SANER 2018 Workshops
Workshops of the 2018 IEEE 25th International Conference on Software Analysis, Evolution, and Reengineering (SANER)
Powered by
Conference Publishing Consulting

2018 IEEE 1st International Workshop on Blockchain Oriented Software Engineering (IWBOSE), March 20, 2018, Campobasso, Italy

IWBOSE 2018 – Proceedings

Contents - Abstracts - Authors

2018 IEEE 1st International Workshop on Blockchain Oriented Software Engineering (IWBOSE)


Title Page

Message from the Chairs
The workshop aims at gathering together researchers from the academia and from the industry to focus on the new challenges posed by the new software technology supporting the various Blockchains infrastructure. The Workshop’s goal is to gather together practitioners and researchers to discuss on progresses on the research and on the practical usage of Blockchain technologies and smart contracts, focusing on the application and definition of software engineering principles and practices specific for such software technology, and for the technologies relying on it. Motivations for this workshop are the ever-increasing interest both in the research community and in the industry on Blockchain and smart contracts principles and applications, being the management of cryptocurrencies the most popular topic. These novelties call for specific tools, paradigms, principles, approaches and research to deal with it and for a specific Blockchain Oriented Software Engineering (BOSE)


Why Blockchain Is Important for Software Developers, and Why Software Engineering Is Important for Blockchain Software (Keynote)
Michele Marchesi
(University of Cagliari, Italy)
In the past few years, cryptocurrencies and blockchain applications has been one of the most rapidly emerging fields of computer science, leading to a strong demand of software applications. Several new projects have been emerging almost daily, with an impetus that was not seen since the days of the dawn of the Internet. However, the need of being timely on the market and the lack of experience in a brand new field led to epic disasters, such as those of DAO in 2016 and of Parity Ethereum wallet in 2017. Also, there have been several hacks successfully performed on cryptocurrency exchanges, the biggest being those of MtGox in 2014 (350 million US$), Bitfinex in 2016 (72 million US$), and Coincheck in 2017 (400 million US$). The application of sound SE practices to Blockchain software development, both for Smart Contract and generic Blockchain software, might be crucial to the success of this new field. Here the issues are the need for specific analysis and design methods, quality control through testing and metrics, security assessment and overall development process. At the same time, Blockchain development offers new opportunities, such as the certification of empirical data used for experiment; the ability to design processes where developers are paid upon completion of their tasks through Blockchain tokens, after acceptance tests performed using Smart Contracts; and more sound techniques enabling pay-per-use software, again using tokens.

Article Search

Smart Contracts

Smart Contracts: Security Patterns in the Ethereum Ecosystem and Solidity
Maximilian Wöhrer and Uwe Zdun
(University of Vienna, Austria)
Smart contracts that build up on blockchain technologies are receiving great attention in new business applications and the scientific community, because they allow untrusted parties to manifest contract terms in program code and thus eliminate the need for a trusted third party. The creation process of writing well performing and secure contracts in Ethereum, which is today’s most prominent smart contract platform, is a difficult task. Research on this topic has only recently started in industry and science. Based on an analysis of collected data with Grounded Theory techniques, we have elaborated several common security patterns, which we describe in detail on the basis of Solidity, the dominating programming language for Ethereum. The presented patterns describe solutions to typical security issues and can be applied by Solidity developers to mitigate typical attack scenarios.

Article Search
SmartInspect: Solidity Smart Contract Inspector
Santiago Bragagnolo, Henrique Rocha, Marcus Denker, and Stéphane Ducasse
(Inria, France)
Solidity is a language used for smart contracts on the Ethereum blockchain. Smart contracts are embedded procedures stored with the data they act upon. Debugging smart contracts is a really difficult task since once deployed, the code cannot be re-executed and inspecting a simple attribute is not easily possible because data is encoded. In this paper, we address the lack of inspectability of a deployed contract by analyzing contract state using decompilation techniques driven by the contract structure definition. Our solution, SmartInspect, also uses a mirror-based architecture to represent locally object responsible for the interpretation of the contract state. SmartInspect allows contract developers to better visualize and understand the contract stored state without needing to redeploy, nor develop any ad-hoc code.

Article Search Info
Smart Contracts Vulnerabilities: A Call for Blockchain Software Engineering?
Giuseppe Destefanis, Michele Marchesi, Marco Ortu, Roberto Tonelli, Andrea Bracciali, and Robert Hierons
(University of Hertfordshire, UK; University of Cagliari, Italy; University of Stirling, UK; Brunel University London, UK)
Smart Contracts have gained tremendous popularity in the past few years, to the point that billions of US Dollars are currently exchanged every day through such technology. However, since the release of the Frontier network of Ethereum in 2015, there have been many cases in which the execution of Smart Contracts managing Ether coins has led to problems or conflicts. Compared to traditional Software Engineering, a discipline of Smart Contract and Blockchain programming, with standardized best practices that can help solve the mentioned problems and conflicts, is not yet sufficiently developed. Furthermore, Smart Contracts rely on a non-standard software life-cycle, according to which, for instance, delivered applications can hardly be updated or bugs resolved by releasing a new version of the software.
In this paper we advocate the need for a discipline of Blockchain Software Engineering, addressing the issues posed by smart contract programming and other applications running on blockchains. We analyse a case of study where a bug discovered in a Smart Contract library, and perhaps “unsafe” programming, allowed an attack on Parity, a wallet application, causing the freezing of about 500K Ethers (about 150M USD, in November 2017). In this study we analyze the source code of Parity and the library, and discuss how recognised best practices could mitigate, if adopted and adapted, such detrimental software misbehavior. We also reflect on the specificity of Smart Contract software development, which makes some of the existing approaches insufficient, and call for the definition of a specific Blockchain Software Engineering.  

Article Search

ICOs and Blockchain

The ICO Phenomenon and Its Relationships with Ethereum Smart Contract Environment
Gianni Fenu, Lodovica Marchesi, Michele Marchesi, and Roberto Tonelli
(University of Cagliari, Italy)
Initial Coin Offerings (ICO) are public offers of new cryptocurrencies in exchange of existing ones, aimed to finance projects in the blockchain development arena. In the last 8 months of 2017, the total amount gathered by ICOs exceeded 4 billion US$, and overcame the venture capital funnelled toward high tech initiatives in the same period. A high percentage of ICOs is managed through Smart Contracts running on Ethereum blockchain, and in particular to ERC-20 Token Standard Contract. In this work we examine 1387 ICOs, published on December 31, 2017 on website, gathering information relevant to the assessment of their quality and software development management, including data on their development teams. We also study, at the same date, the financial data of 450 ICO tokens available on website, among which 355 tokens are managed on Ethereum blochain. We define success criteria for the ICOs, based on the funds actually gathered, and on the behavior of the price of the related tokens, finding the factors that most likely influence the ICO success likeliness.

Article Search
Evaluation of Initial Cryptoasset Offerings: The State of the Practice
Felix Hartmann, Xiaofeng Wang, and Maria Ilaria Lunesu
(Free University of Bolzano, Italy; University of Cagliari, Italy)
Initial Cryptoasset Offering (ICO), also often called Initial Coin Offering or Initial Token Offering (ITO) is a new means of fundraising through blockchain technology, which allows startups to raise large amounts of funds from the crowd in an unprecedented speed. However it is not easy for ordinary investors to distinguish genuine fundraising activities through ICOs from scams. Different websites that gather and evaluate ICOs at different stages have emerged as a solution to this issue. What remains unclear is how these websites are evaluating ICOs, and consequently how reliable and credible their evaluations are. In this paper we present the first findings of an analysis of a set of 28 ICO evaluation websites, aiming at revealing the state of the practice in terms of ICO evaluation. Key information about ICOs collected by these websites are categorised, and key factors that differentiate the evaluation mechanisms employed by these evaluation websites are identified. The findings of our study could help a better understanding of what entails to properly evaluate ICOs. It is also a first step towards discovering the key success factors of ICOs.

Article Search
Checking Laws of the Blockchain with Property-Based Testing
Alexander Chepurnoy and Mayank Rathee
(Ergo Platform, Russia; IOHK Research, Russia; IIT Varanasi, India; Banaras Hindu University, India)
Inspired by the success of Bitcoin, many clients for the Bitcoin protocol as well as for alternative blockchain protocols have been implemented. However, implementations may contain errors, and the cost of an error in the case of a cryptocurrency can be extremely high.
We propose to tackle this problem with a suite of abstract property tests that check whether a blockchain system satisfies laws that most blockchain and blockchain-like systems should satisfy. To test a new blockchain system, its developers need to instantiate generators of random objects to be used by the tests. The test suite then checks the satisfaction of the laws over many random cases. We provide examples of laws in the paper.

Article Search

proc time: 1.32