Full Program »
Characterizing the cost of introducing secure programming practices and patters in Ethereum
Ethereum is blockchain-based platform which enables the development and deployment of smart contracts. Smart contracts are computer programs that provide automation for the governance of decentralized autonomous organizations (DAO). However, while the Blockchain technology is secure, smart contracts are only as secure as the programmers has designed it to be. Therefore, smart contract exposes vulnerabilities that can be exploited by attackers and threaten the viability of the DAOs. This study presents a case study which investigated how security programming practices and patterns from other programming languages can be applied in Solidity – Ethereum programming language. We have characterized the cost of introducing these practices and pattern. We identified 30 security programming practices and patterns from C++, JAVA which can be applicable to Solidity and implemented ten in a representative smart contract. The results show that the application of the ten security practices and patterns identified and implemented increases the cost of the smart contract (when compared to the baseline). Furthermore, we argue that this difference is not significant and should not deter any programmers into introducing the security practices and patterns into their smart contracts.