20Bibliographically approved
2. TODler: A Transaction Ordering Dependency anaLyzER - for Ethereum Smart Contracts
Open this publication in new window or tab >>TODler: A Transaction Ordering Dependency anaLyzER - for Ethereum Smart Contracts
2023 (English)In: 2023 IEEE/ACM 6th International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB): Conference Proceedings, Piscataway: Institute of Electrical and Electronics Engineers (IEEE), 2023, p. 9-16Conference paper, Published paper (Refereed)
Abstract [en]

Smart contracts are programs with data (mutable state); stored on and executed by blockchain platforms. The transactions (or function invocations) dispatched to smart contracts often change their state. In the Ethereum blockchain, nodes (aka miners/validators) can schedule a set of transactions in any order in a block. Multiple transactions in a single block operating on a contract's shared state may yield different outcomes based on their execution order, thus creating a possibility for non-determinism and races between transactions. The resulting issue in Ethereum smart contracts is Transaction Ordering Dependency (TOD). Detecting a TOD requires identifying valid transactions affecting a contract's global/state variables which is equivalent to detecting read-after-write dependencies in race detection, and we expect it to be similarly nontrivial for human developers. In this paper, we identify various TODs, including a novel type previously undocumented in the literature. To detect these TODs, we propose an information flow analysis-based static analyzer, TODler. Our manual evaluation of 108 Ethereum smart contracts shows that TODler outperforms previously available approaches in terms of both run time and precision and also detects the novel TOD pattern identified in this paper. © 2023 IEEE

Place, publisher, year, edition, pages
Piscataway: Institute of Electrical and Electronics Engineers (IEEE), 2023
Keywords
smart contracts, static analysis, vulnerability detection
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:hh:diva-51572 (URN)10.1109/WETSEB59161.2023.00007 (DOI)001042168200003 ()2-s2.0-85169085075& (Scopus ID)
Conference
2023 IEEE/ACM 6th International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), Melbourne, Australia, May 14, 2023
Funder
ELLIIT - The Linköping‐Lund Initiative on IT and Mobile CommunicationsKnut and Alice Wallenberg Foundation
Note

This research is part of Halmstad University projects funded by Sweden’s ELLIIT Strategic Research Environment and was partially supported by the Wallenberg Artificial Intelligence, Autonomous Systems and Software Program (WASP) funded by the Knut and Alice Wallenberg Foundation. 

Available from: 2023-09-04 Created: 2023-09-04 Last updated: 2024-11-20Bibliographically approved
3. Agile DSL Development: A Method and A Case Study
Open this publication in new window or tab >>Agile DSL Development: A Method and A Case Study
(English)Manuscript (preprint) (Other academic)
Keywords
Language Design, Agile Development, Automotive Safety Testing, Domain-specific Languages, Reachability Analysis
National Category
Software Engineering
Identifiers
urn:nbn:se:hh:diva-51574 (URN)
Note

Som manuskript i avhandling / As manuscript in thesis

Available from: 2023-09-04 Created: 2023-09-04 Last updated: 2023-09-07Bibliographically approved

Open Access in DiVA

Pre-deployment Analysis of Smart Contracts(2384 kB)300 downloads
File information
File name FULLTEXT02.pdfFile size 2384 kBChecksum SHA-512
dbf758fb763add6186f66f5b8eea3f13b13246a291774eeda15b00d6789d4d18d464e8385c8fad31faf4d5610cc0ad5b5fdea0287f4b850cfb9a112fcb1294d4
Type fulltextMimetype application/pdf

Authority records

Munir, Sundas

Search in DiVA

By author/editor
Munir, Sundas
By organisation
School of Information Technology
Computer SciencesComputer Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 303 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 714 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf