The Ethereum blockchain allows, through software called smart con-tract, to automate the contract execution between multiple parties with-out requiring a trusted middle party. However, smart contracts are vul-nerable to attacks. Tools and programming practices are available to support the development of secure smart contracts. These approaches are effective to mitigate the smart contract vulnerabilities, but the unso-phisticated ecosystem of the smart contract prevents these approaches from being foolproof. Besides, the Blockchain immutability does not allow smart contracts deployed in the Blockchain to be updated. Thus, businesses and developers would develop new contracts if vulnerabili-ties were detected in their smart contracts deployed in Ethereum, which would imply new costs for the business. To support developers and businesses in the smart contract security decision makings, we investi-gate the applicability of the security code metric from non-blockchain into the smart contract domain. We use the Goal Question Metric (GQM) approach to analyze the applicability of these metrics into the smart contract domain based on metric construct and measurement. As a result, we found 15 security code metrics that can be applied to smart contract development.
|Lecture Notes in Networks and Systems
|2nd International Conference on Deep Learning, Big Data and Blockchain
|23/08/21 → 25/08/21
- smart contract
- empirical software engineering