Abstract
Vulnerability concerns and quality issues lead to devastating and high-risk exploits in Smart Contracts. Several tools and approaches emerged to identify known errors and vulnerabilities in an early stage of Smart Contract development. However, those tools and approaches are currently considered stand-alone approaches and serve specific tasks that must be bonded manually. From traditional software engineering, the concept of Continuous Integration (CI) is well known for combining several tools and functions to ensure high code quality throughout every development stage. In this paper, we analyze the possibility of leveraging CI for the Smart Contract development. We identify requirements and design a general pipeline for Ethereum-based Smart Contracts. After two iterations, we developed a containerized approach that can be used independently on the used CI platform without the need to configure tools or test environments. We are able to show that we can link multiple tools and thus provide an automatic check and verification of the Smart Contract through different development stages. This approach can aid practitioners and researchers alike in creating safe and secure Smart Contracts of high code quality, thus contributing to the research area of testing in the context of blockchain oriented software engineering.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Albert, E., Correas, J., Gordillo, P., Román-Díez, G., Rubio, A.: Safevm: a safety verifier for ethereum smart contracts. In: Zhang, D., Møller, A. (eds.) Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis-ISSTA 2019, pp. 386–389. ACM Press, New York, USA (2019). 10.1145/3293882.3338999
Bai, X., Cheng, Z., Duan, Z., Hu, K.: Formal modeling and verification of smart contracts. In: Unknown (ed.) Proceedings of the 2018 7th International Conference on Software and Computer Applications-ICSCA 2018, pp. 322–326. ACM Press, New York, USA (2018). 10.1145/3185089.3185138
Beer, N.: Whitepaper why and how to test smart contract. https://q-leap.eu/wp-content/uploads/2018/10/Why-and-How-to-test-Smart-Contracts-Whitepaper-q-leap-1.pdf (2018). Accessed 29 Apr 2022
Bhardwaj, A., Shah, S.B.H., Shankar, A., Alazab, M., Kumar, M., Gadekallu, T.R.: Penetration testing framework for smart contract blockchain. Peer-to-Peer Netw. Appl. 5(2), 303 (2020). https://doi.org/10.1007/s12083-020-00991-6
Bhargavan, K., Swamy, N., Zanella-Béguelin, S., Delignat-Lavaud, A., Fournet, C., Gollamudi, A., Gonthier, G., Kobeissi, N., Kulatova, N., Rastogi, A., Sibut-Pinote, T.: Formal verification of smart contracts. In: Murray, T., Stefan, D. (eds.) Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security-PLAS’16, pp. 91–96, ACM Press, New York, USA (2016). 10.1145/2993600.2993611
Boettiger, C.: An introduction to docker for reproducible research. ACM SIGOPS Oper. Syst. Rev. 49(1), 71–79 (2015). https://doi.org/10.1145/2723872.2723882
Bosu, A., Iqbal, A., Shahriyar, R., Chakroborty, P.: Understanding the motivations, challenges and needs of blockchain software developers: a survey. Empirical Software Engineering (2019). http://arxiv.org/pdf/1811.04169v2
Bragagnolo, S., Rocha, H., Denker, M., Ducasse, S.: Smartinspect: solidity smart contract inspector. In: 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), pp. 9–18, IEEE (20032018–20032018). 10.1109/IWBOSE.2018.8327566
Camilletti, N.B.: Continuous integration for smart contracts | by nicolás bello camilletti|southworks|medium. https://medium.com/southworks/continuous-integration-for-smart-contracts-4a8b78d387c (2019). Accessed 18 July 2021
Chepurnoy, A., Rathee, M.: Checking laws of the blockchain with property-based testing. In: 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), pp. 40–47. IEEE (20032018–20032018). 10.1109/IWBOSE.2018.8327570
Chidamber, S.R., Kemerer, C.F.: A metrics suite for object oriented design. IEEE Trans. Softw. Eng. 20(6), 476–493 (1994). https://doi.org/10.1109/32.295895
Choudhury, O., Rudolph, N., Sylla, I., Fairoza, N., Das, A.: Auto-generation of smart contracts from domain-specific ontologies and semantic rules. In: 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp. 963–970. IEEE (30072018– 03082018). 10.1109/Cybermatics_2018.2018.00183
Cryptopedia Staff: What was the dao (2017). https://www.gemini.com/cryptopedia/the-dao-hack-makerdao
Di Angelo, M., Salzer, G.: A survey of tools for analyzing ethereum smart contracts. In: 2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON), pp. 69–78. IEEE (04042019–09042019). 10.1109/DAPPCON.2019.00018
Feist, J., Grieco, G., Groce, A.: Slither: a static analysis framework for smart contracts. pp. 8–15 (2019). 10.1109/WETSEB.2019.00008. http://arxiv.org/pdf/1908.09878v1
Frantz, C.K., Nowostawski, M.: From institutions to code: towards automated generation of smart contracts. In: 2016 IEEE 1st International Workshops on Foundations and Applications of Self* Systems (FAS*W), pp. 210–215. IEEE (12092016–16092016). 10.1109/FAS-W.2016.53
Gao, J.: Guided, automated testing of blockchain-based decentralized applications. In: 2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion), pp. 138–140. IEEE (25052019–31052019). 10.1109/ICSE-Companion.2019.00059
Gao, J., Liu, H., Liu, C., Li, Q., Guan, Z., Chen, Z.: Easyflow: keep ethereum away from overflow. In: 2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion), pp. 23–26. IEEE (25052019–31052019). 10.1109/ICSE-Companion.2019.00029
Garamvolgyi, P., Kocsis, I., Gehl, B., Klenik, A.: Towards model-driven engineering of smart contracts for cyber-physical systems. In: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), pp. 134–139. IEEE (25062018–28062018). 10.1109/DSN-W.2018.00052
GitHub: sc-forks/solidity-coverage. https://github.com/sc-forks/solidity-coverage (13072021). Accessed 13 July 2021
GitLab: Simplify your workflow with gitlab. https://about.gitlab.com/stages-devops-lifecycle/. Accessed 07 July 2021
GitLab: Run your ci/cd jobs in docker containers. https://docs.gitlab.com/ee/ci/docker/using_docker_images.html (2021). Accessed 30 Aug 2021
Grech, N., Kong, M., Jurisevic, A., Brent, L., Scholz, B., Smaragdakis, Y.: Madmax: surviving out-of-gas conditions in ethereum smart contracts. Proc. ACM Program. Lang. 2(OOPSLA), 1–27 (2018). 10.1145/3276486
Gregor, S., Hevner, A.R.: Positioning and presenting design science research for maximum impact. MIS Q. 37(2), 337–355 (2013). 10.25300/MISQ/2013/37.2.01
Hardhat: overview (2022). https://hardhat.org/getting-started
Harz, D., Knottenbelt, W.: Towards safer smart contracts: a survey of languages and verification methods. http://arxiv.org/pdf/1809.09805v4
Hegedűs, P.: Towards analyzing the complexity landscape of solidity based ethereum smart contracts. In: Tonelli, R., Destefanis, G., Counsell, S., Marchesi, M. (eds.) Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain-WETSEB ’18, pp. 35–39. ACM Press, New York, USA (2018). 10.1145/3194113.3194119
Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28(1), 75–105 (2004)
Inc., C.S.: Truffle suite. https://github.com/trufflesuite (13072021). Accessed 13 July 2021
Jenkins: Distributed builds-jenkins-jenkins wiki. https://wiki.jenkins.io/display/jenkins/distributed+builds. Accessed 07 July 2021
Kalra, S., Goel, S., Dhawan, M., Sharma, S.: Zeus: Analyzing safety of smart contracts. In: Traynor, P., Oprea, A. (eds.) Proceedings 2018 Network and Distributed System Security Symposium. Internet Society, Reston, VA (February 18-21, 2018). 10.14722/ndss.2018.23082
Kirillov, D., Iakushkin, O., Korkhov, V., Petrunin, V.: Evaluation of tools for analyzing smart contracts in distributed ledger technologies. In: Misra, S., Gervasi, O., Murgante, B., Stankova, E., Korkhov, V., Torre, C., Rocha, A.M.A., Taniar, D., Apduhan, B.O., Tarantino, E. (eds.) Computational Science and Its Applications – ICCSA 2019, Lecture Notes in Computer Science, vol. 11620, pp. 522–536. Springer International Publishing, Cham (2019). 10.1007/978-3-030-24296-1_41
Koul, R.: Blockchain oriented software testing-challenges and approaches. In: 2018 3rd International Conference for Convergence in Technology (I2CT), pp. 1–6. IEEE, Piscataway, NJ (2018). 10.1109/I2CT.2018.8529728
Liao, C.F., Cheng, C.J., Chen, K., Lai, C.H., Chiu, T., Wu-Lee, C.: Toward a service platform for developing smart contracts on blockchain in bdd and tdd styles. In: 2017 IEEE 10th Conference on Service-Oriented Computing and Applications (SOCA), pp. 133–140. IEEE (22112017–25112017). 10.1109/SOCA.2017.26
Mavridou, A., Laszka, A.: Tool demonstration: Fsolidm for designing secure ethereum smart contracts. In: Bauer, L., Küsters, R. (eds.) Principles of Security and Trust. Lecture Notes in Computer Science, vol. 10804, pp. 270–277. Springer International Publishing, Cham (2018). 10.1007/978-3-319-89722-6_11
Park, D., Zhang, Y., Saxena, M., Daian, P., Roşu, G.: A formal verification tool for ethereum vm bytecode. In: Leavens, G.T., Garcia, A., Păsăreanu, C.S. (eds.) Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering-ESEC/FSE 2018, pp. 912–915. ACM Press, New York, USA (2018). 10.1145/3236024.3264591
Peterson, B.: The amount of ether frozen in digital wallets is worth \$162 million—which is less than initially feared (2017). https://www.businessinsider.com/ethereum-price-parity-hack-bug-fork-2017-11
Porru, S., Pinna, A., Marchesi, M., Tonelli, R.: Blockchain-oriented software engineering: Challenges and new directions. In: 2017 IEEE/ACM 39th International Conference on Software Engineering companion, pp. 169–171. IEEE, Piscataway, NJ (2017). 10.1109/ICSE-C.2017.142
Sayeed, S., Marco-Gisbert, H., Caira, T.: Smart contract: attacks and protections. IEEE Access 8, 24416–24427 (2020). https://doi.org/10.1109/ACCESS.2020.2970495
Szabo, N.: Smart contracts: Building blocks for digital markets (1996). http://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/smart_contracts_2.html
Tikhomirov, S., Voskresenskaya, E., Ivanitskiy, I., Takhaviev, R., Marchenko, E., Alexandrov, Y.: Smartcheck: static analysis of ethereum smart contracts. In: Tonelli, R., Destefanis, G., Counsell, S., Marchesi, M. (eds.) Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain-WETSEB ’18, pp. 9–16. ACM Press, New York, USA (2018). 10.1145/3194113.3194115
Truffle: Truffle dashboard. https://www.trufflesuite.com/dashboard. Accessed 13 July 2021
Tsankov, P., Dan, A., Cohen, D.D., Gervais, A., Buenzli, F., Vechev, M.: Securify: practical security analysis of smart contracts. http://arxiv.org/pdf/1806.01143v2
Waffle: Waffle documentation (2022). https://ethereum-waffle.readthedocs.io/en/latest/
Wang, Y., Lahiri, S.K., Chen, S., Pan, R., Dillig, I., Born, C., Naseer, I.: Formal specification and verification of smart contracts for azure blockchain. http://arxiv.org/pdf/1812.08829v2
Wohrer, M., Zdun, U.: Devops for ethereum blockchain smart contracts. In: 2021 IEEE International Conference on Blockchain (Blockchain), pp. 244–251. IEEE (2021). 10.1109/Blockchain53845.2021.00040
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Precht, H., Schwarm, F., Marx Gómez, J. (2023). Enhancing Smart Contract Quality by Introducing a Continuous Integration Pipeline for Solidity Based Smart Contracts. In: Prieto, J., Benítez Martínez, F.L., Ferretti, S., Arroyo Guardeño, D., Tomás Nevado-Batalla, P. (eds) Blockchain and Applications, 4th International Congress . BLOCKCHAIN 2022. Lecture Notes in Networks and Systems, vol 595. Springer, Cham. https://doi.org/10.1007/978-3-031-21229-1_25
Download citation
DOI: https://doi.org/10.1007/978-3-031-21229-1_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-21228-4
Online ISBN: 978-3-031-21229-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)