Generics are a powerful feature of programming languages that allows one to write highly reusable code. More specifically, they are based on the use of type placeholders in order to produce parametrized code, that can be instantiated for each concrete type provided for them. In many programming languages, such as Java, they are implemented by erasure, ie. replaced by their upper bound type during compilation into bytecode. This paper originated from a real security issue that we found while using generics for writing smart contracts for blockchain, in order to implement a contract for shared entities (such as a company shared by its shareholders), for the Hotmoka blockchain, whose contracts are written in Java. The considered case study is particularly important since the validators’ set of the blockchain itself is a special case of shared entities. The analysis shows that the power of generics comes at the risk of a too permissive typing of the compiled code, due to the erasure mechanism, with a consequent possible attack to the validators’ set. This paper proposes a solution that forces the compiler to generate more precise type information than those arising by erasure.
Power and Pitfalls of Generic Smart Contracts
Mauro Gambini;Sara Migliorini
;Fausto Spoto
2021-01-01
Abstract
Generics are a powerful feature of programming languages that allows one to write highly reusable code. More specifically, they are based on the use of type placeholders in order to produce parametrized code, that can be instantiated for each concrete type provided for them. In many programming languages, such as Java, they are implemented by erasure, ie. replaced by their upper bound type during compilation into bytecode. This paper originated from a real security issue that we found while using generics for writing smart contracts for blockchain, in order to implement a contract for shared entities (such as a company shared by its shareholders), for the Hotmoka blockchain, whose contracts are written in Java. The considered case study is particularly important since the validators’ set of the blockchain itself is a special case of shared entities. The analysis shows that the power of generics comes at the risk of a too permissive typing of the compiled code, due to the erasure mechanism, with a consequent possible attack to the validators’ set. This paper proposes a solution that forces the compiler to generate more precise type information than those arising by erasure.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.