Applicability of the software security code metrics for Ethereum smart contract using solidity

Aboua Ange Kevin N'Da; Santiago Matalonga; Keshav Dahal

doi:10.1007/978-3-030-84337-3_9

Applicability of the software security code metrics for Ethereum smart contract using solidity

Aboua Ange Kevin N'Da^*, Santiago Matalonga, Keshav Dahal

^*Corresponding author for this work

School of Computing, Engineering and Physical Sciences

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Citation (Scopus)

74 Downloads (Pure)

Abstract

The Ethereum blockchain allows, through software called smart con-tract, to automate the contract execution between multiple parties with-out requiring a trusted middle party. However, smart contracts are vul-nerable to attacks. Tools and programming practices are available to support the development of secure smart contracts. These approaches are effective to mitigate the smart contract vulnerabilities, but the unso-phisticated ecosystem of the smart contract prevents these approaches from being foolproof. Besides, the Blockchain immutability does not allow smart contracts deployed in the Blockchain to be updated. Thus, businesses and developers would develop new contracts if vulnerabili-ties were detected in their smart contracts deployed in Ethereum, which would imply new costs for the business. To support developers and businesses in the smart contract security decision makings, we investi-gate the applicability of the security code metric from non-blockchain into the smart contract domain. We use the Goal Question Metric (GQM) approach to analyze the applicability of these metrics into the smart contract domain based on metric construct and measurement. As a result, we found 15 security code metrics that can be applied to smart contract development.

Original language	English
Title of host publication	The International Conference on Deep Learning, Big Data and Blockchain, Deep-BDB 2021
Editors	Irfan Awan, Salima Benbernou, Muhammad Younas, Markus Aleksy
Publisher	Springer
Pages	106-119
Number of pages	14
ISBN (Print)	9783030843366
DOIs	https://doi.org/10.1007/978-3-030-84337-3_9
Publication status	Published - 2022
Event	2nd International Conference on Deep Learning, Big Data and Blockchain - Online Duration: 23 Aug 2021 → 25 Aug 2021

Publication series

Name	Lecture Notes in Networks and Systems
Volume	309
ISSN (Print)	2367-3370
ISSN (Electronic)	2367-3389

Conference

Conference	2nd International Conference on Deep Learning, Big Data and Blockchain
Abbreviated title	DEEP-BDB 2021
Period	23/08/21 → 25/08/21

Keywords

blockchain
smart contract
empirical software engineering

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1007/978-3-030-84337-3_9

2021 05 24 N'Da et al Applicability acceptedAccepted author manuscript, 697 KB

Cite this

N'Da, A. A. K., Matalonga, S., & Dahal, K. (2022). Applicability of the software security code metrics for Ethereum smart contract using solidity. In I. Awan, S. Benbernou, M. Younas, & M. Aleksy (Eds.), The International Conference on Deep Learning, Big Data and Blockchain, Deep-BDB 2021 (pp. 106-119). (Lecture Notes in Networks and Systems; Vol. 309). Springer. https://doi.org/10.1007/978-3-030-84337-3_9

N'Da, Aboua Ange Kevin ; Matalonga, Santiago ; Dahal, Keshav. / Applicability of the software security code metrics for Ethereum smart contract using solidity. The International Conference on Deep Learning, Big Data and Blockchain, Deep-BDB 2021. editor / Irfan Awan ; Salima Benbernou ; Muhammad Younas ; Markus Aleksy. Springer, 2022. pp. 106-119 (Lecture Notes in Networks and Systems).

@inproceedings{3ec901df1b6249b69a82a8a583224468,

title = "Applicability of the software security code metrics for Ethereum smart contract using solidity",

abstract = "The Ethereum blockchain allows, through software called smart con-tract, to automate the contract execution between multiple parties with-out requiring a trusted middle party. However, smart contracts are vul-nerable to attacks. Tools and programming practices are available to support the development of secure smart contracts. These approaches are effective to mitigate the smart contract vulnerabilities, but the unso-phisticated ecosystem of the smart contract prevents these approaches from being foolproof. Besides, the Blockchain immutability does not allow smart contracts deployed in the Blockchain to be updated. Thus, businesses and developers would develop new contracts if vulnerabili-ties were detected in their smart contracts deployed in Ethereum, which would imply new costs for the business. To support developers and businesses in the smart contract security decision makings, we investi-gate the applicability of the security code metric from non-blockchain into the smart contract domain. We use the Goal Question Metric (GQM) approach to analyze the applicability of these metrics into the smart contract domain based on metric construct and measurement. As a result, we found 15 security code metrics that can be applied to smart contract development.",

keywords = "blockchain, smart contract, empirical software engineering",

author = "N'Da, {Aboua Ange Kevin} and Santiago Matalonga and Keshav Dahal",

year = "2022",

doi = "10.1007/978-3-030-84337-3_9",

language = "English",

isbn = "9783030843366",

series = "Lecture Notes in Networks and Systems",

publisher = "Springer",

pages = "106--119",

editor = "Irfan Awan and Salima Benbernou and Muhammad Younas and Markus Aleksy",

booktitle = "The International Conference on Deep Learning, Big Data and Blockchain, Deep-BDB 2021",

address = "United States",

note = "2nd International Conference on Deep Learning, Big Data and Blockchain, DEEP-BDB 2021 ; Conference date: 23-08-2021 Through 25-08-2021",

}

N'Da, AAK , Matalonga, S & Dahal, K 2022, Applicability of the software security code metrics for Ethereum smart contract using solidity. in I Awan, S Benbernou, M Younas & M Aleksy (eds), The International Conference on Deep Learning, Big Data and Blockchain, Deep-BDB 2021. Lecture Notes in Networks and Systems, vol. 309, Springer, pp. 106-119, 2nd International Conference on Deep Learning, Big Data and Blockchain, 23/08/21. https://doi.org/10.1007/978-3-030-84337-3_9

Applicability of the software security code metrics for Ethereum smart contract using solidity. / N'Da, Aboua Ange Kevin ; Matalonga, Santiago ; Dahal, Keshav.

The International Conference on Deep Learning, Big Data and Blockchain, Deep-BDB 2021. ed. / Irfan Awan; Salima Benbernou; Muhammad Younas; Markus Aleksy. Springer, 2022. p. 106-119 (Lecture Notes in Networks and Systems; Vol. 309).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Applicability of the software security code metrics for Ethereum smart contract using solidity

AU - N'Da, Aboua Ange Kevin

AU - Matalonga, Santiago

AU - Dahal, Keshav

PY - 2022

Y1 - 2022

N2 - The Ethereum blockchain allows, through software called smart con-tract, to automate the contract execution between multiple parties with-out requiring a trusted middle party. However, smart contracts are vul-nerable to attacks. Tools and programming practices are available to support the development of secure smart contracts. These approaches are effective to mitigate the smart contract vulnerabilities, but the unso-phisticated ecosystem of the smart contract prevents these approaches from being foolproof. Besides, the Blockchain immutability does not allow smart contracts deployed in the Blockchain to be updated. Thus, businesses and developers would develop new contracts if vulnerabili-ties were detected in their smart contracts deployed in Ethereum, which would imply new costs for the business. To support developers and businesses in the smart contract security decision makings, we investi-gate the applicability of the security code metric from non-blockchain into the smart contract domain. We use the Goal Question Metric (GQM) approach to analyze the applicability of these metrics into the smart contract domain based on metric construct and measurement. As a result, we found 15 security code metrics that can be applied to smart contract development.

AB - The Ethereum blockchain allows, through software called smart con-tract, to automate the contract execution between multiple parties with-out requiring a trusted middle party. However, smart contracts are vul-nerable to attacks. Tools and programming practices are available to support the development of secure smart contracts. These approaches are effective to mitigate the smart contract vulnerabilities, but the unso-phisticated ecosystem of the smart contract prevents these approaches from being foolproof. Besides, the Blockchain immutability does not allow smart contracts deployed in the Blockchain to be updated. Thus, businesses and developers would develop new contracts if vulnerabili-ties were detected in their smart contracts deployed in Ethereum, which would imply new costs for the business. To support developers and businesses in the smart contract security decision makings, we investi-gate the applicability of the security code metric from non-blockchain into the smart contract domain. We use the Goal Question Metric (GQM) approach to analyze the applicability of these metrics into the smart contract domain based on metric construct and measurement. As a result, we found 15 security code metrics that can be applied to smart contract development.

KW - blockchain

KW - smart contract

KW - empirical software engineering

U2 - 10.1007/978-3-030-84337-3_9

DO - 10.1007/978-3-030-84337-3_9

M3 - Conference contribution

SN - 9783030843366

T3 - Lecture Notes in Networks and Systems

SP - 106

EP - 119

BT - The International Conference on Deep Learning, Big Data and Blockchain, Deep-BDB 2021

A2 - Awan, Irfan

A2 - Benbernou, Salima

A2 - Younas, Muhammad

A2 - Aleksy, Markus

PB - Springer

T2 - 2nd International Conference on Deep Learning, Big Data and Blockchain

Y2 - 23 August 2021 through 25 August 2021

ER -

Applicability of the software security code metrics for Ethereum smart contract using solidity

Abstract

Publication series

Conference

Keywords

UN SDGs

Access to Document

Fingerprint

Cite this