Assessing smart contracts security technical debts

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Authors

Colleges, School and Institutes

Abstract

Smart contracts are self-enforcing agreements that are employed to exchange assets without the approval of trusted third parties. This feature has encouraged various sectors to make use of smart contracts when transacting. Experience shows that many deployed contracts are vulnerable to exploitation due to their poor design, which allows attackers to steal valuable assets from the involved parties. Therefore, an assessment approach that allows developers to recognise the consequences of deploying vulnerable contracts is needed. In this paper, we propose a debt-aware approach for assessing security design vulnerabilities in smart contracts. Our assessment approach involves two main steps: (i) identification of design vulnerabilities using security analysis techniques and (ii) an estimation of the ramifications of the identified vulnerabilities leveraging the technical debt metaphor, its principal and interest. We use examples of vulnerable contracts to demonstrate the applicability of our approach. The results show that our assessment approach increases the visibility of security design issues. It also allows developers to concentrate on resolving smart contract vulnerabilities through technical debt impact analysis and prioritisation. Developers can use our approach to inform the design of more secure contracts and for reducing unintentional debts caused by a lack of awareness of security issues.

Details

Original languageEnglish
Title of host publication2021 IEEE/ACM International Conference on Technical Debt (TechDebt)
Publication statusPublished - May 2021
Event2021 IEEE/ACM International Conference on Technical Debt - Virtual, Madrid , Spain
Duration: 22 May 202130 May 2021
Conference number: 4th
https://2021.techdebtconf.org/

Conference

Conference2021 IEEE/ACM International Conference on Technical Debt
Abbreviated titleTechDebt
Country/TerritorySpain
CityMadrid
Period22/05/2130/05/21
Internet address

Keywords

  • smart contract, technical debt, security