Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Architectural Design for Secure Smart Contract Development

Myles Lewis, Chris Crawford

TL;DR

The paper tackles the vulnerability of smart contracts in blockchain ecosystems by proposing an architectural security model that unifies static analysis, dynamic analysis, and a blockchain-based security rating certificate. The approach integrates existing analysis tools into a cohesive protocol for constructing, analyzing, deploying, and monitoring smart contracts, with a certificate that communicates security guarantees to developers and users. Key contributions include a conceptual model for a security protocol, emphasis on pre-deployment assessment, and a framework for trust-building in blockchain applications. This work aims to establish practical security standards and facilitate cross-platform adoption of secure smart-contract practices.

Abstract

As time progresses, the need for more secure applications grows exponentially. The different types of sensitive information that is being transferred virtually has sparked a rise in systems that leverage blockchain. Different sectors are beginning to use this disruptive technology to evaluate the risks and benefits. Sectors like finance, medicine, higher education, and wireless communication have research regarding blockchain. Futhermore, the need for security standards in this area of research is pivotal. In recent past, several attacks on blockchain infrastructures have resulted in hundreds of millions dollars lost and sensitive information compromised. Some of these attacks include DAO attacks, bZx attacks, and Parity Multisignature Wallet Double Attacks which targeted vulnerabilities within smart contracts on the Ethereum network. These attacks exposed the weaknesses of current smart contract development practices which has led to the increase in distrust and adoption of systems that leverage blockchain for its functionality. In this paper, I identify common software vulnerabilities and attacks on blockchain infrastructures, thoroughly detail the smart contract development process and propose a model for ensuring a stronger security standard for future systems leveraging smart contracts. The purpose for proposing a model is to promote trust among end users in the system which is a foundational element for blockchain adoption in the future.

Architectural Design for Secure Smart Contract Development

TL;DR

The paper tackles the vulnerability of smart contracts in blockchain ecosystems by proposing an architectural security model that unifies static analysis, dynamic analysis, and a blockchain-based security rating certificate. The approach integrates existing analysis tools into a cohesive protocol for constructing, analyzing, deploying, and monitoring smart contracts, with a certificate that communicates security guarantees to developers and users. Key contributions include a conceptual model for a security protocol, emphasis on pre-deployment assessment, and a framework for trust-building in blockchain applications. This work aims to establish practical security standards and facilitate cross-platform adoption of secure smart-contract practices.

Abstract

As time progresses, the need for more secure applications grows exponentially. The different types of sensitive information that is being transferred virtually has sparked a rise in systems that leverage blockchain. Different sectors are beginning to use this disruptive technology to evaluate the risks and benefits. Sectors like finance, medicine, higher education, and wireless communication have research regarding blockchain. Futhermore, the need for security standards in this area of research is pivotal. In recent past, several attacks on blockchain infrastructures have resulted in hundreds of millions dollars lost and sensitive information compromised. Some of these attacks include DAO attacks, bZx attacks, and Parity Multisignature Wallet Double Attacks which targeted vulnerabilities within smart contracts on the Ethereum network. These attacks exposed the weaknesses of current smart contract development practices which has led to the increase in distrust and adoption of systems that leverage blockchain for its functionality. In this paper, I identify common software vulnerabilities and attacks on blockchain infrastructures, thoroughly detail the smart contract development process and propose a model for ensuring a stronger security standard for future systems leveraging smart contracts. The purpose for proposing a model is to promote trust among end users in the system which is a foundational element for blockchain adoption in the future.
Paper Structure (15 sections, 2 figures)

This paper contains 15 sections, 2 figures.

Table of Contents

  1. Introduction
  2. Types of Analysis
  3. Types of Attacks
  4. Related Works
  5. Smart Contract Security
  6. Software Security Design
  7. Blockchain Security
  8. Methodology
  9. Constructing Smart Contracts
  10. Static Analysis
  11. Security Rating Certificate
  12. Deployment
  13. Dynamic Analysis
  14. Future Works
  15. Conclusion

Figures (2)

  • Figure 1: Static analysis types alongside their definitions
  • Figure 2: Architectural design for smart contract security model.