Workshop IWBOSE 2020 – Author Index |
Contents -
Abstracts -
Authors
|
Alalfi, Manar H. |
IWBOSE '20: "Reentrancy Vulnerability Identification ..."
Reentrancy Vulnerability Identification in Ethereum Smart Contracts
Noama Fatima Samreen and Manar H. Alalfi (Ryerson University, Canada) Ethereum Smart contracts use blockchain to transfer values among peers on networks without central agency. These programs are deployed on decentralized applications running on top of the blockchain consensus protocol to enable people make agreements in a transparent and conflict free environment. The security vulnerabilities within those smart contracts are a potential threat to the applications and have caused huge financial losses to their users. In this paper, we present a framework that combines static and dynamic analysis to detect Reentrancy vulnerabilities in Ethereum smart contracts. This framework generates an attacker contract based on the ABI specifications of smart contracts under test and analyzes the contract interaction to precisely report Reentrancy vulnerability. We conducted a preliminary evaluation of our proposed framework on 5 modified smart contracts from Etherscan and our framework was able to detect the Reentrancy vulnerability in all our modified contracts. Our framework analyzes smart contracts statically to identify potentially vulnerable functions and then uses dynamic analysis to precisely confirm Reentrancy vulnerability, thus achieving increased performance and reduced false positives. @InProceedings{IWBOSE20p22, author = {Noama Fatima Samreen and Manar H. Alalfi}, title = {Reentrancy Vulnerability Identification in Ethereum Smart Contracts}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {22--29}, doi = {}, year = {2020}, } |
|
Barabino, Giulio |
IWBOSE '20: "Design Patterns for Gas Optimization ..."
Design Patterns for Gas Optimization in Ethereum
Lodovica Marchesi, Michele Marchesi, Giuseppe Destefanis, Giulio Barabino, and Danilo Tigano (University of Cagliari, Italy; Brunel University London, UK; University of Genoa, Italy) Blockchain technology is an emerging technology that allows new forms of decentralized architectures, designed to generate trust among users, without the intervention of mediators or knowledge between the parties. Since 2015, thanks to the introduction of Smart Contracts by Ethereum, it is possible to run programs on the blockchain, greatly extending the potential of this technology. The programming of Smart Contract, through the Solidity language is different from the traditional one. First of all, any action that requires to modify the blockchain costs gas, which corresponds to a fraction of the currency used by that given blockchain, and therefore to real money. Gas optimization is a unique challenge in this context and has obvious implications. This document aims to provide a set of design patterns and tips to help gas saving in developing Smart Contracts on Ethereum. The provided patterns are presented divided into five main categories, based on their features. @InProceedings{IWBOSE20p9, author = {Lodovica Marchesi and Michele Marchesi and Giuseppe Destefanis and Giulio Barabino and Danilo Tigano}, title = {Design Patterns for Gas Optimization in Ethereum}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {9--15}, doi = {}, year = {2020}, } |
|
Bose, R. P. Jagadeesh Chandra |
IWBOSE '20: "Are Software Engineers Incentivized ..."
Are Software Engineers Incentivized Enough? An Outcome Based Incentive Framework using Tokens
Kapil Singi, Vikrant Kaulgud, R. P. Jagadeesh Chandra Bose, Swapnajeet Gon Choudhury, Sanjay Podder, and Adam P. Burden (Accenture Labs, India; Accenture, Singapore) Modern software delivery is characterized by several participants (e.g., crowd workers, vendors, in-house engineers etc.) contributing in a globally distributed manner. In recent times, there is also a growing emphasis on software to be built in a trustworthy, transparent, and auditable manner adhering to various policies and regulations. Traditional incentive mechanisms are confined only until the software development and deployment and are found lacking on three aspects: (a) they focus mostly on functional elements (b) they lack transparency and are not hyper-personalized, and (c) they are not outcome-based. In this paper, we propose a token based incentive mechanism using smart contracts that provides transparency to all stakeholders of a software and puts development quality, post deployment quality, product quality, and user feedback at the forefront. Our mechanism also has the potential advantage of contributors to be incentivized even if they move on to other projects within an organization. @InProceedings{IWBOSE20p37, author = {Kapil Singi and Vikrant Kaulgud and R. P. Jagadeesh Chandra Bose and Swapnajeet Gon Choudhury and Sanjay Podder and Adam P. Burden}, title = {Are Software Engineers Incentivized Enough? An Outcome Based Incentive Framework using Tokens}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {37--47}, doi = {}, year = {2020}, } |
|
Burden, Adam P. |
IWBOSE '20: "Are Software Engineers Incentivized ..."
Are Software Engineers Incentivized Enough? An Outcome Based Incentive Framework using Tokens
Kapil Singi, Vikrant Kaulgud, R. P. Jagadeesh Chandra Bose, Swapnajeet Gon Choudhury, Sanjay Podder, and Adam P. Burden (Accenture Labs, India; Accenture, Singapore) Modern software delivery is characterized by several participants (e.g., crowd workers, vendors, in-house engineers etc.) contributing in a globally distributed manner. In recent times, there is also a growing emphasis on software to be built in a trustworthy, transparent, and auditable manner adhering to various policies and regulations. Traditional incentive mechanisms are confined only until the software development and deployment and are found lacking on three aspects: (a) they focus mostly on functional elements (b) they lack transparency and are not hyper-personalized, and (c) they are not outcome-based. In this paper, we propose a token based incentive mechanism using smart contracts that provides transparency to all stakeholders of a software and puts development quality, post deployment quality, product quality, and user feedback at the forefront. Our mechanism also has the potential advantage of contributors to be incentivized even if they move on to other projects within an organization. @InProceedings{IWBOSE20p37, author = {Kapil Singi and Vikrant Kaulgud and R. P. Jagadeesh Chandra Bose and Swapnajeet Gon Choudhury and Sanjay Podder and Adam P. Burden}, title = {Are Software Engineers Incentivized Enough? An Outcome Based Incentive Framework using Tokens}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {37--47}, doi = {}, year = {2020}, } |
|
Choudhury, Swapnajeet Gon |
IWBOSE '20: "Are Software Engineers Incentivized ..."
Are Software Engineers Incentivized Enough? An Outcome Based Incentive Framework using Tokens
Kapil Singi, Vikrant Kaulgud, R. P. Jagadeesh Chandra Bose, Swapnajeet Gon Choudhury, Sanjay Podder, and Adam P. Burden (Accenture Labs, India; Accenture, Singapore) Modern software delivery is characterized by several participants (e.g., crowd workers, vendors, in-house engineers etc.) contributing in a globally distributed manner. In recent times, there is also a growing emphasis on software to be built in a trustworthy, transparent, and auditable manner adhering to various policies and regulations. Traditional incentive mechanisms are confined only until the software development and deployment and are found lacking on three aspects: (a) they focus mostly on functional elements (b) they lack transparency and are not hyper-personalized, and (c) they are not outcome-based. In this paper, we propose a token based incentive mechanism using smart contracts that provides transparency to all stakeholders of a software and puts development quality, post deployment quality, product quality, and user feedback at the forefront. Our mechanism also has the potential advantage of contributors to be incentivized even if they move on to other projects within an organization. @InProceedings{IWBOSE20p37, author = {Kapil Singi and Vikrant Kaulgud and R. P. Jagadeesh Chandra Bose and Swapnajeet Gon Choudhury and Sanjay Podder and Adam P. Burden}, title = {Are Software Engineers Incentivized Enough? An Outcome Based Incentive Framework using Tokens}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {37--47}, doi = {}, year = {2020}, } |
|
Desogus, Omar |
IWBOSE '20: "ICO Evaluation Websites Analysis ..."
ICO Evaluation Websites Analysis
Maria Ilaria Lunesu and Omar Desogus (University of Cagliari, Italy) The evaluation websites of ICO (Initial coin offering) a way to raise funds for creating a new coin, app, or service launches, represent the main source where investors can find interesting information about their investments on one or more ICOs. In the last years many websites offered the possibility to evaluate ICOs. Among all, we chose 8 significant websites where rating, team, socials, platform, country and many other properties are shown for each ICO. These properties can be very helpful to figure out whether an ICO might be a good opportunity or a scam. Analyzing data found on ICOBench website using APIs, we found the same data for 7 other websites using the scraper. Then, we compared the gathered data in order to be able to define the quality of the evaluation websites regarding completeness and clarity of the shown information, finding several differences in rating parameters and ICO distribution. For this purpose we developed an ad-hoc scraping tool to collect in a common data structure the information shown in each website. Thanks to the data obtained with the tool we made interesting analysis, showing the differences between the ICO parameters of the different websites and defining completeness and clarity of the information. @InProceedings{IWBOSE20p48, author = {Maria Ilaria Lunesu and Omar Desogus}, title = {ICO Evaluation Websites Analysis}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {48--56}, doi = {}, year = {2020}, } |
|
Destefanis, Giuseppe |
IWBOSE '20: "Design Patterns for Gas Optimization ..."
Design Patterns for Gas Optimization in Ethereum
Lodovica Marchesi, Michele Marchesi, Giuseppe Destefanis, Giulio Barabino, and Danilo Tigano (University of Cagliari, Italy; Brunel University London, UK; University of Genoa, Italy) Blockchain technology is an emerging technology that allows new forms of decentralized architectures, designed to generate trust among users, without the intervention of mediators or knowledge between the parties. Since 2015, thanks to the introduction of Smart Contracts by Ethereum, it is possible to run programs on the blockchain, greatly extending the potential of this technology. The programming of Smart Contract, through the Solidity language is different from the traditional one. First of all, any action that requires to modify the blockchain costs gas, which corresponds to a fraction of the currency used by that given blockchain, and therefore to real money. Gas optimization is a unique challenge in this context and has obvious implications. This document aims to provide a set of design patterns and tips to help gas saving in developing Smart Contracts on Ethereum. The provided patterns are presented divided into five main categories, based on their features. @InProceedings{IWBOSE20p9, author = {Lodovica Marchesi and Michele Marchesi and Giuseppe Destefanis and Giulio Barabino and Danilo Tigano}, title = {Design Patterns for Gas Optimization in Ethereum}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {9--15}, doi = {}, year = {2020}, } |
|
Ducasse, Stéphane |
IWBOSE '20: "Are the Gas Prices Oracle ..."
Are the Gas Prices Oracle Reliable? A Case Study using the EthGasStation
Giuseppe Antonio Pierro, Henrique Rocha, Roberto Tonelli, and Stéphane Ducasse (University of Cagliari, Italy; University of Antwerp, Belgium; Inria, France) The Ethereum Blockchain is a distributed database that records all transactions and smart-contracts created on the platform. In Ethereum blockchain, the user needs to set a Gas price to get a transaction recorded. To have the transaction recorded, the Gas price has to be greater than or equal to the lowest Ethereum transaction fees. To help the users and smart contracts to set the right Gas price, the Gas Oracle categorizes the gas price into categories based on the interval of time the user might be willing to wait and for each of them suggests a gas price to set. The paper aims to verify the hypothesis that the predictions made by the EtherGasStation Oracle have a margin of error greater than the margin of error declared by it (2%). We collected data in two-months time from the EthGasStation Oracle which predict the Gas Price every time that 100 blocks are added to the Ethereum Blockchain. In the same time frame, two-months, we also collected over 10 million transactions from a Transaction Pool. By cross-checking the data collected by the Transaction Pool and the Gas Oracle, the study revealed that the Gas Oracle fails more often than it advertises. @InProceedings{IWBOSE20p1, author = {Giuseppe Antonio Pierro and Henrique Rocha and Roberto Tonelli and Stéphane Ducasse}, title = {Are the Gas Prices Oracle Reliable? A Case Study using the EthGasStation}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {1--8}, doi = {}, year = {2020}, } |
|
Huang, Yangyu |
IWBOSE '20: "Anchoring the Value of Cryptocurrency ..."
Anchoring the Value of Cryptocurrency
Yibin Xu and Yangyu Huang (Cardiff University, UK; Guilin University of Electronic Technology, China) A decade long thrive of cryptocurrency has shown its potential as a source of alternative-finance and the security and the robustness of the underpinning blockchain technology. However, most cryptocurrencies fail to show inimitability and their meanings in the real world. As a result, they usually start off as favourites but quickly become the outcasts of the digital asset market. The blockchain society attempts to anchor the value of cryptocurrency with real values by employing smart contracts and link it with computation resources and the digital-productivity that have value and demands in the real world. But their attempts have some undesirable effects due to a limited number of practical applications. This limitation is caused by the dilemma between high performance and decentralisation (universal joinability). The emerging of blockchain sharding models, however, has offered a possible solution to address this dilemma. In this paper, we explore a financial model for blockchain sharding that will build an active link between the value of cryptocurrency and computation resources as well as the market and labour behaviours. Our model can adjust the price of resources and the compensation for maintaining a system based on those behaviours. We anchor the value of cryptocurrency by the amount of computation resources participated in and give the cryptocurrency a meaning as the exchange between computation resources globally. Finally, we present a working example which, through financial regularities, regulates the behaviour of anonymous participants, also incents/discourages participation dynamically. @InProceedings{IWBOSE20p30, author = {Yibin Xu and Yangyu Huang}, title = {Anchoring the Value of Cryptocurrency}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {30--36}, doi = {}, year = {2020}, } |
|
Kaulgud, Vikrant |
IWBOSE '20: "Are Software Engineers Incentivized ..."
Are Software Engineers Incentivized Enough? An Outcome Based Incentive Framework using Tokens
Kapil Singi, Vikrant Kaulgud, R. P. Jagadeesh Chandra Bose, Swapnajeet Gon Choudhury, Sanjay Podder, and Adam P. Burden (Accenture Labs, India; Accenture, Singapore) Modern software delivery is characterized by several participants (e.g., crowd workers, vendors, in-house engineers etc.) contributing in a globally distributed manner. In recent times, there is also a growing emphasis on software to be built in a trustworthy, transparent, and auditable manner adhering to various policies and regulations. Traditional incentive mechanisms are confined only until the software development and deployment and are found lacking on three aspects: (a) they focus mostly on functional elements (b) they lack transparency and are not hyper-personalized, and (c) they are not outcome-based. In this paper, we propose a token based incentive mechanism using smart contracts that provides transparency to all stakeholders of a software and puts development quality, post deployment quality, product quality, and user feedback at the forefront. Our mechanism also has the potential advantage of contributors to be incentivized even if they move on to other projects within an organization. @InProceedings{IWBOSE20p37, author = {Kapil Singi and Vikrant Kaulgud and R. P. Jagadeesh Chandra Bose and Swapnajeet Gon Choudhury and Sanjay Podder and Adam P. Burden}, title = {Are Software Engineers Incentivized Enough? An Outcome Based Incentive Framework using Tokens}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {37--47}, doi = {}, year = {2020}, } |
|
Lunesu, Maria Ilaria |
IWBOSE '20: "ICO Evaluation Websites Analysis ..."
ICO Evaluation Websites Analysis
Maria Ilaria Lunesu and Omar Desogus (University of Cagliari, Italy) The evaluation websites of ICO (Initial coin offering) a way to raise funds for creating a new coin, app, or service launches, represent the main source where investors can find interesting information about their investments on one or more ICOs. In the last years many websites offered the possibility to evaluate ICOs. Among all, we chose 8 significant websites where rating, team, socials, platform, country and many other properties are shown for each ICO. These properties can be very helpful to figure out whether an ICO might be a good opportunity or a scam. Analyzing data found on ICOBench website using APIs, we found the same data for 7 other websites using the scraper. Then, we compared the gathered data in order to be able to define the quality of the evaluation websites regarding completeness and clarity of the shown information, finding several differences in rating parameters and ICO distribution. For this purpose we developed an ad-hoc scraping tool to collect in a common data structure the information shown in each website. Thanks to the data obtained with the tool we made interesting analysis, showing the differences between the ICO parameters of the different websites and defining completeness and clarity of the information. @InProceedings{IWBOSE20p48, author = {Maria Ilaria Lunesu and Omar Desogus}, title = {ICO Evaluation Websites Analysis}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {48--56}, doi = {}, year = {2020}, } |
|
Marchesi, Lodovica |
IWBOSE '20: "Design Patterns for Gas Optimization ..."
Design Patterns for Gas Optimization in Ethereum
Lodovica Marchesi, Michele Marchesi, Giuseppe Destefanis, Giulio Barabino, and Danilo Tigano (University of Cagliari, Italy; Brunel University London, UK; University of Genoa, Italy) Blockchain technology is an emerging technology that allows new forms of decentralized architectures, designed to generate trust among users, without the intervention of mediators or knowledge between the parties. Since 2015, thanks to the introduction of Smart Contracts by Ethereum, it is possible to run programs on the blockchain, greatly extending the potential of this technology. The programming of Smart Contract, through the Solidity language is different from the traditional one. First of all, any action that requires to modify the blockchain costs gas, which corresponds to a fraction of the currency used by that given blockchain, and therefore to real money. Gas optimization is a unique challenge in this context and has obvious implications. This document aims to provide a set of design patterns and tips to help gas saving in developing Smart Contracts on Ethereum. The provided patterns are presented divided into five main categories, based on their features. @InProceedings{IWBOSE20p9, author = {Lodovica Marchesi and Michele Marchesi and Giuseppe Destefanis and Giulio Barabino and Danilo Tigano}, title = {Design Patterns for Gas Optimization in Ethereum}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {9--15}, doi = {}, year = {2020}, } |
|
Marchesi, Michele |
IWBOSE '20: "Design Patterns for Gas Optimization ..."
Design Patterns for Gas Optimization in Ethereum
Lodovica Marchesi, Michele Marchesi, Giuseppe Destefanis, Giulio Barabino, and Danilo Tigano (University of Cagliari, Italy; Brunel University London, UK; University of Genoa, Italy) Blockchain technology is an emerging technology that allows new forms of decentralized architectures, designed to generate trust among users, without the intervention of mediators or knowledge between the parties. Since 2015, thanks to the introduction of Smart Contracts by Ethereum, it is possible to run programs on the blockchain, greatly extending the potential of this technology. The programming of Smart Contract, through the Solidity language is different from the traditional one. First of all, any action that requires to modify the blockchain costs gas, which corresponds to a fraction of the currency used by that given blockchain, and therefore to real money. Gas optimization is a unique challenge in this context and has obvious implications. This document aims to provide a set of design patterns and tips to help gas saving in developing Smart Contracts on Ethereum. The provided patterns are presented divided into five main categories, based on their features. @InProceedings{IWBOSE20p9, author = {Lodovica Marchesi and Michele Marchesi and Giuseppe Destefanis and Giulio Barabino and Danilo Tigano}, title = {Design Patterns for Gas Optimization in Ethereum}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {9--15}, doi = {}, year = {2020}, } |
|
Pierro, Giuseppe Antonio |
IWBOSE '20: "PASO: A Web-Based Parser for ..."
PASO: A Web-Based Parser for Solidity Language Analysis
Giuseppe Antonio Pierro and Roberto Tonelli (University of Cagliari, Italy) Smart Contracts are computer programs which implement and execute transactions and manage business logic on a decentralized public ledger. Smart Contracts can be written in different programming languages and for different Blockchains. Currently the most used language for Smart Contracts is Solidity and the most used platform is the Ethereum Blockchain. Assessing the quality of Smart Contract programs is an important task required to professional programmers, especially when a programming language has so powerful economic implications. It is therefore crucial to provide professional programmers with tools for the evaluation of Smart Contracts. In software engineering, software metrics has been defined and used to measure software quality and, more in general, to qualify software under the principle You Can’t Manage What You Don’t Measure. For the Solidity programming language there are only a few Standalone Applications to analyse the Smart Contract metrics. The aim of this paper is first to build a tool for the practical computation of a specific set of Solidity source code metrics, so that the set will be extensible in the future according also to Solidity compiler evolution, second to fully enable a web-based usage of the tool to access the metrics of the Solidity programming language. The tool, PASO, differently from the existing application, is able to give software metrics values for Smart Contracts written in Solidity programming language just using a web browser. @InProceedings{IWBOSE20p16, author = {Giuseppe Antonio Pierro and Roberto Tonelli}, title = {PASO: A Web-Based Parser for Solidity Language Analysis}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {16--21}, doi = {}, year = {2020}, } IWBOSE '20: "Are the Gas Prices Oracle ..." Are the Gas Prices Oracle Reliable? A Case Study using the EthGasStation Giuseppe Antonio Pierro, Henrique Rocha, Roberto Tonelli, and Stéphane Ducasse (University of Cagliari, Italy; University of Antwerp, Belgium; Inria, France) The Ethereum Blockchain is a distributed database that records all transactions and smart-contracts created on the platform. In Ethereum blockchain, the user needs to set a Gas price to get a transaction recorded. To have the transaction recorded, the Gas price has to be greater than or equal to the lowest Ethereum transaction fees. To help the users and smart contracts to set the right Gas price, the Gas Oracle categorizes the gas price into categories based on the interval of time the user might be willing to wait and for each of them suggests a gas price to set. The paper aims to verify the hypothesis that the predictions made by the EtherGasStation Oracle have a margin of error greater than the margin of error declared by it (2%). We collected data in two-months time from the EthGasStation Oracle which predict the Gas Price every time that 100 blocks are added to the Ethereum Blockchain. In the same time frame, two-months, we also collected over 10 million transactions from a Transaction Pool. By cross-checking the data collected by the Transaction Pool and the Gas Oracle, the study revealed that the Gas Oracle fails more often than it advertises. @InProceedings{IWBOSE20p1, author = {Giuseppe Antonio Pierro and Henrique Rocha and Roberto Tonelli and Stéphane Ducasse}, title = {Are the Gas Prices Oracle Reliable? A Case Study using the EthGasStation}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {1--8}, doi = {}, year = {2020}, } |
|
Podder, Sanjay |
IWBOSE '20: "Are Software Engineers Incentivized ..."
Are Software Engineers Incentivized Enough? An Outcome Based Incentive Framework using Tokens
Kapil Singi, Vikrant Kaulgud, R. P. Jagadeesh Chandra Bose, Swapnajeet Gon Choudhury, Sanjay Podder, and Adam P. Burden (Accenture Labs, India; Accenture, Singapore) Modern software delivery is characterized by several participants (e.g., crowd workers, vendors, in-house engineers etc.) contributing in a globally distributed manner. In recent times, there is also a growing emphasis on software to be built in a trustworthy, transparent, and auditable manner adhering to various policies and regulations. Traditional incentive mechanisms are confined only until the software development and deployment and are found lacking on three aspects: (a) they focus mostly on functional elements (b) they lack transparency and are not hyper-personalized, and (c) they are not outcome-based. In this paper, we propose a token based incentive mechanism using smart contracts that provides transparency to all stakeholders of a software and puts development quality, post deployment quality, product quality, and user feedback at the forefront. Our mechanism also has the potential advantage of contributors to be incentivized even if they move on to other projects within an organization. @InProceedings{IWBOSE20p37, author = {Kapil Singi and Vikrant Kaulgud and R. P. Jagadeesh Chandra Bose and Swapnajeet Gon Choudhury and Sanjay Podder and Adam P. Burden}, title = {Are Software Engineers Incentivized Enough? An Outcome Based Incentive Framework using Tokens}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {37--47}, doi = {}, year = {2020}, } |
|
Rocha, Henrique |
IWBOSE '20: "Are the Gas Prices Oracle ..."
Are the Gas Prices Oracle Reliable? A Case Study using the EthGasStation
Giuseppe Antonio Pierro, Henrique Rocha, Roberto Tonelli, and Stéphane Ducasse (University of Cagliari, Italy; University of Antwerp, Belgium; Inria, France) The Ethereum Blockchain is a distributed database that records all transactions and smart-contracts created on the platform. In Ethereum blockchain, the user needs to set a Gas price to get a transaction recorded. To have the transaction recorded, the Gas price has to be greater than or equal to the lowest Ethereum transaction fees. To help the users and smart contracts to set the right Gas price, the Gas Oracle categorizes the gas price into categories based on the interval of time the user might be willing to wait and for each of them suggests a gas price to set. The paper aims to verify the hypothesis that the predictions made by the EtherGasStation Oracle have a margin of error greater than the margin of error declared by it (2%). We collected data in two-months time from the EthGasStation Oracle which predict the Gas Price every time that 100 blocks are added to the Ethereum Blockchain. In the same time frame, two-months, we also collected over 10 million transactions from a Transaction Pool. By cross-checking the data collected by the Transaction Pool and the Gas Oracle, the study revealed that the Gas Oracle fails more often than it advertises. @InProceedings{IWBOSE20p1, author = {Giuseppe Antonio Pierro and Henrique Rocha and Roberto Tonelli and Stéphane Ducasse}, title = {Are the Gas Prices Oracle Reliable? A Case Study using the EthGasStation}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {1--8}, doi = {}, year = {2020}, } |
|
Samreen, Noama Fatima |
IWBOSE '20: "Reentrancy Vulnerability Identification ..."
Reentrancy Vulnerability Identification in Ethereum Smart Contracts
Noama Fatima Samreen and Manar H. Alalfi (Ryerson University, Canada) Ethereum Smart contracts use blockchain to transfer values among peers on networks without central agency. These programs are deployed on decentralized applications running on top of the blockchain consensus protocol to enable people make agreements in a transparent and conflict free environment. The security vulnerabilities within those smart contracts are a potential threat to the applications and have caused huge financial losses to their users. In this paper, we present a framework that combines static and dynamic analysis to detect Reentrancy vulnerabilities in Ethereum smart contracts. This framework generates an attacker contract based on the ABI specifications of smart contracts under test and analyzes the contract interaction to precisely report Reentrancy vulnerability. We conducted a preliminary evaluation of our proposed framework on 5 modified smart contracts from Etherscan and our framework was able to detect the Reentrancy vulnerability in all our modified contracts. Our framework analyzes smart contracts statically to identify potentially vulnerable functions and then uses dynamic analysis to precisely confirm Reentrancy vulnerability, thus achieving increased performance and reduced false positives. @InProceedings{IWBOSE20p22, author = {Noama Fatima Samreen and Manar H. Alalfi}, title = {Reentrancy Vulnerability Identification in Ethereum Smart Contracts}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {22--29}, doi = {}, year = {2020}, } |
|
Singi, Kapil |
IWBOSE '20: "Are Software Engineers Incentivized ..."
Are Software Engineers Incentivized Enough? An Outcome Based Incentive Framework using Tokens
Kapil Singi, Vikrant Kaulgud, R. P. Jagadeesh Chandra Bose, Swapnajeet Gon Choudhury, Sanjay Podder, and Adam P. Burden (Accenture Labs, India; Accenture, Singapore) Modern software delivery is characterized by several participants (e.g., crowd workers, vendors, in-house engineers etc.) contributing in a globally distributed manner. In recent times, there is also a growing emphasis on software to be built in a trustworthy, transparent, and auditable manner adhering to various policies and regulations. Traditional incentive mechanisms are confined only until the software development and deployment and are found lacking on three aspects: (a) they focus mostly on functional elements (b) they lack transparency and are not hyper-personalized, and (c) they are not outcome-based. In this paper, we propose a token based incentive mechanism using smart contracts that provides transparency to all stakeholders of a software and puts development quality, post deployment quality, product quality, and user feedback at the forefront. Our mechanism also has the potential advantage of contributors to be incentivized even if they move on to other projects within an organization. @InProceedings{IWBOSE20p37, author = {Kapil Singi and Vikrant Kaulgud and R. P. Jagadeesh Chandra Bose and Swapnajeet Gon Choudhury and Sanjay Podder and Adam P. Burden}, title = {Are Software Engineers Incentivized Enough? An Outcome Based Incentive Framework using Tokens}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {37--47}, doi = {}, year = {2020}, } |
|
Tigano, Danilo |
IWBOSE '20: "Design Patterns for Gas Optimization ..."
Design Patterns for Gas Optimization in Ethereum
Lodovica Marchesi, Michele Marchesi, Giuseppe Destefanis, Giulio Barabino, and Danilo Tigano (University of Cagliari, Italy; Brunel University London, UK; University of Genoa, Italy) Blockchain technology is an emerging technology that allows new forms of decentralized architectures, designed to generate trust among users, without the intervention of mediators or knowledge between the parties. Since 2015, thanks to the introduction of Smart Contracts by Ethereum, it is possible to run programs on the blockchain, greatly extending the potential of this technology. The programming of Smart Contract, through the Solidity language is different from the traditional one. First of all, any action that requires to modify the blockchain costs gas, which corresponds to a fraction of the currency used by that given blockchain, and therefore to real money. Gas optimization is a unique challenge in this context and has obvious implications. This document aims to provide a set of design patterns and tips to help gas saving in developing Smart Contracts on Ethereum. The provided patterns are presented divided into five main categories, based on their features. @InProceedings{IWBOSE20p9, author = {Lodovica Marchesi and Michele Marchesi and Giuseppe Destefanis and Giulio Barabino and Danilo Tigano}, title = {Design Patterns for Gas Optimization in Ethereum}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {9--15}, doi = {}, year = {2020}, } |
|
Tonelli, Roberto |
IWBOSE '20: "PASO: A Web-Based Parser for ..."
PASO: A Web-Based Parser for Solidity Language Analysis
Giuseppe Antonio Pierro and Roberto Tonelli (University of Cagliari, Italy) Smart Contracts are computer programs which implement and execute transactions and manage business logic on a decentralized public ledger. Smart Contracts can be written in different programming languages and for different Blockchains. Currently the most used language for Smart Contracts is Solidity and the most used platform is the Ethereum Blockchain. Assessing the quality of Smart Contract programs is an important task required to professional programmers, especially when a programming language has so powerful economic implications. It is therefore crucial to provide professional programmers with tools for the evaluation of Smart Contracts. In software engineering, software metrics has been defined and used to measure software quality and, more in general, to qualify software under the principle You Can’t Manage What You Don’t Measure. For the Solidity programming language there are only a few Standalone Applications to analyse the Smart Contract metrics. The aim of this paper is first to build a tool for the practical computation of a specific set of Solidity source code metrics, so that the set will be extensible in the future according also to Solidity compiler evolution, second to fully enable a web-based usage of the tool to access the metrics of the Solidity programming language. The tool, PASO, differently from the existing application, is able to give software metrics values for Smart Contracts written in Solidity programming language just using a web browser. @InProceedings{IWBOSE20p16, author = {Giuseppe Antonio Pierro and Roberto Tonelli}, title = {PASO: A Web-Based Parser for Solidity Language Analysis}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {16--21}, doi = {}, year = {2020}, } IWBOSE '20: "Are the Gas Prices Oracle ..." Are the Gas Prices Oracle Reliable? A Case Study using the EthGasStation Giuseppe Antonio Pierro, Henrique Rocha, Roberto Tonelli, and Stéphane Ducasse (University of Cagliari, Italy; University of Antwerp, Belgium; Inria, France) The Ethereum Blockchain is a distributed database that records all transactions and smart-contracts created on the platform. In Ethereum blockchain, the user needs to set a Gas price to get a transaction recorded. To have the transaction recorded, the Gas price has to be greater than or equal to the lowest Ethereum transaction fees. To help the users and smart contracts to set the right Gas price, the Gas Oracle categorizes the gas price into categories based on the interval of time the user might be willing to wait and for each of them suggests a gas price to set. The paper aims to verify the hypothesis that the predictions made by the EtherGasStation Oracle have a margin of error greater than the margin of error declared by it (2%). We collected data in two-months time from the EthGasStation Oracle which predict the Gas Price every time that 100 blocks are added to the Ethereum Blockchain. In the same time frame, two-months, we also collected over 10 million transactions from a Transaction Pool. By cross-checking the data collected by the Transaction Pool and the Gas Oracle, the study revealed that the Gas Oracle fails more often than it advertises. @InProceedings{IWBOSE20p1, author = {Giuseppe Antonio Pierro and Henrique Rocha and Roberto Tonelli and Stéphane Ducasse}, title = {Are the Gas Prices Oracle Reliable? A Case Study using the EthGasStation}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {1--8}, doi = {}, year = {2020}, } |
|
Xu, Yibin |
IWBOSE '20: "Anchoring the Value of Cryptocurrency ..."
Anchoring the Value of Cryptocurrency
Yibin Xu and Yangyu Huang (Cardiff University, UK; Guilin University of Electronic Technology, China) A decade long thrive of cryptocurrency has shown its potential as a source of alternative-finance and the security and the robustness of the underpinning blockchain technology. However, most cryptocurrencies fail to show inimitability and their meanings in the real world. As a result, they usually start off as favourites but quickly become the outcasts of the digital asset market. The blockchain society attempts to anchor the value of cryptocurrency with real values by employing smart contracts and link it with computation resources and the digital-productivity that have value and demands in the real world. But their attempts have some undesirable effects due to a limited number of practical applications. This limitation is caused by the dilemma between high performance and decentralisation (universal joinability). The emerging of blockchain sharding models, however, has offered a possible solution to address this dilemma. In this paper, we explore a financial model for blockchain sharding that will build an active link between the value of cryptocurrency and computation resources as well as the market and labour behaviours. Our model can adjust the price of resources and the compensation for maintaining a system based on those behaviours. We anchor the value of cryptocurrency by the amount of computation resources participated in and give the cryptocurrency a meaning as the exchange between computation resources globally. Finally, we present a working example which, through financial regularities, regulates the behaviour of anonymous participants, also incents/discourages participation dynamically. @InProceedings{IWBOSE20p30, author = {Yibin Xu and Yangyu Huang}, title = {Anchoring the Value of Cryptocurrency}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {30--36}, doi = {}, year = {2020}, } |
21 authors
proc time: 0.46