Building an Ethereum DApp

Smart contracts in the Ethereum blockchain are typically written using a high-level, Turing-complete language called Solidity. However, the Solidity language has many features to allow programmers fine-grained control over their smart contracts. We call these features low-level functions. Unfortunately, the improper use of low-level functions can lead to security vulnerabilities leading to heavy financial losses. Therefore, the Solidity community has suggested alternatives for the low-level functions in the official guidelines for developers. We first perform a large-scale empirical study on the use of low-level functions in Ethereum smart contracts written in Solidity. We find that such functions are widely used in real-world Ethereum smart contracts, and that the majority of these uses are gratuitous for the smart contract's functionality. We then propose GoHigh, a source-to-source transformation tool to eliminate low-level function-related vulnerabilities, by replacing low-level functions with high-level alternatives. We evaluate GoHigh on over 300,000 real-world smart contracts on the Ethereum blockchain. GoHigh replaces all low-level functions that are amenable to replacement in the contracts with 17% fewer compiler warnings, and the externally-visible behaviors of at least 92 % of the replaced contracts are identical to the original ones. Finally, GoHigh takes 7 seconds on average per contract.

Many empirical software engineering studies show that there is a need for repositories where source codes are acquired, filtered and classified. During the last few years, Ethereum block explorer services have emerged as a popular project to explore and search for Ethereum blockchain data such as transactions, addresses, tokens, smart contracts’ source codes, prices and other activities taking place on the Ethereum blockchain. Despite the availability of this kind of service, retrieving specific information useful to empirical software engineering studies, such as the study of smart contracts’ software metrics, might require many subtasks, such as searching for specific transactions in a block, parsing files in HTML format, and filtering the smart contracts to remove duplicated code or unused smart contracts. In this paper, we afford this problem by creating Smart Corpus, a corpus of smart contracts in an organized, reasoned and up-to-date repository where Solidity source code and other metadata about Ethereum smart contracts can easily and systematically be retrieved. We present Smart Corpus’s design and its initial implementation, and we show how the data set of smart contracts’ source codes in a variety of programming languages can be queried and processed to get useful information on smart contracts and their software metrics. Smart Corpus aims to create a smart-contract repository where smart-contract data (source code, application binary interface (ABI) and byte code) are freely and immediately available and are classified based on the main software metrics identified in the scientific literature. Smart contracts’ source codes have been validated by EtherScan, and each contract comes with its own associated software metrics as computed by the freely available software PASO. Moreover, Smart Corpus can be easily extended as the number of new smart contracts increases day by day.

Background: In the current advancement of communication, anyone can create digital content. Emerging digital marketplaces provides an environment to share digital data with customers who are interested in content, from other digital sources. Digital marketplaces provide a location for both providers and consumers to connect to meet the increased demand. All of this leads to challenges in content protection, copyright protection, contract creation and work trading. Objectives: To address these issues, this scheme suggests a blockchain based approach for managing digital rights to garment design works. This system uses the blockchain, digital copyright management techniques and off-chain computation for garment design work. The visibility of design effects, the secrecy of design details and compliance with applicable regulations are all considered. The data delivery is also assured with the help of the proof-of-delivery concept. Methods: The proposed system has three steps. They are (i) Creating digital copyright documents using key generation and verification of digital signature (ii) Smart contract creation (iii) Certificate generation for confirmed smart contracts. A Smart contract is defined as computerized transaction protocols that execute the terms of a contract. Findings: Smart contracts are created between the designer and customer using Ethereum which is a blockchain based software platform. The interplanetary file system is used to store digital documents. Ethereum blockchain is used to create the smart contract digitally. Ethereum smart contract provides unchangeable, transparent, tamper-proof logs, traceability and responsibility. Finally, E-certificate is generated by the designer for the confirmed contracts and it is uploaded into the IPFS. Novelty and applications: The trusted, decentralized and proof of delivery frameworks are included for digital design work with the key features of IPFS, blockchain and Ethereum smart contract. The proposed work is also compared with the existing works based on several criteria such as blockchain, IPFS, PoD, etc. Keywords: Blockchain; Design work; Copyright Protection; Digital Signature; Ethereum

The Ethereum blockchain permits the development and deployment of smart contracts which can store and execute code 'on-chain' - that is, entirely on nodes in the blockchain's network. Smart contracts have traditionally been used for financial purposes, but since smart contracts are Turing-complete, their algorithmic scope is broader than any single domain. To that end, we design, develop, and deploy a comprehensive 3D rendering engine programmed entirely in Ethereum smart contracts, called Shackled. Shackled computes a 2D image from a 3D scene, executing every single computation on-chain, on Ethereum. To our knowledge, Shackled is the first and only fully on-chain 3D rendering engine for Ethereum. In this work, we 1) provide three unique datasets for the purpose of using and benchmarking Shackled, 2) execute said benchmarks and provide results, 3) demonstrate a potential use case of Shackled in the domain of tokenised generative art, 4) provide a no-code user interface to Shackled, 5) enumerate the challenges associated with programming complex algorithms in Solidity smart contracts, and 6) outline potential directions for improving the Shackled platform. It is our hope that this work increases the Ethereum blockchain's native graphics processing capabilities, and that it enables increased use of smart contracts for more complex algorithms, thus increasing the overall richness of the Ethereum ecosystem.

The capability of executing so-called smart contracts in a decentralised manner is one of the compelling features of modern blockchains. Smart contracts are fully fledged programs which cannot be changed once deployed to the blockchain. They typically implement the business logic of distributed apps and carry billions of dollars worth of coins. In that respect, it is imperative that smart contracts are correct and have no vulnerabilities or bugs. However, research has identified different classes of vulnerabilities in smart contracts, some of which led to prominent multi-million dollar fraud cases. In this paper we focus on vulnerabilities related to integer bugs, a class of bugs that is particularly difficult to avoid due to some characteristics of the Ethereum Virtual Machine and the Solidity programming language.

Smart contract (SC) is an extension of BlockChain technology. Ethereum BlockChain was the first to incorporate SC and thus started a new era of crypto-currencies and electronic transactions. Solidity helps to program the SCs. Still, soon after Solidity's emergence in 2014, Solidity-based SCs suffered many attacks that deprived the SC account holders of their precious funds. The main reason for these attacks was the presence of vulnerabilities in SC. This paper discusses SC vulnerabilities and classifies them according to the domain knowledge of the faulty operations. This classification is a source of reminding developers and software engineers that for SC's safety, each SC requires proper testing with effective tools to catch those classes' vulnerabilities.

The expansion of smart contracts on the Ethereum blockchain has created a diverse ecosystem of decentralized applications. This growth, however, poses challenges in classifying and securing these contracts. Existing research often separately addresses either classification or vulnerability detection, without a comprehensive analysis of how contract types are related to security risks. Our study addresses this gap by developing a taxonomy of smart contracts and examining the potential vulnerabilities associated with each category. We use the Latent Dirichlet Allocation (LDA) model to analyze a dataset of over 100,040 Ethereum smart contracts, which is notably larger than those used in previous studies. Our analysis categorizes these contracts into eleven groups, with five primary categories: Notary, Token, Game, Financial, and Blockchain interaction. This categorization sheds light on the various functions and applications of smart contracts in today’s blockchain environment. In response to the growing need for better security in smart contract development, we also investigate the link between these categories and common vulnerabilities. Our results identify specific vulnerabilities associated with different contract types, providing valuable insights for developers and auditors. This relationship between contract categories and vulnerabilities is a new contribution to the field, as it has not been thoroughly explored in previous research. Our findings offer a detailed taxonomy of smart contracts and practical recommendations for enhancing security. By understanding how contract categories correlate with vulnerabilities, developers can implement more effective security measures, and auditors can better prioritize their reviews. This study advances both academic knowledge of smart contracts and practical strategies for securing decentralized applications on the Ethereum platform.

The paper aims at creating ERC-20 Token and crowd sale step-by-step with Ethereum smart contracts. In the process, it focuses on testing the smart contracts, deploying the smart contracts to the Ethereum blockchain, and building an ICO website deployed to the web for the buying and selling of the tokens. The Ethereum blockchain provides a platform for creating our cryptocurrency, or tokens that can be purchased via Ether which is the native cryptocurrency of the Ethereum blockchain. ERC-20 is a standard document that specifies the behavior of the tokens so that they are compatible with other platforms like cryptocurrency exchanges. We used Ethereum which is a blockchain like Bitcoin. We created a token called ;Token ; and there are 100,000,000 such tokens. Firstly, the token smart contract keeps track of some token attributes which are basic. It also keeps track of who owns ;My Token ; and how much. ERC-20 tokens can be used as a payment just, just like any other cryptocurrency, from one account to another. They can also be purchased in a crowd sale, like an ICO.

BackgroundWearable devices have limited ability to store and process such data. Currently, individual users or data aggregators are unable to monetize or contribute such data to wider analytics use cases. When combined with clinical health data, such data can improve the predictive power of data-driven analytics and can proffer many benefits to improve the quality of care. We propose and provide a marketplace mechanism to make these data available while benefiting data providers.ObjectiveWe aimed to propose the concept of a decentralized marketplace for patient-generated health data that can improve provenance, data accuracy, security, and privacy. Using a proof-of-concept prototype with an interplanetary file system (IPFS) and Ethereum smart contracts, we aimed to demonstrate decentralized marketplace functionality with the blockchain. We also aimed to illustrate and demonstrate the benefits of such a marketplace.MethodsWe used a design science research methodology to define and prototype our decentralized marketplace and used the Ethereum blockchain, solidity smart-contract programming language, the web3.js library, and node.js with the MetaMask application to prototype our system.ResultsWe designed and implemented a prototype of a decentralized health care marketplace catering to health data. We used an IPFS to store data, provide an encryption scheme for the data, and provide smart contracts to communicate with users on the Ethereum blockchain. We met the design goals we set out to accomplish in this study.ConclusionsA decentralized marketplace for trading patient-generated health data can be created using smart-contract technology and IPFS-based data storage. Such a marketplace can improve quality, availability, and provenance and satisfy data privacy, access, auditability, and security needs for such data when compared with centralized systems.

Smart contracts are programs whose business logic runs in a decentralized architecture named blockchain where each of the executing nodes trusts and agrees with the execution outcomes. Blockchain is an isolated execution environment, so smart contracts cannot access external data by themselves. The blockchain Oracle, or simply Oracle, is the software that allows smart contracts to interact with the outside world. In the past, a wide variety of studies have examined the oracles from various perspectives such as their implementation characteristics and their reliability. Unlike some other studies, this paper analyzes the use of Oracles through a static analysis of smart contracts. First, we analyze the source code of a corpus of over 40K smart contracts to find the most blockchain Oracles used by the Ethereum blockchain. On the basis of previous works, we examine the features of the most used blockchain Oracles in Ethereum. Lastly, we discussed our findings and the possible reasons why some blockchain oracles are more widely used than others. The purpose of this study is to shed light on how and which oracles are actually used by Ethereum smart contracts, as an alternative to other very interesting studies that analysed the blockchain oracle characteristics.

On the Internet, web applications are served from a centralized location i.e., server, for higher maintainability. However, in the centralized architecture, if there is an occurrence of server failure or crash, the web applications cannot be serve to the end-users until the server goes live again. In addition, in the existing centralized architecture for web hosting services, integrity of the hosted websites entirely relies on the third-party applications which checks for any possible threats in the system. In order to provide data integrity within the system and to overcome the above-mentioned single point of failure, we proposed the decentralized solution for hosting web applications, which provides more data availability to the end-users and maintains the integrity of the data. The proposed model makes use of the Interplanetary File System (IPFS) for storing and retrieving web applications, which provides high availability and reliability. In addition, the proposed model uses the Blockchain Technology for authenticity and confidentiality. The smart contracts are deploy on the Ethereum Block chain, which aids the service provider to manage the hosting service system. The proposed model also comparatively decreases the time taken to transfer the file over the IPFS using optimal path-finding algorithm. The proposed algorithm has a lesser time complexity when compared to the Bitswap protocol used in IPFS. The use of blockchain with IPFS cumulatively provides better authenticity via Ethereum Smart Contracts, which reduces risk and failure.

In recent years, Ethereum gained tremendously in popularity, growing from a daily transaction average of 10K in January 2016 to an average of 500K in January 2020. Similarly, smart contracts began to carry more value, making them appealing targets for attackers. As a result, they started to become victims of attacks, costing millions of dollars. In response to these attacks, both academia and industry proposed a plethora of tools to scan smart contracts for vulnerabilities before deploying them on the blockchain. However, most of these tools solely focus on detecting vulnerabilities and not attacks, let alone quantifying or tracing the number of stolen assets. In this paper, we present Horus, a framework that empowers the automated detection and investigation of smart contract attacks based on logic-driven and graph-driven analysis of transactions. Horus provides quick means to quantify and trace the flow of stolen assets across the Ethereum blockchain. We perform a large-scale analysis of all the smart contracts deployed on Ethereum until May 2020. We identified 1,888 attacked smart contracts and 8,095 adversarial transactions in the wild. Our investigation shows that the number of attacks did not necessarily decrease over the past few years, but for some vulnerabilities remained constant. Finally, we also demonstrate the practicality of our framework via an in-depth analysis on the recent Uniswap and Lendf.me attacks.KeywordsEthereumSmart contractsAttack detectionForensics

Ensuring the security of smart contracts is essential for maintaining the reliability and trustworthiness of decentralized applications, which are deployed across various domains, including industrial applications. In pursuit of this goal, it is imperative to analyze the common errors developers make when crafting smart contracts on the infrastructure that gave birth to them, i.e., the Ethereum blockchain. In this paper, we present a comprehensive analysis of the vulnerabilities in Ethereum smart contracts. Our methodology involves downloading the entire Ethereum blockchain and identifying smart contracts, which we then scan for vulnerabilities using various tools. We have discovered numerous vulnerabilities across many deployed smart contracts, highlighting the need for improved development practices. This analysis provides critical insights into the prevalence of security issues and underscores the urgency of raising development standards. By promoting the adoption of secure-by-design principles, our research seeks to enhance security standards within the Ethereum smart contract ecosystem.

The general public is becoming increasingly familiar with blockchain technology. Numerous new applications are made possible by this technology's unique features, which include transparency, strong security via cryptography, and distribution. These applications need certain programming tools and interfaces to be implemented. This is made feasible by smart contracts. If the prerequisites are satisfied, smart contracts are carried out automatically. Any mistake in smart contract coding, particularly security-related ones, might have an impact on the project as a whole, available funds, and important data. The current paper discusses the flaws of the Ethereum smart contract in this respect. By examining publically accessible scientific sources, this work aims to present thorough information about vulnerabilities, examples, and current security solutions. Additionally, a substantial collection of current Ethereum (ETH) smart contracts has undergone a static code examination to conduct the vulnerability-finding procedure. The output has undergone assessments and statistical analysis. The study's conclusions demonstrate that smart contracts have several distinct flaws, including arithmetic flaws, that developers should be more aware of. These vulnerabilities and the solutions that can be used to address them are also included.

Blockchain is a revolutionary technology that enables users to communicate in a trust-less manner. It revolutionizes the modes of business between organizations without the need for a trusted third party. It is a distributed ledger technology based on a decentralized peer-to-peer (P2P) network. It enables users to store data globally on thousands of computers in an immutable format and empowers users to deploy small pieces of programs known as smart contracts. The blockchain-based smart contract enables auto enforcement of the agreed terms between two untrusted parties. There are several security vulnerabilities in Ethereum blockchain-based smart contracts, due to which sometimes it does not behave as intended. Because a smart contract can hold millions of dollars as cryptocurrency, so these security vulnerabilities can lead to disastrous losses. In this paper, a systematic review of the security vulnerabilities in the Ethereum blockchain is presented. The main objective is to discuss Ethereum smart contract security vulnerabilities, detection tools, real life attacks and preventive mechanisms. Comparisons are drawn among the Ethereum smart contract analysis tools by considering various features. From the extensive depth review, various issues associated with the Ethereum blockchain-based smart contract are highlighted. Finally, various future directions are also discussed in the field of the Ethereum blockchain-based smart contract that can help the researchers to set the directions for future research in this domain.