IWBOSE 2018 – Proceedings

2018 IEEE 1st International Workshop on Blockchain Oriented Software Engineering (IWBOSE)

Frontmatter

Keynote

Why Blockchain Is Important for Software Developers, and Why Software Engineering Is Important for Blockchain Software (Keynote)
Michele Marchesi
(University of Cagliari, Italy)
In the past few years, cryptocurrencies and blockchain applications has been one of the most rapidly emerging fields of computer science, leading to a strong demand of software applications. Several new projects have been emerging almost daily, with an impetus that was not seen since the days of the dawn of the Internet. However, the need of being timely on the market and the lack of experience in a brand new field led to epic disasters, such as those of DAO in 2016 and of Parity Ethereum wallet in 2017. Also, there have been several hacks successfully performed on cryptocurrency exchanges, the biggest being those of MtGox in 2014 (350 million US$), Bitfinex in 2016 (72 million US$), and Coincheck in 2017 (400 million US$). The application of sound SE practices to Blockchain software development, both for Smart Contract and generic Blockchain software, might be crucial to the success of this new field. Here the issues are the need for specific analysis and design methods, quality control through testing and metrics, security assessment and overall development process. At the same time, Blockchain development offers new opportunities, such as the certification of empirical data used for experiment; the ability to design processes where developers are paid upon completion of their tasks through Blockchain tokens, after acceptance tests performed using Smart Contracts; and more sound techniques enabling pay-per-use software, again using tokens.

@InProceedings{IWBOSE18p1, author = {Michele Marchesi}, title = {Why Blockchain Is Important for Software Developers, and Why Software Engineering Is Important for Blockchain Software (Keynote)}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {1--1}, doi = {}, year = {2018}, }

Smart Contracts

Smart Contracts: Security Patterns in the Ethereum Ecosystem and Solidity
Maximilian Wöhrer and Uwe Zdun
(University of Vienna, Austria)
Smart contracts that build up on blockchain technologies are receiving great attention in new business applications and the scientific community, because they allow untrusted parties to manifest contract terms in program code and thus eliminate the need for a trusted third party. The creation process of writing well performing and secure contracts in Ethereum, which is today’s most prominent smart contract platform, is a difficult task. Research on this topic has only recently started in industry and science. Based on an analysis of collected data with Grounded Theory techniques, we have elaborated several common security patterns, which we describe in detail on the basis of Solidity, the dominating programming language for Ethereum. The presented patterns describe solutions to typical security issues and can be applied by Solidity developers to mitigate typical attack scenarios.

@InProceedings{IWBOSE18p2, author = {Maximilian Wöhrer and Uwe Zdun}, title = {Smart Contracts: Security Patterns in the Ethereum Ecosystem and Solidity}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {2--8}, doi = {}, year = {2018}, }

SmartInspect: Solidity Smart Contract Inspector
Santiago Bragagnolo, Henrique Rocha, Marcus Denker, and Stéphane Ducasse
(Inria, France)
Solidity is a language used for smart contracts on the Ethereum blockchain. Smart contracts are embedded procedures stored with the data they act upon. Debugging smart contracts is a really difficult task since once deployed, the code cannot be re-executed and inspecting a simple attribute is not easily possible because data is encoded. In this paper, we address the lack of inspectability of a deployed contract by analyzing contract state using decompilation techniques driven by the contract structure definition. Our solution, SmartInspect, also uses a mirror-based architecture to represent locally object responsible for the interpretation of the contract state. SmartInspect allows contract developers to better visualize and understand the contract stored state without needing to redeploy, nor develop any ad-hoc code.

@InProceedings{IWBOSE18p9, author = {Santiago Bragagnolo and Henrique Rocha and Marcus Denker and Stéphane Ducasse}, title = {SmartInspect: Solidity Smart Contract Inspector}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {9--18}, doi = {}, year = {2018}, } Info

Smart Contracts Vulnerabilities: A Call for Blockchain Software Engineering?
Giuseppe Destefanis, Michele Marchesi, Marco Ortu, Roberto Tonelli, Andrea Bracciali, and Robert Hierons
(University of Hertfordshire, UK; University of Cagliari, Italy; University of Stirling, UK; Brunel University London, UK)
Smart Contracts have gained tremendous popularity in the past few years, to the point that billions of US Dollars are currently exchanged every day through such technology. However, since the release of the Frontier network of Ethereum in 2015, there have been many cases in which the execution of Smart Contracts managing Ether coins has led to problems or conflicts. Compared to traditional Software Engineering, a discipline of Smart Contract and Blockchain programming, with standardized best practices that can help solve the mentioned problems and conflicts, is not yet sufficiently developed. Furthermore, Smart Contracts rely on a non-standard software life-cycle, according to which, for instance, delivered applications can hardly be updated or bugs resolved by releasing a new version of the software.
In this paper we advocate the need for a discipline of Blockchain Software Engineering, addressing the issues posed by smart contract programming and other applications running on blockchains. We analyse a case of study where a bug discovered in a Smart Contract library, and perhaps “unsafe” programming, allowed an attack on Parity, a wallet application, causing the freezing of about 500K Ethers (about 150M USD, in November 2017). In this study we analyze the source code of Parity and the library, and discuss how recognised best practices could mitigate, if adopted and adapted, such detrimental software misbehavior. We also reflect on the specificity of Smart Contract software development, which makes some of the existing approaches insufficient, and call for the definition of a specific Blockchain Software Engineering.  

@InProceedings{IWBOSE18p19, author = {Giuseppe Destefanis and Michele Marchesi and Marco Ortu and Roberto Tonelli and Andrea Bracciali and Robert Hierons}, title = {Smart Contracts Vulnerabilities: A Call for Blockchain Software Engineering?}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {19--25}, doi = {}, year = {2018}, }

ICOs and Blockchain

The ICO Phenomenon and Its Relationships with Ethereum Smart Contract Environment
Gianni Fenu, Lodovica Marchesi, Michele Marchesi, and Roberto Tonelli
(University of Cagliari, Italy)
Initial Coin Offerings (ICO) are public offers of new cryptocurrencies in exchange of existing ones, aimed to finance projects in the blockchain development arena. In the last 8 months of 2017, the total amount gathered by ICOs exceeded 4 billion US$, and overcame the venture capital funnelled toward high tech initiatives in the same period. A high percentage of ICOs is managed through Smart Contracts running on Ethereum blockchain, and in particular to ERC-20 Token Standard Contract. In this work we examine 1387 ICOs, published on December 31, 2017 on icobench.com website, gathering information relevant to the assessment of their quality and software development management, including data on their development teams. We also study, at the same date, the financial data of 450 ICO tokens available on coinmarketcap.com website, among which 355 tokens are managed on Ethereum blochain. We define success criteria for the ICOs, based on the funds actually gathered, and on the behavior of the price of the related tokens, finding the factors that most likely influence the ICO success likeliness.

@InProceedings{IWBOSE18p26, author = {Gianni Fenu and Lodovica Marchesi and Michele Marchesi and Roberto Tonelli}, title = {The ICO Phenomenon and Its Relationships with Ethereum Smart Contract Environment}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {26--32}, doi = {}, year = {2018}, }

Evaluation of Initial Cryptoasset Offerings: The State of the Practice
Felix Hartmann, Xiaofeng Wang, and Maria Ilaria Lunesu
(Free University of Bolzano, Italy; University of Cagliari, Italy)
Initial Cryptoasset Offering (ICO), also often called Initial Coin Offering or Initial Token Offering (ITO) is a new means of fundraising through blockchain technology, which allows startups to raise large amounts of funds from the crowd in an unprecedented speed. However it is not easy for ordinary investors to distinguish genuine fundraising activities through ICOs from scams. Different websites that gather and evaluate ICOs at different stages have emerged as a solution to this issue. What remains unclear is how these websites are evaluating ICOs, and consequently how reliable and credible their evaluations are. In this paper we present the first findings of an analysis of a set of 28 ICO evaluation websites, aiming at revealing the state of the practice in terms of ICO evaluation. Key information about ICOs collected by these websites are categorised, and key factors that differentiate the evaluation mechanisms employed by these evaluation websites are identified. The findings of our study could help a better understanding of what entails to properly evaluate ICOs. It is also a first step towards discovering the key success factors of ICOs.

@InProceedings{IWBOSE18p33, author = {Felix Hartmann and Xiaofeng Wang and Maria Ilaria Lunesu}, title = {Evaluation of Initial Cryptoasset Offerings: The State of the Practice}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {33--39}, doi = {}, year = {2018}, }

Checking Laws of the Blockchain with Property-Based Testing
Alexander Chepurnoy and Mayank Rathee
(Ergo Platform, Russia; IOHK Research, Russia; IIT Varanasi, India; Banaras Hindu University, India)
Inspired by the success of Bitcoin, many clients for the Bitcoin protocol as well as for alternative blockchain protocols have been implemented. However, implementations may contain errors, and the cost of an error in the case of a cryptocurrency can be extremely high.
We propose to tackle this problem with a suite of abstract property tests that check whether a blockchain system satisfies laws that most blockchain and blockchain-like systems should satisfy. To test a new blockchain system, its developers need to instantiate generators of random objects to be used by the tests. The test suite then checks the satisfaction of the laws over many random cases. We provide examples of laws in the paper.

@InProceedings{IWBOSE18p40, author = {Alexander Chepurnoy and Mayank Rathee}, title = {Checking Laws of the Blockchain with Property-Based Testing}, booktitle = {Proc.\ IWBOSE}, publisher = {IEEE}, pages = {40--47}, doi = {}, year = {2018}, }

proc time: 0.17