SPESC-Translator: Towards Automatically Smart Legal Contract Conversion for Blockchain-Based Auction Services

The blockchain based decentralized cryptocurrency platforms are one of the hottest topics in tech at the moment. Though most of the interest is generated by cryptocurrency related activities, it is becoming apparent that a much wider spectrum of applications can leverage the blockchain technology.

Blockchain-based decentralized cryptocurrency platforms are currently one of the hottest topics in technology. Although most of the interest is generated by cryptocurrency related activities, it is becoming apparent that a much wider spectrum of applications can leverage the blockchain technology. The primary concepts enabling such general use of the blockchain are the so-called smart contracts, which are special programs that run on the blockchain. One of the most popular blockchain platforms that supports smart contracts is Ethereum. As smart contracts typically handle money, ensuring their low number of faults and vulnerabilities are essential. To aid smart contract developers and help to mature the technology, we need analysis tools and studies for smart contracts. As an initiative for this, we propose the adoption of some well-known OO metrics for Solidity smart contracts. Furthermore, we analyze more than 40 thousand Solidity source files with our prototype tool. The results suggest that smart contract programs are short, neither overly complex nor coupled too much, do not rely heavily on inheritance, and either quite well-commented or not commented at all. Moreover, smart contracts could benefit from an external library and dependency management mechanism, as more than 85% of the defined libraries in Solidity files code the same functionalities.

Smart Contracts have gained tremendous popularity in the past few years, to the point that billions of US Dollars are currently exchanged every day through such technology. However, since the release of the Frontier network of Ethereum in 2015, there have been many cases in which the execution of Smart Contracts managing Ether coins has led to problems or conflicts. Compared to traditional Software Engineering, a discipline of Smart Contract and Blockchain programming, with standardized best practices that can help solve the mentioned problems and conflicts, is not yet sufficiently developed. Furthermore, Smart Contracts rely on a non-standard software life-cycle, according to which, for instance, delivered applications can hardly be updated or bugs resolved by releasing a new version of the software. In this paper we advocate the need for a discipline of Blockchain Software Engineering, addressing the issues posed by smart contract programming and other applications running on blockchains.We analyse a case of study where a bug discovered in a Smart Contract library, and perhaps "unsafe" programming, allowed an attack on Parity, a wallet application, causing the freezing of about 500K Ethers (about 150M USD, in November 2017). In this study we analyze the source code of Parity and the library, and discuss how recognised best practices could mitigate, if adopted and adapted, such detrimental software misbehavior. We also reflect on the specificity of Smart Contract software development, which makes some of the existing approaches insufficient, and call for the definition of a specific Blockchain Software Engineering.

SolGuard: Preventing external call issues in smart contract-based multi-agent robotic systems

Blockchain- and smart-contract technology enhance the effectiveness and automation of business processes. The rising interest in the development of decentralized autonomous organizations (DAO) shows that blockchain technology has the potential to reform business and society. A DAO is an organization wherein business rules are encoded in smart-contract programs that are executed when specified rules are met. The contractual- and business semantics are sine qua non for drafting a legally-binding smart contract in DAO collaborations. Several smart-contract languages (SCLs) exist, such as SPESC, or Symboleo to specify a legally-binding contract. However, their primary focus is on designing and developing smart contracts with the cooperation of IT- and non-IT users. Therefore, this paper fills a gap in the state of the art by specifying a smart-legal-contract markup language (SLCML) for legal- and business constructs to draft a legally-binding DAO. To achieve the paper objective, we first present a formal SCL ontology to describe the legal- and business semantics of a DAO. Secondly, we translate the SCL ontology into SLCML, for which we present the XML schema definition. We demonstrate and evaluate our SLCML language through the specification of a real life-inspired Sale-of-Goods contract. Finally, the SLCML use-case code is translated into Solidity to demonstrate its feasibility for blockchain platform implementations.

Out-of-gas errors occur when smart contract programs are provided with inputs that cause excessive gas consumption and which will be easily exploited to perform Denial-of-Service attacks. Various approaches have been proposed to estimate the gas limit of a function in smart contracts to avoid such error. However, underestimation often occurs when the contract is complex In this work, we propose V-Gas, which automatically generates inputs that maximize the gas cost and reduce underestimation. V-Gas is designed based on static analysis and feedback-directed mutational fuzz testing. First, V-Gas builds the gas weighted control flow graph of functions in smart contracts. Then, V-Gas develops gas consumption guided selection and mutation strategies to generate the input that maximize the gas consumption. For evaluation, we implement V-Gas based on js-evm, a widely used Ethereum virtual machine written in Javascript, and conduct experiments on 736 real-world transactions recorded on Ethereum. A total of 44.02% of the transactions would have out-of-gas errors based on the estimation results given by solc, meaning that the recorded real gas consumption for those transactions is larger than the gas limit estimated by solc. In comparison, V-Gas could reduce the underestimation ratio to 13.86%. To evaluate the performance of feedback-directed engine in V-Gas, we implemented other directed fuzzing engines and compared their performance with that of V-Gas. The results showed that V-Gas generates the same or higher gas estimation value on 97.8% of the transactions with less time, usually within 5 minutes. Furthermore, V-Gas has exposed 25 previously unknown out-of-gas vulnerabilities in widely used smart contracts, 6 of which have been assigned unique CVE identifiers in the U.S. National Vulnerability Database.

Blockchain technologies are gradually being found an application in many areas, especially in FinTech. As a result, a lot of blockchain platforms have emerged with the support of smart contracts that are intended to automate party interactions. However, it has been shown that they are prone to attacks and errors which lead to money loss. To date, there has been a wide range of approaches for making smart contracts safer that included analysis tools, reasoning models, and safer and more rigorous programming languages. In this paper, we provide an overview of smart contract programming languages design principles, related vulnerabilities, and future research areas. The provided overview is meant to outline the to date state of languages and to become a possible basis for future proceedings, and show approaches, used by the community, to reach safe and usable language for smart contracts. We have split all found vulnerabilities by source of their arising. Various languages’ characteristics such as abstraction level, paradigm, Turing completeness and main features are summarized in the table. Additional information about languages is provided, e.g. model of execution and tools for static analysis.

A smart contract is a kind of code deployed on the blockchain that executes automatically once an event triggers a clause in the contract. Since smart contracts involve businesses such as asset transfer, they are more vulnerable to attacks, so it is crucial to ensure the security of smart contracts. Because a smart contract cannot be tampered with once deployed on the blockchain, for smart contract developers, it is necessary to fix vulnerabilities before deployment. Compared with many vulnerability detection tools for smart contracts, the amount of automatic fix approaches for smart contracts is relatively limited. These approaches mainly use defined pattern-based methods or heuristic search algorithms for vulnerability repairs. In this article, we propose RLRep , a reinforcement learning-based approach to provide smart contract repair recommendations for smart contract developers automatically. This approach adopts an agent to provide repair action suggestions based on the vulnerable smart contract without any supervision, which can solve the problem of missing labeled data in machine learning-based repair methods. We evaluate our approach on a dataset containing 853 smart contract programs (programming language: Solidity) with different kinds of vulnerabilities. We split them into training and test sets. The result shows that our approach can provide 54.97% correct repair recommendations for smart contracts.

Smart contract applications based on Ethereum blockchain have been widely used in many fields. They are developed by professional developers using specialized programming languages like solidity. It requires high requirements on knowledge of the specialized field and the proficiency in contract programming. Thus, it is hard for normal users to design a usable smart contract based on their own demands. Most current studies about smart contracts focus on the security of coding while lack of friendly tools for users to design the specialized templates of contracts coding. This paper provides a visual and user-defined smart contract designing systems. It makes the development of domain-specific smart contracts simpler and visualization for contract users. The system implements the domain-specific features extraction about the crawled data sets of smart contract programs by TF-IDF and K-means++ clustering algorithm. Then, it achieves the automatic generation of unified basic function codes by Char-RNN (improved by LSTM) based on the domain-specific features. The system adopts Google Blockly and links the generated codes with UI controls. Finally, it provides a set of specialized templates of basic functions for users to design smart contracts by the friendly interface. It reduces the difficulty and costs of contract programming. The paper offers a case study to design contracts by users. The designed contracts were validated on the existing system to implement the food trading and traders’ credit evaluation. The experimental results show that the designed smart contracts achieve good integration with the existing system and they can be deployed and compiled successfully.

We implement extraction of Coq programs to functional languages based on MetaCoq’s certified erasure. We extend the MetaCoq erasure output language with typing information and use it as an intermediate representation, which we call${\lambda^T_\square}$. We complement the extraction functionality with a full pipeline that includes several standard transformations (e.g. eta-expansion and inlining) implemented in a proof-generating manner along with a verified optimisation pass removing unused arguments. We prove the pass correct wrt. a conventional call-by-value operational semantics of functional languages. From the optimised${\lambda^T_\square}$representation, we obtain code in two functional smart contract languages, Liquidity and CameLIGO, the functional language Elm, and a subset of the multi-paradigm language for systems programming Rust. Rust is currently gaining popularity as a language for smart contracts, and we demonstrate how our extraction can be used to extract smart contract code for the Concordium network. The development is done in the context of the ConCert framework that enables smart contract verification. We contribute with two verified real-world smart contracts (boardroom voting and escrow), which we use, among other examples, to exemplify the applicability of the pipeline. In addition, we develop a verified web application and extract it to fully functional Elm code. In total, this gives us a way to write dependently typed programs in Coq, verify, and then extract them to several target languages while retaining a small trusted computing base of only MetaCoq and the pretty-printers into these languages.

Blockchain technology (BCT) can enable distributed collaboration, enhance data sharing, and automate back-end processes for digital twin (DT) decentralized applications (dApps) in the construction industry (CI) 4.0. The aim of this paper was to propose a software architecture and to develop a framework of smart contracts for blockchain-based digital twin (BCDT) dApps throughout the lifecycle of projects in CI 4.0. This paper leveraged the existing literature and action research interviews to identify and validate the critical industry problems, functional requirements (FRs), and non-functional requirements (NFRs) to be addressed by BCDT dApps in CI 4.0. Basic use cases were developed to design a framework of smart contracts for BCDT dApps throughout the lifecycle of projects. The analysis of an online survey was used to identify the key requirements and enablers to propose a software architecture for BCDT applications and to validate the requirements for developing the framework of a smart contract for BCDTs. The findings were: (1) The identification of key problems in CI 4.0 for each BIM/BCDT dimension (3D, 4D, 5D, 6D, 7D, 8D, and contractual (cD)) and the related FRs and NFRs for BCDT applications. Additionally, key use cases were designed to address the problems identified. (2) The proposed BCDT architecture permitted us to narrow gaps in the literature on blockchain-based decentralized digital twins. Moreover, the proposed BCDT architecture and smart-contract framework addressed the main requirements in the literature on BCDTs. (3) The study leveraged the non-fungible token (NFT) standard to develop a framework for smart contracts that addressed the key use cases and the related industry problems and functional requirements that were identified. The study also considered the contractual dimension (cD) as an overarching dimension in relation to the other BCDT dimensions. (4) We also compared the costs of several public blockchains for executing the proposed smart-contract framework throughout the lifecycle of a medium-sized building project. The cost analysis permitted the development of criteria to evaluate the suitability of blockchain networks for BCDT applications in CI 4.0 depending on the principal blockchain networks’ properties (security, decentralization, scalability, and interoperability). Finally, this study resulted in a novel framework that included software architecture, smart-contract use cases, and selection criteria among blockchain networks for BCDT dApps in CI 4.0.

The rise of programmable open distributed consensus platforms based on the blockchain technology has aroused a lot of interest in replicated stateful computations, aka smart contracts. As blockchains are used predominantly in financial applications, smart contracts frequently manage millions of dollars worth of virtual coins. Since smart contracts cannot be updated once deployed, the ability to reason about their correctness becomes a critical task. Yet, the de facto implementation standard, pioneered by the Ethereum platform, dictates smart contracts to be deployed in a low-level language, which renders independent audit and formal verification of deployed code infeasible in practice. We report an ongoing experiment held with an industrial blockchain vendor on designing, evaluating, and deploying Scilla, a new programming language for safe smart contracts. Scilla is positioned as an intermediate-level language, suitable to serve as a compilation target and also as an independent programming framework. Taking System F as a foundational calculus, Scilla offers strong safety guarantees by means of type soundness. It provides a clean separation between pure computational, state-manipulating, and communication aspects of smart contracts, avoiding many known pitfalls due to execution in a byzantine environment. We describe the motivation, design principles, and semantics of Scilla, and we report on Scilla use cases provided by the developer community. Finally, we present a framework for lightweight verification of Scilla programs, and showcase it with two domain-specific analyses on a suite of real-world use cases.

Ethereum is a leading blockchain platform that supports decentralised applications (Dapps) using smart contract programs. It executes cryptocurrency transactions between user accounts or smart contract accounts. Wallets are utilised to integrate with Dapps to manage and hold users’ transactions and private keys securely and effectively. Ethereum wallets are available in different forms, and we especially examine on-chain smart contract wallets to measure their safeness property. We have conducted an exploratory study on 86 distinct bytecode versions of Ethereum smart contract wallets and analysed them using four popular security scanning tools. We have identified that, on average, 10.2% of on-chain wallets on the Ethereum platform are vulnerable to different problems. We propose a novel analysis framework to classify the security problems in smart contract wallets using the experimental data. Most of the vulnerabilities detected from smart contract wallets are related to security issues in programming code and interaction with external sources. Our experimental results and analysis data are available at https://github.com/ppraithe/on-chain-wallet-contracts.

This work analyses the differences in Gas cost consumption for the execution of individual functions between the two Smart Contract (SC) programming languages Solidity and Vyper. For this purpose, SCs for the most basic types ERC-20, MultiSig and Atomic Swap were created for both programming languages. To enable a comparison, it was ensured that a SC fulfills exactly the same task in each programming language. It turns out, that the calculated estimated Gas amount from the compiler is mostly meaningless. There is also no programming language, that is always superior to the other in Gas cost efficiency for each SC type and that Waves can be an alternative.

Smart contracts enable developers to run instructions on blockchains (eg. Ethereum) and have broad range of real-world applications. Solidity is the most popular high-level smart contract programming language on Ethereum. Coding in such language, however, demands a user to be proficient in contract programming and debugging to construct smart contracts correctly. In practice, such expectation makes it harder for non-programmers to take advantage of smart contracts. In this demonstration, we present a novel visual smart contract construction system on Ethereum called latte to make smart contract development accessible to non-programmers. Specifically, it allows a user to construct a contract without writing Solidity code by manipulating visual objects in a direct manipulation-based interface. Furthermore, latte interactively guides users and makes them aware of the cost (in units of Gas) of visual actions undertaken by them during contract construction.