Assessing Smart Contracts Security Technical Debts

by   Sabreen Ahmadjee, et al.

Smart contracts are self-enforcing agreements that are employed to exchange assets without the approval of trusted third parties. This feature has encouraged various sectors to make use of smart contracts when transacting. Experience shows that many deployed contracts are vulnerable to exploitation due to their poor design, which allows attackers to steal valuable assets from the involved parties. Therefore, an assessment approach that allows developers to recognise the consequences of deploying vulnerable contracts is needed. In this paper, we propose a debt-aware approach for assessing security design vulnerabilities in smart contracts. Our assessment approach involves two main steps: (i) identification of design vulnerabilities using security analysis techniques and (ii) an estimation of the ramifications of the identified vulnerabilities leveraging the technical debt metaphor, its principal and interest. We use examples of vulnerable contracts to demonstrate the applicability of our approach. The results show that our assessment approach increases the visibility of security design issues. It also allows developers to concentrate on resolving smart contract vulnerabilities through technical debt impact analysis and prioritisation. Developers can use our approach to inform the design of more secure contracts and for reducing unintentional debts caused by a lack of awareness of security issues.



There are no comments yet.


page 8


Smart Contract Repair

Smart contracts are automated or self-enforcing contracts that can be us...

Building Executable Secure Design Models for Smart Contracts with Formal Methods

Smart contracts are appealing because they are self-executing business a...

Tool Demonstration: FSolidM for Designing Secure Ethereum Smart Contracts

Blockchain-based distributed computing platforms enable the trusted exec...

Security Analysis of EOSIO Smart Contracts

The EOSIO blockchain, one of the representative Delegated Proof-of-Stake...

Towards Safer Smart Contracts: A Sequence Learning Approach to Detecting Vulnerabilities

Symbolic analysis of security exploits in smart contracts has demonstrat...

Oracle-Supported Dynamic Exploit Generation for Smart Contracts

Despite the high stakes involved in smart contracts, they are often deve...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.