Meng Ren
ABSTRACT
With the increasing popularity of block-chain technologies, more and more engineers use smart contracts for application implementation. Traditional supporting tools can either provide code completions based on static libraries or detect a limited set of vulnerabilities, which results in the manpower waste during coding and miss-detection of bugs. In this work, we propose SCStudio, a unified smart contract development platform, which aims to help developers implement more secure smart contracts easily. The core idea is to realize real-time security-reinforced recommendation through pattern-based learning; and to perform security-oriented validation via integrated testing. SCStudio was implemented as a plug-in of VS Code. It has been used as the official development tool of WeBank and integrated as the recommended development tool by FISCO-BCOS community. In practice, it outperforms existing contract development environments, such as Remix, improving the average word suggestion accuracy by 30%-60% and helping detect about 25% more vulnerabilities.
The video is presented at https://youtu.be/l6hW3Ds5Tkg.
- Maher Alharby and Aad Van Moorsel. 2017. Blockchain-based smart contracts: A systematic mapping study. arXiv preprint arXiv:1710.06372 ( 2017 ).Google Scholar
- Miltiadis Allamanis and Charles A. Sutton. 2014. Mining idioms from source code. ArXiv abs/1404.0417 ( 2014 ).Google Scholar
- Nicola Atzei, Massimo Bartoletti, and Tiziana Cimoli. 2016. A survey of attacks on Ethereum smart contracts. IACR Cryptology ePrint Archive 2016 ( 2016 ), 1007.Google Scholar
- Massimo Bartoletti and Livio Pompianu. 2017. An empirical analysis of smart contracts: platforms, applications, and design patterns. In International conference on financial cryptography and data security. Springer, 494-509.Google ScholarCross Ref
- Pavol Bielik, Veselin Raychev, and Martin T. Vechev. 2016. PHOG: Probabilistic Model for Code. In ICML.Google Scholar
- ConsenSys. 2019. Mythril. https://github.com/ConsenSys/mythril-classic.Google Scholar
- Kevin Delmolino, Mitchell Arnett, Ahmed Kosba, Andrew Miller, and Elaine Shi. 2015. Lab: Step by Step towards Programming a Safe Smart Contract. ( 2015 ).Google Scholar
- Thomas Durieux, João F. Ferreira, Rui Abreu, and Pedro Cruz. 2019. Empirical Review of Automated Analysis Tools on 47 ,587 Ethereum Smart Contracts. arXiv: 1910. 10601 [cs.SE]Google Scholar
- Etherscan. 2019. Etherscan. https://etherscan.io/.Google Scholar
- Abram Hindle, Earl T. Barr, Zhendong Su, Mark Gabel, and Premkumar T. Devanbu. 2012. On the naturalness of software. In ICSE 2012.Google Scholar
- Yoichi Hirai. 2016. Formal verification of Deed contract in Ethereum name service. November-2016.[Online]. Available: https://yoichihirai. com/deed. pdf ( 2016 ).Google Scholar
- Sukrit Kalra, Seep Goel, Mohan Dhawan, and Subodh Sharma. 2018. ZEUS: Analyzing Safety of Smart Contracts. In NDSS.Google Scholar
- Jian Li, Yue Wang, Michael R. Lyu, and Irwin King. 2018. Code Completion with Neural Attention and Pointer Networks. ArXiv abs/1711.09573 ( 2018 ).Google Scholar
- Chang Liu, Xin Wang, Richard Shin, Joseph E. Gonzalez, and Dawn Song. 2017. Neural Code Completion.Google Scholar
- Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making Smart Contracts Smarter. IACR Cryptology ePrint Archive 2016 ( 2016 ), 633.Google Scholar
- F. Ma, Y. Fu, M. Ren, M. Wang, Y. Jiang, K. Zhang, H. Li, and X. Shi. 2019. EVM*: From Ofline Detection to Online Reinforcement for Ethereum Virtual Machine. In 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER). 554-558.Google Scholar
- Ivica Nikolic, Aashish Kolluri, Ilya Sergey, Prateek Saxena, and Aquinas Hobor. 2018. Finding The Greedy, Prodigal, and Suicidal Contracts at Scale. CoRR abs/ 1802.06038 ( 2018 ).Google Scholar
- Veselin Raychev, Martin T. Vechev, and Eran Yahav. 2014. Code completion with statistical language models. In PLDI '14.Google ScholarDigital Library
- Michael Rodler, Wenting Li, Ghassan O Karame, and Lucas Davi. 2018. Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks. ( 2018 ).Google Scholar
- Armin ronacher. 2010. Flask. https://flask.palletsprojects. com/en/1.1.x/.Google Scholar
- Sara Rouhani and Ralph Deters. 2019. Security, performance, and applications of smart contracts: A systematic survey. IEEE Access 7 ( 2019 ), 50759-50779.Google Scholar
- smartbugs. 2020. smart contracts dataset. https://github.com/smartbugs/ smartbugs-wild.Google Scholar
- Solidity. 2018. Solidity Programming Language. https://git.io/vFA47/.Google Scholar
- Sergei Tikhomirov, Ekaterina Voskresenskaya, Ivan Ivanitskiy, Ramil Takhaviev, and Yaroslav Alexandrov. 2018. SmartCheck: static analysis of ethereum smart contracts. In the 1st International Workshop.Google ScholarDigital Library
- Petar Tsankov, Andrei Marian Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Buenzli, and Martin T. Vechev. 2018. Securify: Practical Security Analysis of Smart Contracts. In ACM Conference on Computer and Communications Security.Google Scholar
- Tsinghua University. 2019. Pied-Piper: Revealing the Backdoor Threats in Smart Contracts. https://github.com/renardbebe/BackdoorDetector. 4 ( 21 %) 14 ( 58.3%) 0 ( 0 %) 4 ( 57.1%) 1 ( 50 %) 29 ( 90.6%) 0 ( 0 %) 72 ( 92.3%) 4 ( 57.1%) 128 ( 56.6%) 4 ( 21 %) 17 ( 70.8%) 48 ( 96 %) 4 ( 57.1%) 2 ( 100 %) 29 ( 90.6%) 2 ( 28.6%) 72 ( 92.3%) 7 ( 100 %) 185 ( 81.9%)Google Scholar
Index Terms
- SCStudio: a secure and efficient integrated development environment for smart contracts
Recommendations
Making Smart Contracts Smarter
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityCryptocurrencies record transactions in a decentralized data structure called a blockchain. Two of the most popular cryptocurrencies, Bitcoin and Ethereum, support the feature to encode rules or scripts for processing transactions. This feature has ...
An overview on smart contracts: Challenges, advances and platforms
AbstractSmart contract technology is reshaping conventional industry and business processes. Being embedded in blockchains, smart contracts enable the contractual terms of an agreement to be enforced automatically without the intervention of a ...
Highlights- Opportunities of smart contracts for industrial internet of things.
- Lifecycle ...
Towards saving money in using smart contracts
ICSE-NIER '18: Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging ResultsBeing a new kind of software leveraging blockchain to execute real contracts, smart contracts are in great demand due to many advantages. Ethereum is the largest blockchain platform that supports smart contracts by running them in its virtual machine. ...
Comments