Skip to main content
SpringerLink
Log in

Enhancing Smart Contract Quality by Introducing a Continuous Integration Pipeline for Solidity Based Smart Contracts

  • Conference paper
  • First Online:
Blockchain and Applications, 4th International Congress (BLOCKCHAIN 2022)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 595))

Included in the following conference series:

  • 542 Accesses

Abstract

Vulnerability concerns and quality issues lead to devastating and high-risk exploits in Smart Contracts. Several tools and approaches emerged to identify known errors and vulnerabilities in an early stage of Smart Contract development. However, those tools and approaches are currently considered stand-alone approaches and serve specific tasks that must be bonded manually. From traditional software engineering, the concept of Continuous Integration (CI) is well known for combining several tools and functions to ensure high code quality throughout every development stage. In this paper, we analyze the possibility of leveraging CI for the Smart Contract development. We identify requirements and design a general pipeline for Ethereum-based Smart Contracts. After two iterations, we developed a containerized approach that can be used independently on the used CI platform without the need to configure tools or test environments. We are able to show that we can link multiple tools and thus provide an automatic check and verification of the Smart Contract through different development stages. This approach can aid practitioners and researchers alike in creating safe and secure Smart Contracts of high code quality, thus contributing to the research area of testing in the context of blockchain oriented software engineering.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Albert, E., Correas, J., Gordillo, P., Román-Díez, G., Rubio, A.: Safevm: a safety verifier for ethereum smart contracts. In: Zhang, D., Møller, A. (eds.) Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis-ISSTA 2019, pp. 386–389. ACM Press, New York, USA (2019). 10.1145/3293882.3338999

    Google Scholar 

  2. Bai, X., Cheng, Z., Duan, Z., Hu, K.: Formal modeling and verification of smart contracts. In: Unknown (ed.) Proceedings of the 2018 7th International Conference on Software and Computer Applications-ICSCA 2018, pp. 322–326. ACM Press, New York, USA (2018). 10.1145/3185089.3185138

    Google Scholar 

  3. Beer, N.: Whitepaper why and how to test smart contract. https://q-leap.eu/wp-content/uploads/2018/10/Why-and-How-to-test-Smart-Contracts-Whitepaper-q-leap-1.pdf (2018). Accessed 29 Apr 2022

  4. Bhardwaj, A., Shah, S.B.H., Shankar, A., Alazab, M., Kumar, M., Gadekallu, T.R.: Penetration testing framework for smart contract blockchain. Peer-to-Peer Netw. Appl. 5(2), 303 (2020). https://doi.org/10.1007/s12083-020-00991-6

    Article  Google Scholar 

  5. Bhargavan, K., Swamy, N., Zanella-Béguelin, S., Delignat-Lavaud, A., Fournet, C., Gollamudi, A., Gonthier, G., Kobeissi, N., Kulatova, N., Rastogi, A., Sibut-Pinote, T.: Formal verification of smart contracts. In: Murray, T., Stefan, D. (eds.) Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security-PLAS’16, pp. 91–96, ACM Press, New York, USA (2016). 10.1145/2993600.2993611

    Google Scholar 

  6. Boettiger, C.: An introduction to docker for reproducible research. ACM SIGOPS Oper. Syst. Rev. 49(1), 71–79 (2015). https://doi.org/10.1145/2723872.2723882

    Article  Google Scholar 

  7. Bosu, A., Iqbal, A., Shahriyar, R., Chakroborty, P.: Understanding the motivations, challenges and needs of blockchain software developers: a survey. Empirical Software Engineering (2019). http://arxiv.org/pdf/1811.04169v2

  8. Bragagnolo, S., Rocha, H., Denker, M., Ducasse, S.: Smartinspect: solidity smart contract inspector. In: 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), pp. 9–18, IEEE (20032018–20032018). 10.1109/IWBOSE.2018.8327566

    Google Scholar 

  9. Camilletti, N.B.: Continuous integration for smart contracts | by nicolás bello camilletti|southworks|medium. https://medium.com/southworks/continuous-integration-for-smart-contracts-4a8b78d387c (2019). Accessed 18 July 2021

  10. Chepurnoy, A., Rathee, M.: Checking laws of the blockchain with property-based testing. In: 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), pp. 40–47. IEEE (20032018–20032018). 10.1109/IWBOSE.2018.8327570

    Google Scholar 

  11. Chidamber, S.R., Kemerer, C.F.: A metrics suite for object oriented design. IEEE Trans. Softw. Eng. 20(6), 476–493 (1994). https://doi.org/10.1109/32.295895

    Article  Google Scholar 

  12. Choudhury, O., Rudolph, N., Sylla, I., Fairoza, N., Das, A.: Auto-generation of smart contracts from domain-specific ontologies and semantic rules. In: 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp. 963–970. IEEE (30072018– 03082018). 10.1109/Cybermatics_2018.2018.00183

    Google Scholar 

  13. Cryptopedia Staff: What was the dao (2017). https://www.gemini.com/cryptopedia/the-dao-hack-makerdao

  14. Di Angelo, M., Salzer, G.: A survey of tools for analyzing ethereum smart contracts. In: 2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON), pp. 69–78. IEEE (04042019–09042019). 10.1109/DAPPCON.2019.00018

    Google Scholar 

  15. Feist, J., Grieco, G., Groce, A.: Slither: a static analysis framework for smart contracts. pp. 8–15 (2019). 10.1109/WETSEB.2019.00008. http://arxiv.org/pdf/1908.09878v1

  16. Frantz, C.K., Nowostawski, M.: From institutions to code: towards automated generation of smart contracts. In: 2016 IEEE 1st International Workshops on Foundations and Applications of Self* Systems (FAS*W), pp. 210–215. IEEE (12092016–16092016). 10.1109/FAS-W.2016.53

    Google Scholar 

  17. Gao, J.: Guided, automated testing of blockchain-based decentralized applications. In: 2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion), pp. 138–140. IEEE (25052019–31052019). 10.1109/ICSE-Companion.2019.00059

    Google Scholar 

  18. Gao, J., Liu, H., Liu, C., Li, Q., Guan, Z., Chen, Z.: Easyflow: keep ethereum away from overflow. In: 2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion), pp. 23–26. IEEE (25052019–31052019). 10.1109/ICSE-Companion.2019.00029

    Google Scholar 

  19. Garamvolgyi, P., Kocsis, I., Gehl, B., Klenik, A.: Towards model-driven engineering of smart contracts for cyber-physical systems. In: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), pp. 134–139. IEEE (25062018–28062018). 10.1109/DSN-W.2018.00052

    Google Scholar 

  20. GitHub: sc-forks/solidity-coverage. https://github.com/sc-forks/solidity-coverage (13072021). Accessed 13 July 2021

  21. GitLab: Simplify your workflow with gitlab. https://about.gitlab.com/stages-devops-lifecycle/. Accessed 07 July 2021

  22. GitLab: Run your ci/cd jobs in docker containers. https://docs.gitlab.com/ee/ci/docker/using_docker_images.html (2021). Accessed 30 Aug 2021

  23. Grech, N., Kong, M., Jurisevic, A., Brent, L., Scholz, B., Smaragdakis, Y.: Madmax: surviving out-of-gas conditions in ethereum smart contracts. Proc. ACM Program. Lang. 2(OOPSLA), 1–27 (2018). 10.1145/3276486

    Google Scholar 

  24. Gregor, S., Hevner, A.R.: Positioning and presenting design science research for maximum impact. MIS Q. 37(2), 337–355 (2013). 10.25300/MISQ/2013/37.2.01

    Google Scholar 

  25. Hardhat: overview (2022). https://hardhat.org/getting-started

  26. Harz, D., Knottenbelt, W.: Towards safer smart contracts: a survey of languages and verification methods. http://arxiv.org/pdf/1809.09805v4

  27. Hegedűs, P.: Towards analyzing the complexity landscape of solidity based ethereum smart contracts. In: Tonelli, R., Destefanis, G., Counsell, S., Marchesi, M. (eds.) Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain-WETSEB ’18, pp. 35–39. ACM Press, New York, USA (2018). 10.1145/3194113.3194119

    Google Scholar 

  28. Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28(1), 75–105 (2004)

    Article  Google Scholar 

  29. Inc., C.S.: Truffle suite. https://github.com/trufflesuite (13072021). Accessed 13 July 2021

  30. Jenkins: Distributed builds-jenkins-jenkins wiki. https://wiki.jenkins.io/display/jenkins/distributed+builds. Accessed 07 July 2021

  31. Kalra, S., Goel, S., Dhawan, M., Sharma, S.: Zeus: Analyzing safety of smart contracts. In: Traynor, P., Oprea, A. (eds.) Proceedings 2018 Network and Distributed System Security Symposium. Internet Society, Reston, VA (February 18-21, 2018). 10.14722/ndss.2018.23082

    Google Scholar 

  32. Kirillov, D., Iakushkin, O., Korkhov, V., Petrunin, V.: Evaluation of tools for analyzing smart contracts in distributed ledger technologies. In: Misra, S., Gervasi, O., Murgante, B., Stankova, E., Korkhov, V., Torre, C., Rocha, A.M.A., Taniar, D., Apduhan, B.O., Tarantino, E. (eds.) Computational Science and Its Applications – ICCSA 2019, Lecture Notes in Computer Science, vol. 11620, pp. 522–536. Springer International Publishing, Cham (2019). 10.1007/978-3-030-24296-1_41

    Google Scholar 

  33. Koul, R.: Blockchain oriented software testing-challenges and approaches. In: 2018 3rd International Conference for Convergence in Technology (I2CT), pp. 1–6. IEEE, Piscataway, NJ (2018). 10.1109/I2CT.2018.8529728

    Google Scholar 

  34. Liao, C.F., Cheng, C.J., Chen, K., Lai, C.H., Chiu, T., Wu-Lee, C.: Toward a service platform for developing smart contracts on blockchain in bdd and tdd styles. In: 2017 IEEE 10th Conference on Service-Oriented Computing and Applications (SOCA), pp. 133–140. IEEE (22112017–25112017). 10.1109/SOCA.2017.26

    Google Scholar 

  35. Mavridou, A., Laszka, A.: Tool demonstration: Fsolidm for designing secure ethereum smart contracts. In: Bauer, L., Küsters, R. (eds.) Principles of Security and Trust. Lecture Notes in Computer Science, vol. 10804, pp. 270–277. Springer International Publishing, Cham (2018). 10.1007/978-3-319-89722-6_11

    Google Scholar 

  36. Park, D., Zhang, Y., Saxena, M., Daian, P., Roşu, G.: A formal verification tool for ethereum vm bytecode. In: Leavens, G.T., Garcia, A., Păsăreanu, C.S. (eds.) Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering-ESEC/FSE 2018, pp. 912–915. ACM Press, New York, USA (2018). 10.1145/3236024.3264591

    Google Scholar 

  37. Peterson, B.: The amount of ether frozen in digital wallets is worth \$162 million—which is less than initially feared (2017). https://www.businessinsider.com/ethereum-price-parity-hack-bug-fork-2017-11

  38. Porru, S., Pinna, A., Marchesi, M., Tonelli, R.: Blockchain-oriented software engineering: Challenges and new directions. In: 2017 IEEE/ACM 39th International Conference on Software Engineering companion, pp. 169–171. IEEE, Piscataway, NJ (2017). 10.1109/ICSE-C.2017.142

    Google Scholar 

  39. Sayeed, S., Marco-Gisbert, H., Caira, T.: Smart contract: attacks and protections. IEEE Access 8, 24416–24427 (2020). https://doi.org/10.1109/ACCESS.2020.2970495

    Article  Google Scholar 

  40. Szabo, N.: Smart contracts: Building blocks for digital markets (1996). http://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/smart_contracts_2.html

  41. Tikhomirov, S., Voskresenskaya, E., Ivanitskiy, I., Takhaviev, R., Marchenko, E., Alexandrov, Y.: Smartcheck: static analysis of ethereum smart contracts. In: Tonelli, R., Destefanis, G., Counsell, S., Marchesi, M. (eds.) Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain-WETSEB ’18, pp. 9–16. ACM Press, New York, USA (2018). 10.1145/3194113.3194115

    Google Scholar 

  42. Truffle: Truffle dashboard. https://www.trufflesuite.com/dashboard. Accessed 13 July 2021

  43. Tsankov, P., Dan, A., Cohen, D.D., Gervais, A., Buenzli, F., Vechev, M.: Securify: practical security analysis of smart contracts. http://arxiv.org/pdf/1806.01143v2

  44. Waffle: Waffle documentation (2022). https://ethereum-waffle.readthedocs.io/en/latest/

  45. Wang, Y., Lahiri, S.K., Chen, S., Pan, R., Dillig, I., Born, C., Naseer, I.: Formal specification and verification of smart contracts for azure blockchain. http://arxiv.org/pdf/1812.08829v2

  46. Wohrer, M., Zdun, U.: Devops for ethereum blockchain smart contracts. In: 2021 IEEE International Conference on Blockchain (Blockchain), pp. 244–251. IEEE (2021). 10.1109/Blockchain53845.2021.00040

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Carl von Ossietzky University of Oldenburg, Ammerländer HeerstraSSe 114-118, Oldenburg, 26129, Germany

    Hauke Precht, Florian Schwarm & Jorge Marx Gómez

Authors
  1. Hauke Precht
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Florian Schwarm
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jorge Marx Gómez
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hauke Precht .

Editor information

Editors and Affiliations

  1. Departamento de Informática y Automática, University of Salamanca, Salamanca, Spain

    Javier Prieto

  2. Parque Tecnológico de la Salud (PTS), Granada, Spain

    Francisco Luis Benítez Martínez

  3. University of Urbino Carlo Bo, Urbino, Italy

    Stefano Ferretti

  4. Spanish National Research Council (CSIC), Madrid, Spain

    David Arroyo Guardeño

  5. Facultad de Derecho, University of Salamanca, Salamanca, Spain

    Pedro Tomás Nevado-Batalla

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Precht, H., Schwarm, F., Marx Gómez, J. (2023). Enhancing Smart Contract Quality by Introducing a Continuous Integration Pipeline for Solidity Based Smart Contracts. In: Prieto, J., Benítez Martínez, F.L., Ferretti, S., Arroyo Guardeño, D., Tomás Nevado-Batalla, P. (eds) Blockchain and Applications, 4th International Congress . BLOCKCHAIN 2022. Lecture Notes in Networks and Systems, vol 595. Springer, Cham. https://doi.org/10.1007/978-3-031-21229-1_25

Download citation

Publish with us

Policies and ethics

Search

Navigation