Detection and Analysis of Ethereum Energy Smart Contracts

iContractML 2.0: A domain-specific language for modeling and deploying smart contracts onto multiple blockchain platforms

Smart contract, a term which was originally coined to refer to the automation of legal contracts in general, has recently seen much interest due to the advent of blockchain technology. Recently, the term is popularly used to refer to low-level code scripts running on a blockchain platform. Our study focuses exclusively on this subset of smart contracts. Such smart contracts have increasingly been gaining ground, finding numerous important applications (e.g., crowdfunding) in the real world. Despite the increasing popularity, smart contract development still remains somewhat a mystery to many developers largely due to its special design and applications. Are there any differences between smart contract development and traditional software development? What kind of challenges are faced by developers during smart contract development? Questions like these are important but have not been explored by researchers yet. In this paper, we performed an exploratory study to understand the current state and potential challenges developers are facing in developing smart contracts on blockchains, with a focus on Ethereum (the most popular public blockchain platform for smart contracts). Toward this end, we conducted this study in two phases. In the first phase, we conducted semi-structured interviews with 20 developers from GitHub and industry professionals who are working on smart contracts. In the second phase, we performed a survey on 232 practitioners to validate the findings from the interviews. Our interview and survey results revealed several major challenges developers are facing during smart contract development: (1) there is no effective way to guarantee the security of smart contract code; (2) existing tools for development are still very basic; (3) the programming languages and the virtual machines still have a number of limitations; (4) performance problems are hard to handle under resource constrained running environment; and (5) online resources (including advanced/updated documents and community support) are still limited. Our study suggests several directions that researchers and practitioners can work on to help improve developers’ experience on developing high-quality smart contracts.

This chapter provides an in-depth engagement with the project of expressing legal propositions in machine-readable language. Smart Contracts use computer technology to automate the performance of aspects of commercial agreements. Yet how can there be confidence that the computer code is faithful to the intentions of the parties? To understand the depth and subtlety of this question requires an exploration of natural and computer languages, of the semantics of expressions in those languages, and of the gap that exists between the disciplines of law and computer science. It builds on the metaphor of a ‘contract stack’ with the idea of a ‘language stack’ and illustrates the various layers of language—both natural and formal—that might exist and interact in any instantiation of a ‘smart legal contract’. It also explains the importance of language design in the development of reliable smart contracts, including the use of domain specific languages and the design of controlled natural languages within the specific methodology of computable contracts. Reflecting the author’s original research in the area, this chapter examines ‘computable contracts’ in particular detail—a sub-type of ‘smart contracts’ in which the top two layers of the language stack (‘natural language’ and ‘specification language’) have been merged. As well as providing an in-depth overview of theory, this chapter provides an up-to-date survey of existing projects and reflections on directions for future research.

One of the building blocks of our legal and economic systems in society is the indispensable reliance on contracts and trust systems to protect individual rights. Recently smart contracts are becoming prominent parts of various blockchain platforms. The goal of smart contracts is to eliminate the third party and centralized trust systems. Due to recent emergence of smart contracts, there is no well-defined framework that researchers can use to evaluate smart contracts under various blockchain platforms and differentiate between them. In this work, a survey on the prominent smart contract landscape specially those based on blockchain have been conducted. Based on the survey, an evaluation framework to assess smart contracts has been proposed. The framework is a set of criteria based on two major aspects; infrastructure related and development related criteria. The evaluation framework was peer-reviewed for reliability and validity. To measure the applicability of the proposed framework, it has been used to empirically evaluate some of the most prominent smart contract platforms. The results of the empirical evaluation have shown that the Ethereum blockchain smart contract exceeds the others in terms of development tools, resources, and community support. EOS blockchain smart contracts have the best execution speeds, and transaction costs. Lastly, Stellar blockchain has predictability and the best transaction builder to use in smart contract development concerning user friendliness. Recommendations for smart contract developers are provided in light of the research.

Blockchain smart contracts can support the decentralisation of business processes, but due to smart contracts’ specifics, their development is a complicated process. Introducing model-driven development principles in smart contract development can facilitate requirement specification, design, and implementation activities. This paper presents a model-driven development method MDAsmartCD (Model-Driven Architecture-based Smart Contract Development) to alleviate smart contract development by supporting the complete MDA life cycle, covering the definition of Computation-Independent Model, Platform-Independent Model, and two instances of Platform-Specific Models. In MDAsmartCD, model transformations (model-to-model and model-to-text) are used to produce smart contract code in the Hyperledger Fabric platform Go and the Ethereum platform Solidity programming languages. The method application was demonstrated by implementing the smart contract for the hackathon solution and executing the generated Solidity and Go smart contracts in the workflow of issuing certificates for hackathon participants. During the execution of the workflow, both deployed smart contracts behaved identically and recorded analogous results in respective blockchain data storages. This demonstrated that the MDAsmartCD method enables the generation of compilable and executable smart contract code, ready for deployment on a blockchain platform.

Recently, smart contracts are increasingly gaining more attention from academia and industries, due to their potential of increasing efficiency in various application domains. However, building syntactically correct smart contracts is very complex and challenging for non-expert programmers. Besides, as smart contracts are still in the early emerging phase, there is a lack of expertise and tools for supporting practitioners to teach or learn smart contract development. In this paper, we introduce SmartBuilder, a block-based visual programming framework for building smart contracts using extended Google Blockly libraries. It allows Hyperledger Fabric smart contract (also known as Chaincode) development learners or non-expert users to build smart contracts using visual blocks without writing a single code. Moreover, it is a useful and efficient educational tool for teaching or learning how to build smart contracts.

Solana is a blockchain platform with its own token, called SOL or Solana. As a blockchain network, Solana is a de-centralized public ledger for verifying and recording transactions. The Solana blockchain has smart contract capabilities. Unlike other blockchains, such as Ethereum, there is no repository or tool where to check for the source code of the smart contracts stored in the blockchain. These tools are crucial to increase the users' trust in this type of technology. Indeed, one of the most important features of the blockchain is transparency, i.e. the possibility to see the source code of the program to use, or in which the users wish to invest. However, in the blockchains that support smart contracts, what is stored is not the source code of the smart contract written in a high-level program understandable to humans, but the bytecode, i.e. a low-level code made for the hardware to be executed. For some blockchains, such as Ethereum, there are different tools, such as integrated development environment (IDE), that allow to verify that the smart contracts' source code corresponds to the bytecode installed on the nodes of the blockchain. Moreover, there are different repositories that collect smart contracts written in a high-level programming language and their corresponding bytecode. However, for the Solana blockchain, all these tools do not exist yet. The study proposes a web tool that allows verifying the ownership of a smart contract, i. e. the smart contracts' source code written in a high-level programming language corresponds to the bytecode deployed in the Solana blockchain. Moreover, we have published smart contracts' source code written in high-level programming via a public service that can be used by researchers, smart contract developers, and blockchain not-expert users.

Smart contracts are a means of facilitating, verifying and enforcing digital agreements. Blockchain technology, which includes an inherent consensus mechanism and programming languages, enables the concept of smart contracts. However, smart contracts written in an existing language, such as Solidity, Vyper, and others, are difficult for domain stakeholders and programmers to understand in order to develop code efficiently and without error, owing to a conceptual gap between the contractual provisions and the respective code. Our study addresses the problem by creating smart legal contract markup language (SLCML), an XML-based smart-contract language with pattern and transformation rules that automatically convert XML code to the Solidity language. In particular, we develop an XML schema (SLCML schema) that is used to instantiate any type of business contract understandable to IT and non-IT practitioners and is processed by computers. To reduce the effort and risk associated with smart contract development, we advocate a pattern for converting SLCML contracts to Solidity smart contracts, a smart contractual oriented computer language. We exemplify and assess our SLCML and transformation approach by defining a dairy supply chain contract based on real-world data.

Ethereum is a blockchain platform that hosts and executes smart contracts. Smart contracts have been used to implement cryptocurrencies and crowdfunding initiatives (ICOs). A major concern in Ethereum is the security of smart contracts. Different from traditional software development, smart contracts are immutable once deployed. Hence, vulnerabilities and bugs in smart contracts can lead to catastrophic financial loses. In order to avoid taking the risk of writing buggy code, smart contract developers are encouraged to reuse pieces of code from reputable sources (e.g., OpenZeppelin). In this paper, we study code cloning in Ethereum. Our goal is to quantify the amount of clones in Ethereum (RQ1), understand key characteristics of clone clusters (RQ2), and determine whether smart contracts contain pieces of code that are identical to those published by OpenZeppelin (RQ3). We applied Deckard, a tree-based clone detector, to all Ethereum contracts for which the source code was available. We observe that developers frequently clone contracts. In particular, 79.2% of the studied contracts are clones and we note an upward trend in the number of cloned contracts per quarter. With regards to the characteristics of clone clusters, we observe that: (i) 9 out of the top-10 largest clone clusters are token managers, (ii) most of the activity of a cluster tends to be concentrated on a few contracts, and (iii) contracts in a cluster to be created by several authors. Finally, we note that the studied contracts have different ratios of code blocks that are identical to those provided by the OpenZeppelin project. Due to the immutability of smart contracts, as well as the impossibility of reverting transactions once they are deemed final, we conclude that the aforementioned findings yield implications to the security, development, and usage of smart contracts.

A systematic literature review of blockchain and smart contract development: Techniques, tools, and open challenges

Smart contracts are widely employed in many industries as a result of the high-quality development of science and economic technology, as well as the introduction of blockchain, which can automatically conduct retrieval, verification, and payment tasks. Smart contracts as an emerging topic, particularly the study of smart legal contracts, must remain forward-looking, and the smart contract sector cannot wait for the legal status of smart contracts to be resolved before advancing. The relative lag of the law becomes unavoidable due to the unassembled and unpredictable character of the law and thus its legislation. In this paper, we explore the incorporation of smart contracts into the scope of legal regulation, the construction of a series of systems for smart contracts, and the prognosis of smart contracts in terms of contract logic, arbitration process, and formal verification from the current law. Furthermore, a smart contract payment template based on semantic-aware graph neural networks is proposed to address the traditional smart contract vulnerability detection payment template method's low detection accuracy and high false alarm rate, as well as the neural network-based method's insufficient mining of bytecode-level smart contract features. Experiments comparing the method described in this research to comparable methods reveal that the strategy proposed in this study improves all types of indicators significantly.

The post-deployment challenges in developing and upgrading blockchain smart contracts necessitate a high level of accuracy in their development and business logic. However, current methodologies for verifying the business logic of smart contracts frequently fail to address their alignment with end-user business requirements. This paper introduces a two-step language transformation process to bridge this gap. Initially, we establish a transformation rule from the Business Process Model and Notation (BPMN) to Prolog, enabling the translation of business processes into a Prolog representation. This step not only validates the business process logic but also ensures it meets user specifications. Subsequently, we introduce a transformation rule from the BPMN to Go, which facilitates the transformation of the BPMN model, once validated, into a Go language smart contract. To enhance usability, we have engineered a dedicated tool that streamlines this transformation process. We present a case study involving a banking loan process to exemplify the utility of our tool in creating BPMN diagrams, conducting requirement and syntax validations, and effecting the transformation to Go smart contracts. The case study and empirical results suggest that our methodology and the accompanying tool mitigate the complexities inherent in smart contract development. They also ensure the fidelity of business logic to user demands, thereby promoting the broader adoption of blockchain smart contract technology.

The article is devoted to the analysis on a crypto assets smart contract in the civil law and common law jurisdictions and the implementation of the best practices into Ukrainian law. It is argued that the essence of a crypto assets smart contract is that it is a self-executing contract which is represented and executed by a computer program, remains unchanged and unstoppable after the creation of this contract, and its terms are included in the internal functions of a decentralized database which is not controlled by the databases of the parties to the contract or third parties. It is noted that a cryptoasset smart contract, like any contract, may be declared invalid if the will to conclude it does not meet the conditions for the validity of this transaction, regardless of the form in which this transaction is concluded, as in this case in the form of a computer code. It is also stated that the terms of a cryptoasset smart contract must be specific (clear, unambiguous), feasible (objective), legitimate, and capable of automation (no evaluative terms, such as “reasonable time,” may be used), exist within the blockchain platform (on which cryptoassets are currently transacted) and not involve obtaining and confirming information from outside (in this regard, the terms of force majeure are not specified in the smart contract). The study applies dialectical, comparative legal, formal and logical, and systemic and structural methods of scientific knowledge. It is proved that a smart contract is a contract which is represented and executed by a computer program, the components of which are a computer code, some or all of the terms of this contract which are fulfilled upon the occurrence of predefined events, are stored in an electronic register system which records the result of execution of this program, and the contract itself cannot be changed and is executed in accordance with the programmed instructions of the computer program. The author concludes that the determination of the person who is legally liable when a smart contract fails to perform the programmed function depends on the terms of the smart contract, and in their absence, the provisions of applicable law regarding the legal consequences of non-performance of the contract and liability for such non-performance should be used.

BackgroundHealth care insurance fraud is on the rise in many ways, such as falsifying information and hiding third-party liability. This can result in significant losses for the medical health insurance industry. Consequently, fraud detection is crucial. Currently, companies employ auditors who manually evaluate records and pinpoint fraud. However, an automated and effective method is needed to detect fraud with the continually increasing number of patients seeking health insurance. Blockchain is an emerging technology and is constantly evolving to meet business needs. With its characteristics of immutability, transparency, traceability, and smart contracts, it demonstrates its potential in the health care domain. In particular, self-executable smart contracts are essential to reduce the costs associated with traditional paradigms, which are mostly manual, while preserving privacy and building trust among health care stakeholders, including the patient and the health insurance networks. However, with the proliferation of blockchain development platform options, selecting the right one for health care insurance can be difficult. This study addressed this void and developed an automated decision map recommender system to select the most effective blockchain platform for insurance fraud detection.ObjectiveThis study aims to develop smart contracts for detecting health care insurance fraud efficiently. Therefore, we provided a taxonomy of fraud scenarios and implemented their detection using a blockchain platform that was suitable for health care insurance fraud detection. To automatically and efficiently select the best platform, we proposed and implemented a decision map–based recommender system. For developing the decision-map, we proposed a taxonomy of 102 blockchain platforms.MethodsWe developed smart contracts for 12 fraud scenarios that we identified in the literature. We used the top 2 blockchain platforms selected by our proposed decision-making map–based recommender system, which is tailored for health care insurance fraud. The map used our taxonomy of 102 blockchain platforms classified according to their application domains.ResultsThe recommender system demonstrated that Hyperledger Fabric was the best blockchain platform for identifying health care insurance fraud. We validated our recommender system by comparing the performance of the top 2 platforms selected by our system. The blockchain platform taxonomy that we created revealed that 59 blockchain platforms are suitable for all application domains, 25 are suitable for financial services, and 18 are suitable for various application domains. We implemented fraud detection based on smart contracts.ConclusionsOur decision map recommender system, which was based on our proposed taxonomy of 102 platforms, automatically selected the top 2 platforms, which were Hyperledger Fabric and Neo, for the implementation of health care insurance fraud detection. Our performance evaluation of the 2 platforms indicated that Fabric surpassed Neo in all performance metrics, as depicted by our recommender system. We provided an implementation of fraud detection based on smart contracts.

Blockchain technology has recently received a great deal of attention from industry and academia due to its apparent benefits. From the initial foundation based on cryptocurrency to the development of smart contracts, Blockchain technology continues to promise significant business benefits for various industry sectors. Notwithstanding its known benefits, and despite having some protective measures and security features, this technology still faces significant security challenges within its different abstract layers. This work focuses on the critical cybersecurity threats and vulnerabilities inherent to the different layers of the Blockchain architecture, with a view to mitigate against the associated risks. From the perspective of architectural layering, each layer of the Blockchain has its own corresponding security issues. In this work, a seven-layer architecture is used, whereby the various components of each layer are set out, highlighting the related security risks and corresponding countermeasures. A taxonomy is then developed, that establishes the inter-relationships between the vulnerabilities and attacks in a smart contract. A specific emphasis is placed on the issues caused by centralisation within smart contracts, whereby a “one-owner” controls access, thus threatening the very decentralised nature that Blockchain is based upon. Smart contracts with centralised ownership pose major security issues and act as a single point of failure, allowing single individuals, or teams, to have complete control over the Blockchain network. To mitigate against the risks associated with centralised control, decentralised autonomous organisations (DAOs) promote a decentralised decision-making process whereby the power of decision-making is distributed and therefore preventing smart contract ownership monopoly. The main contribution of this thesis is the development of a novel automated decentralised application, “Genuine DAO”, that promises to reduce security risks and improve the performance of Blockchain networks. “Genuine DAO” achieves the reduction in security risks by enforcing automated rules that are encoded in smart contracts thus reinforcing the community-based governance and minimising the threats inherent to centralisation, which can be caused by smart contracts’ owners/developers. Additionally, “Genuine DAO” strengthens the security of the network by guarding against the threats caused by Frontrunning attacks. Three further contributions emanate from this work. The first one is an improvement of the overall performance of the Blockchain network, through gas optimisation, cost reduction, and network throughput. This is achieved by using a Polygon layer 2 scaling solution built on the Ethereum network. The second one is the development of a general taxonomy that compiles the different vulnerabilities, the types of attacks, and the related countermeasures within each of the seven layers of the Blockchain. The third one stems from a deep dive into one layer of the Blockchain namely, the Contract Layer. A model application is developed depicting, in detail, the security risks within the Contract Layer, while enlisting the best practices and tools to adopt in order to mitigate against these risks. The understanding gained from delving into the details of security risks within the Contract Layer reinforced the need for developing countermeasures to alleviate the security risks and vulnerabilities inherent to one-owner control in smart contracts, which ultimately led to the main contribution of this work: Genuine DAO.