With Ethereum’s rise as the leading platform for decentralized applications, securing Ethereum smart contracts, very often having a financial impact, becomes paramount. Existing research lacks a comprehensive overview of Ethereum defects (and the terminology is often inconsistent), making it difficult for researchers, developers, and industry professionals to navigate this nowadays critical topic. This necessitates a unified source of information detailing defects affecting Ethereum and its smart contracts, along with their root causes, impact, and mitigation strategies. In this paper, we propose a knowledge base of defects, encompassing security vulnerabilities and code flaws found in the Ethereum blockchain and its smart contracts. We started by performing a systematic literature review to identify the currently known defects and then created a hierarchical tag system to classify them. This system was then used to build an ontology allowing users to easily search and learn about Ethereum defects. We also implemented EDOV, a tool to graphically navigate and explore the ontology, perform search queries, and visualize defect details, such as examples of defective/fixed code. As new defects may appear in the future, the ontology and the tool are built with extensibility in mind. We believe this research is a valuable contribution to helping developers and practitioners avoid common mistakes, improving the overall security and reliability of the Ethereum ecosystem.
An Ontology of Defects for Ethereum and its Smart Contracts
Pasqua, Michele
;Mari, Sofia;Ceccato, Mariano
In corso di stampa
Abstract
With Ethereum’s rise as the leading platform for decentralized applications, securing Ethereum smart contracts, very often having a financial impact, becomes paramount. Existing research lacks a comprehensive overview of Ethereum defects (and the terminology is often inconsistent), making it difficult for researchers, developers, and industry professionals to navigate this nowadays critical topic. This necessitates a unified source of information detailing defects affecting Ethereum and its smart contracts, along with their root causes, impact, and mitigation strategies. In this paper, we propose a knowledge base of defects, encompassing security vulnerabilities and code flaws found in the Ethereum blockchain and its smart contracts. We started by performing a systematic literature review to identify the currently known defects and then created a hierarchical tag system to classify them. This system was then used to build an ontology allowing users to easily search and learn about Ethereum defects. We also implemented EDOV, a tool to graphically navigate and explore the ontology, perform search queries, and visualize defect details, such as examples of defective/fixed code. As new defects may appear in the future, the ontology and the tool are built with extensibility in mind. We believe this research is a valuable contribution to helping developers and practitioners avoid common mistakes, improving the overall security and reliability of the Ethereum ecosystem.
| File | Dimensione | Formato | |
|---|---|---|---|
|
BCRA25.pdf
accesso aperto
Descrizione: manuscript
Tipologia:
Documento in Pre-print
Licenza:
Creative commons
Dimensione
2.01 MB
Formato
Adobe PDF
|
2.01 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
