TY - GEN
T1 - Applicability of the software security code metrics for Ethereum smart contract using solidity
AU - N'Da, Aboua Ange Kevin
AU - Matalonga, Santiago
AU - Dahal, Keshav
PY - 2022
Y1 - 2022
N2 - The Ethereum blockchain allows, through software called smart contract, to automate the contract execution between multiple parties without requiring a trusted middle party. However, smart contracts are vulnerable to attacks. Tools and programming practices are available to support the development of secure smart contracts. These approaches are effective to mitigate the smart contract vulnerabilities, but the unsophisticated ecosystem of the smart contract prevents these approaches from being foolproof. Besides, the Blockchain immutability does not allow smart contracts deployed in the Blockchain to be updated. Thus, businesses and developers would develop new contracts if vulnerabilities were detected in their smart contracts deployed in Ethereum, which would imply new costs for the business. To support developers and businesses in the smart contract security decision makings, we investigate the applicability of the security code metric from non-blockchain into the smart contract domain. We use the Goal Question Metric (GQM) approach to analyze the applicability of these metrics into the smart contract domain based on metric construct and measurement. As a result, we found 15 security code metrics that can be applied to smart contract development.
AB - The Ethereum blockchain allows, through software called smart contract, to automate the contract execution between multiple parties without requiring a trusted middle party. However, smart contracts are vulnerable to attacks. Tools and programming practices are available to support the development of secure smart contracts. These approaches are effective to mitigate the smart contract vulnerabilities, but the unsophisticated ecosystem of the smart contract prevents these approaches from being foolproof. Besides, the Blockchain immutability does not allow smart contracts deployed in the Blockchain to be updated. Thus, businesses and developers would develop new contracts if vulnerabilities were detected in their smart contracts deployed in Ethereum, which would imply new costs for the business. To support developers and businesses in the smart contract security decision makings, we investigate the applicability of the security code metric from non-blockchain into the smart contract domain. We use the Goal Question Metric (GQM) approach to analyze the applicability of these metrics into the smart contract domain based on metric construct and measurement. As a result, we found 15 security code metrics that can be applied to smart contract development.
KW - blockchain
KW - smart contract
KW - empirical software engineering
UR - https://doi.org/10.1007/978-3-030-84337-3_9
U2 - 10.1007/978-3-030-84337-3_9
DO - 10.1007/978-3-030-84337-3_9
M3 - Conference contribution
SN - 9783030843366
T3 - Lecture Notes in Networks and Systems
SP - 106
EP - 119
BT - The International Conference on Deep Learning, Big Data and Blockchain, Deep-BDB 2021
A2 - Awan, Irfan
A2 - Benbernou, Salima
A2 - Younas, Muhammad
A2 - Aleksy, Markus
PB - Springer
T2 - 2nd International Conference on Deep Learning, Big Data and Blockchain
Y2 - 23 August 2021 through 25 August 2021
ER -