IContractML 2.0: A domain-specific language for modeling and deploying smart contracts onto multiple blockchain platforms

Smart contract, a term which was originally coined to refer to the automation of legal contracts in general, has recently seen much interest due to the advent of blockchain technology. Recently, the term is popularly used to refer to low-level code scripts running on a blockchain platform. Our study focuses exclusively on this subset of smart contracts. Such smart contracts have increasingly been gaining ground, finding numerous important applications (e.g., crowdfunding) in the real world. Despite the increasing popularity, smart contract development still remains somewhat a mystery to many developers largely due to its special design and applications. Are there any differences between smart contract development and traditional software development? What kind of challenges are faced by developers during smart contract development? Questions like these are important but have not been explored by researchers yet. In this paper, we performed an exploratory study to understand the current state and potential challenges developers are facing in developing smart contracts on blockchains, with a focus on Ethereum (the most popular public blockchain platform for smart contracts). Toward this end, we conducted this study in two phases. In the first phase, we conducted semi-structured interviews with 20 developers from GitHub and industry professionals who are working on smart contracts. In the second phase, we performed a survey on 232 practitioners to validate the findings from the interviews. Our interview and survey results revealed several major challenges developers are facing during smart contract development: (1) there is no effective way to guarantee the security of smart contract code; (2) existing tools for development are still very basic; (3) the programming languages and the virtual machines still have a number of limitations; (4) performance problems are hard to handle under resource constrained running environment; and (5) online resources (including advanced/updated documents and community support) are still limited. Our study suggests several directions that researchers and practitioners can work on to help improve developers’ experience on developing high-quality smart contracts.

Smart contracts are immutable digital programs deployed onto blockchain platforms to codify agreements. They enable blockchain technology to play a vital role in many fields, such as finance, health care, and energy. An important aspect of modeling and deploying smart contracts is to define the business process and rules that govern the agreements under which the corresponding actions are executed. Unfortunately, these models use a mix of technical and business-centric terminologies that are different based on the underlying blockchain platform that the smart contract is targeting. To address this issue, in this paper, we followed a feature-oriented domain analysis approach to identify the commonalities and variations between three of the common blockchain platforms that are used to deploy smart contracts; namely IBM Hyperledger Composer, Azure Blockchain Workbench, and Ethereum. Accordingly, we propose a reference model for smart contracts. The reference model is then realized as a modeling framework that enables developers to model and generate the structural code required to deploy a smart contract onto multiple blockchain platforms. The coverage of the proposed reference model was shown through mapping the concepts of the reference models to its corresponding constructs within each blockchain platform. Moreover, we provide three use cases to show how the proposed framework can empower developers to generate the structural code of smart contracts for the target platform through model transformation.

One of the building blocks of our legal and economic systems in society is the indispensable reliance on contracts and trust systems to protect individual rights. Recently smart contracts are becoming prominent parts of various blockchain platforms. The goal of smart contracts is to eliminate the third party and centralized trust systems. Due to recent emergence of smart contracts, there is no well-defined framework that researchers can use to evaluate smart contracts under various blockchain platforms and differentiate between them. In this work, a survey on the prominent smart contract landscape specially those based on blockchain have been conducted. Based on the survey, an evaluation framework to assess smart contracts has been proposed. The framework is a set of criteria based on two major aspects; infrastructure related and development related criteria. The evaluation framework was peer-reviewed for reliability and validity. To measure the applicability of the proposed framework, it has been used to empirically evaluate some of the most prominent smart contract platforms. The results of the empirical evaluation have shown that the Ethereum blockchain smart contract exceeds the others in terms of development tools, resources, and community support. EOS blockchain smart contracts have the best execution speeds, and transaction costs. Lastly, Stellar blockchain has predictability and the best transaction builder to use in smart contract development concerning user friendliness. Recommendations for smart contract developers are provided in light of the research.

Blockchain smart contracts can support the decentralisation of business processes, but due to smart contracts’ specifics, their development is a complicated process. Introducing model-driven development principles in smart contract development can facilitate requirement specification, design, and implementation activities. This paper presents a model-driven development method MDAsmartCD (Model-Driven Architecture-based Smart Contract Development) to alleviate smart contract development by supporting the complete MDA life cycle, covering the definition of Computation-Independent Model, Platform-Independent Model, and two instances of Platform-Specific Models. In MDAsmartCD, model transformations (model-to-model and model-to-text) are used to produce smart contract code in the Hyperledger Fabric platform Go and the Ethereum platform Solidity programming languages. The method application was demonstrated by implementing the smart contract for the hackathon solution and executing the generated Solidity and Go smart contracts in the workflow of issuing certificates for hackathon participants. During the execution of the workflow, both deployed smart contracts behaved identically and recorded analogous results in respective blockchain data storages. This demonstrated that the MDAsmartCD method enables the generation of compilable and executable smart contract code, ready for deployment on a blockchain platform.

Solana is a blockchain platform with its own token, called SOL or Solana. As a blockchain network, Solana is a de-centralized public ledger for verifying and recording transactions. The Solana blockchain has smart contract capabilities. Unlike other blockchains, such as Ethereum, there is no repository or tool where to check for the source code of the smart contracts stored in the blockchain. These tools are crucial to increase the users' trust in this type of technology. Indeed, one of the most important features of the blockchain is transparency, i.e. the possibility to see the source code of the program to use, or in which the users wish to invest. However, in the blockchains that support smart contracts, what is stored is not the source code of the smart contract written in a high-level program understandable to humans, but the bytecode, i.e. a low-level code made for the hardware to be executed. For some blockchains, such as Ethereum, there are different tools, such as integrated development environment (IDE), that allow to verify that the smart contracts' source code corresponds to the bytecode installed on the nodes of the blockchain. Moreover, there are different repositories that collect smart contracts written in a high-level programming language and their corresponding bytecode. However, for the Solana blockchain, all these tools do not exist yet. The study proposes a web tool that allows verifying the ownership of a smart contract, i. e. the smart contracts' source code written in a high-level programming language corresponds to the bytecode deployed in the Solana blockchain. Moreover, we have published smart contracts' source code written in high-level programming via a public service that can be used by researchers, smart contract developers, and blockchain not-expert users.

As blockchain technology advances, so has the deployment of smart contracts on blockchain platforms, making it exceedingly challenging for users to explicitly identify application services. Unlike traditional contracts, smart contracts are not written in a natural language, making it difficult to determine their provenance. Automatic classification of smart contracts offers blockchain users keyword-based contract queries and a streamlined effective management of smart contracts. In addition, the advancement in smart contracts is accompanied by security challenges, which are generally caused by domain-specific security breaches in smart contract implementation. The development of secure and reliable smart contracts can be extremely challenging due to domain-specific vulnerabilities and constraints associated with various business logics. Accordingly, contract classification based on the application domain and the transaction context offers greater insight into the syntactic and semantic properties of that class. However, despite initial attempts at classifying Ethereum smart contracts, there has been no research on the identification of smart contracts deployed in transactive energy systems for energy exchange purposes. In this article, in response to the widely recognized prospects of blockchain-enabled smart contracts towards an economical and transparent energy sector, we propose a methodology for the detection and analysis of energy smart contracts. First, smart contracts are parsed by transforming code elements into vectors that encapsulate the semantic and syntactic characteristics of each term. This generates a corpus of annotated text as a balanced, representative collection of terms in energy contracts. The use of a domain corpus builder as an embedding layer to annotate energy smart contracts in conjunction with machine learning models results in a classification accuracy of 98.34%. Subsequently, a source code analysis scheme is applied to identified energy contracts to uncover patterns in code segment distribution, predominant adoption of certain functions, and recurring contracts across the Ethereum network.

Ethereum is a blockchain platform that hosts and executes smart contracts. Smart contracts have been used to implement cryptocurrencies and crowdfunding initiatives (ICOs). A major concern in Ethereum is the security of smart contracts. Different from traditional software development, smart contracts are immutable once deployed. Hence, vulnerabilities and bugs in smart contracts can lead to catastrophic financial loses. In order to avoid taking the risk of writing buggy code, smart contract developers are encouraged to reuse pieces of code from reputable sources (e.g., OpenZeppelin). In this paper, we study code cloning in Ethereum. Our goal is to quantify the amount of clones in Ethereum (RQ1), understand key characteristics of clone clusters (RQ2), and determine whether smart contracts contain pieces of code that are identical to those published by OpenZeppelin (RQ3). We applied Deckard, a tree-based clone detector, to all Ethereum contracts for which the source code was available. We observe that developers frequently clone contracts. In particular, 79.2% of the studied contracts are clones and we note an upward trend in the number of cloned contracts per quarter. With regards to the characteristics of clone clusters, we observe that: (i) 9 out of the top-10 largest clone clusters are token managers, (ii) most of the activity of a cluster tends to be concentrated on a few contracts, and (iii) contracts in a cluster to be created by several authors. Finally, we note that the studied contracts have different ratios of code blocks that are identical to those provided by the OpenZeppelin project. Due to the immutability of smart contracts, as well as the impossibility of reverting transactions once they are deemed final, we conclude that the aforementioned findings yield implications to the security, development, and usage of smart contracts.

A systematic literature review of blockchain and smart contract development: Techniques, tools, and open challenges

Context. With the development of blockchain technology and the increasing use of smart contracts, which are automatically executed in blockchain networks, the significance of securing these contracts has become extremely relevant. Traditional code auditing methods often prove ineffective in identifying complex vulnerabilities, which can lead to significant financial losses. For example, the reentrancy vulnerability that led to the DAO attack in 2016 resulted in the loss of 3.6 million ethers and the split of the Ethereum blockchain network. This underscores the necessity for early detection of vulnerabilities. Objective. The objective of this work is to develop and test an innovative approach for identifying and localizing vulnerabilities in smart contracts based on the analysis of attention vectors in a model using BERT architecture. Method. The methodology described includes data preparation and training a transformer-based model for analyzing smart contract code. The proposed attention vector analysis method allows for the precise identification of vulnerable code segments. The use of the CodeBERT model significantly improves the accuracy of vulnerability identification compared to traditional methods. Specifically, three types of vulnerabilities are considered: reentrancy, timestamp dependence, and tx.origin vulnerability. The data is preprocessed, which includes the standardization of variables and the simplification of functions. Results. The developed model demonstrated a high F-score of 95.51%, which significantly exceeds the results of contemporary approaches, such as the BGRU-ATT model with an F-score of 91.41%. The accuracy of the method in the task of localizing reentrancy vulnerabilities was 82%. Conclusions. The experiments conducted confirmed the effectiveness of the proposed solution. Prospects for further research include the integration of more advanced deep learning models, such as GPT-4 or T5, to improve the accuracy and reliability of vulnerability detection, as well as expanding the dataset to cover other smart contract languages, such as Vyper or LLL, to enhance the applicability and efficiency of the model across various blockchain platforms. Thus, the developed CodeBERT-based model demonstrates high results in detecting and localizing vulnerabilities in smart contracts, which opens new opportunities for research in the field of blockchain platform security.

Smart contracts are a means of facilitating, verifying and enforcing digital agreements. Blockchain technology, which includes an inherent consensus mechanism and programming languages, enables the concept of smart contracts. However, smart contracts written in an existing language, such as Solidity, Vyper, and others, are difficult for domain stakeholders and programmers to understand in order to develop code efficiently and without error, owing to a conceptual gap between the contractual provisions and the respective code. Our study addresses the problem by creating smart legal contract markup language (SLCML), an XML-based smart-contract language with pattern and transformation rules that automatically convert XML code to the Solidity language. In particular, we develop an XML schema (SLCML schema) that is used to instantiate any type of business contract understandable to IT and non-IT practitioners and is processed by computers. To reduce the effort and risk associated with smart contract development, we advocate a pattern for converting SLCML contracts to Solidity smart contracts, a smart contractual oriented computer language. We exemplify and assess our SLCML and transformation approach by defining a dairy supply chain contract based on real-world data.

Blockchain is a disruptive technology that has attracted the attention of the scientific community and companies, as proven by the exponential growth of publications on this topic in recent years. This growing interest is mainly due to the promise that the use of blockchain enables it to be verified, without including any trusted intermediaries, that the information received from the network is authentic and up-to-date. In this respect, blockchain is a distributed database that can be seen as a ledger that records all transactions that have ever been executed. In this context, smart contracts are pieces of software used to facilitate, verify, and enforce the negotiation of a transaction on a blockchain platform. These pieces of software are implemented by using programming languages, which are sometimes provided by the blockchain platforms themselves. This study aims to (1) identify and categorise the state-of-the-art related to smart contract languages, in terms of the existing languages and their main features, and (2) identify new research opportunities. The review has been conducted as a multivocal mapping study that follows the guidelines proposed by Garousi et al. for conducting multivocal literature reviews, as well as the guidelines proposed by Kitchenham and Charters for conducting mapping studies. As a result of the implementation of the review protocol, 4,119 papers were gathered, and 109 of them were selected for extraction. The contributions of this article are twofold: (1) 101 different smart contract languages have been identified and classified according to a variety of criteria; (2) a discussion on the findings and their implications for future research have been outlined. As a conclusion, it could be stated that a rigorous and replicable overview of the state-of-the-art of smart contract languages has been provided that can benefit not only researchers but also practitioners in the field, thanks to its multivocal nature.

There has been a rise in the demand for blockchain-based smart contract development platforms and language implementations. On the other hand, smart contracts and blockchain applications are generated using non-standard software life cycles, which means that, for example, distributed applications are rarely updated, or bugs are fully addressed by releasing a newer version, leading to security flaws and challenges for users to adopt the technology. Smart contracts have gained significant attention due to their potential to automate and secure various transactions in diverse domains. However, the increasing adoption of smart contracts has also raised concerns about security vulnerabilities and potential risks. In this paper, an overview of smart contracts was discussed in detail. It further distinguished and compared smart contracts security with conventional security regarding security, privacy, communication channel, etc. Different platforms for smart contracts, such as Bitcoin, Ethereum, Counterparty, Stellar, Monax, and Lisk, are also discussed in this paper. Some proposed techniques are used in different areas for handling security threats in smart contracts. In addition, a taxonomy of the smart contracts security application was proposed, which attempts to solve some of the flaws and inadequacies in smart contracts. The study also provides a comprehensive smart contracts security scenario with different techniques. Lastly, the possible attacks posed by threats and vulnerabilities of the smart contracts are provided. The security threats and vulnerabilities addressed in this study are unique to smart contracts.

Existing blockchain and smart contract development ecosystems do not support to design, develop, and verify secure smart contracts before deploying them. Recent attacks (see DAO hack [5]) on insecure smart contracts have caused a lot of financial loss—to avoid such issues in the future, we need better methods for creating secure smart contracts before deploying them in a blockchain. In this chapter, we present a method and a prototype tool to generate secure smart contracts based on Petri Nets. Our method allows to design and generate a secure smart contract template that can be deployed on a supported blockchain platform (e.g. Ethereum) with very little additional effort. One of the main advantages that our method brings into the smart contract development ecosystem is introducing a formal way to visually model, simulate, and verify business logic/workflows prior to the smart contract code generation. Modeling the smart contracts via Petri Nets helps the developers to minimize the logical errors—by verifying certain Petri Net properties such as deadlocks—during the modeling stage itself. Furthermore, our approach presents a technology-independent way to import and export the modeled use-case logic which can be translated into different smart contract language later.

Recently, smart contracts are increasingly gaining more attention from academia and industries, due to their potential of increasing efficiency in various application domains. However, building syntactically correct smart contracts is very complex and challenging for non-expert programmers. Besides, as smart contracts are still in the early emerging phase, there is a lack of expertise and tools for supporting practitioners to teach or learn smart contract development. In this paper, we introduce SmartBuilder, a block-based visual programming framework for building smart contracts using extended Google Blockly libraries. It allows Hyperledger Fabric smart contract (also known as Chaincode) development learners or non-expert users to build smart contracts using visual blocks without writing a single code. Moreover, it is a useful and efficient educational tool for teaching or learning how to build smart contracts.

Decentralised (on-blockchain) and centralised (off–blockchain) platforms are available for the implementation of smart contracts. However, none of the two alternatives can individually provide the services and quality of services (QoS) imposed on smart contracts involved in a large class of applications. The reason is that blockchain platforms suffer from scalability, performance, transaction costs and other limitations. Likewise, off–blockchain platforms are afflicted by drawbacks emerging from their dependence on single trusted third parties. We argue that in several applications, hybrid platforms composed from the integration of on and off–blockchain platforms are more adequate. Developers that informatively choose between the three alternatives are likely to implement smart contracts that deliver the expected QoS. Hybrid architectures are largely unexplored. To help cover the gap and as a proof of concept, in this paper we discuss the implementation of smart contracts on hybrid architectures. We show how a smart contract can be split and executed partially on an off–blockchain contract compliance checker and partially on the rinkeby ethereum network. To test the solution, we expose it to sequences of contractual operations generated mechanically by a contract validator tool.